Legal
Privacy Policy
1. Who we are (controller)
Andrejs Sevcenko, an individual established in Latvia (contact address [___]), is the controller of the personal data described here. Contact: [[email protected]]. This notice covers personal data where Andrejs Sevcenko is the controller (website visitors, leads, account holders, correspondence). For Customer Content processed on behalf of customers we act as a processor — see the Data Processing Agreement.
2. What personal data we process, and sources
As controller:
- Lead / enquiry data — name, work email, organisation, message — when you contact us or request access. Source: you.
- Account data — name, work email, organisation, role, authentication data — when an account is created. Source: you / your organisation.
- Correspondence — emails and support messages you send us.
- Technical / usage data — IP address, timestamps, security / audit logs needed to operate and secure our website and Service. Source: automatically, via hosting / edge infrastructure (Hetzner, Cloudflare).
We do not sell personal data, do not use it for advertising profiling, and do not use Customer Content to train third-party AI models.
3. Purposes & lawful bases [Art. 6]
| Purpose | Lawful basis |
|---|---|
| Respond to enquiries; manage the pre-sales relationship | Legitimate interests (Art. 6(1)(f)) / steps prior to a contract (6(1)(b)) |
| Provide, secure and maintain accounts and the Service | Performance of a contract (6(1)(b)) |
| Secure our systems, prevent abuse, keep audit logs | Legitimate interests (6(1)(f)) |
| Send optional marketing / product updates [if any] | Consent (6(1)(a)), withdrawable at any time |
| Comply with legal obligations (e.g. accounting) | Legal obligation (6(1)(c)) |
4. Recipients & sub-processors
We share personal data only with service providers that help us run the website and Service, under contracts requiring appropriate safeguards: Hetzner (EU / Germany hosting) and Cloudflare (CDN / edge / TLS). The current list is on our Sub-processors page. We may disclose data where required by law. We do not otherwise share personal data with third parties.
5. International transfers [Ch. V]
Our hosting is in the EU (Germany). Where a provider (e.g. Cloudflare) processes data outside the EEA, we rely on appropriate safeguards — the European Commission's Standard Contractual Clauses and/or the EU–US Data Privacy Framework. See the Sub-processors page.
6. Retention
We keep personal data only as long as necessary for the purposes above and any legal retention period, then delete or anonymise it: leads [e.g. up to 24 months if no contract]; account data for the life of the account plus [e.g. 90 days]; logs [e.g. up to 12 months]; accounting records per statutory periods. Service content is retained per your organisation's agreement (see the DPA).
7. Your rights [Arts. 15–22]
Subject to law, you may request access, rectification, erasure, restriction, portability, and object to processing based on legitimate interests; where we rely on consent, you may withdraw it at any time. To exercise rights, contact [[email protected]]. For personal data contained in Customer Content, contact the organisation that controls it (we assist as processor). You may lodge a complaint with the Latvian supervisory authority, the Data State Inspectorate (Datu valsts inspekcija), [dvi.gov.lv], or your local authority.
8. Cookies & tracking
The marketing site (cerynix.com) is a
fully static site with no analytics, no advertising and no tracking
cookies (its content-security policy blocks scripts:
script-src 'none'). The application
(app.cerynix.com) uses only strictly
necessary cookies / tokens for authentication and session management, which
do not require consent.
9. Security
We apply measures appropriate to the risk, including multi-tenant isolation, role-based access control, encryption of connector secrets at rest, tamper-evident audit logging, and a hardened network edge. No system is perfectly secure; we work to reduce and respond to risk. We claim no certification we do not hold.
10. Changes & contact
We may update this policy; material changes will be posted here with a new version and date. Questions: [[email protected]].