This Privacy Policy explains how ClearSecurity Vision S.R.L. ("Company", "we", "us"), registered office at Feleacu 24F, Cluj-Napoca, Romania, CUI 32776248, Registered in the Romanian Trade Register under number J12/420/2014, collects, uses, and protects your personal data when you use CERTO ("Service").
We are committed to GDPR compliance as data controller under Regulation (EU) 2016/679.
| Category | Data | Purpose |
|---|---|---|
| Account | Email address, password (hashed) | Authentication |
| Organization profile | Company name, CUI, sector, contacts | Compliance documentation |
| Compliance data | Incidents, risks, audits, vendors, gap assessments | Service functionality |
| Billing | Subscription status (no card data stored by us) | Access control |
| Usage | Activity logs within the platform | Audit trail, service improvement |
We do not collect payment card data — this is handled entirely by our payment processor (Paddle).
All data is stored in the Supabase EU West data center, within the European Union. Data is encrypted in transit (TLS 1.3) and at rest. Access is restricted to your organization only via Row Level Security (RLS).
We do not sell your data. We share data only with the following sub-processors, all operating under GDPR-compliant terms:
Full list with data categories and regions is available at /subprocessors.html.
We retain your data for as long as your account is active. Upon account deletion, your data is permanently deleted within 30 days, except where retention is required by law (e.g., billing records retained for 5 years per Romanian accounting law).
As a data subject, you have the right to:
To exercise any of these rights, contact us at support@clearsecurity.vision. We will respond within 30 days.
You also have the right to lodge a complaint with the Romanian Data Protection Authority (ANSPDCP) at www.dataprotection.ro.
The CERTO application uses only functional cookies necessary for authentication (session management). We do not use tracking, advertising, or analytics cookies.
We may update this Privacy Policy and will notify you by email at least 14 days before material changes take effect.
Data protection inquiries: support@clearsecurity.vision