CerynixGovernance · Evidence · Resilience
Platform Pricing Security Sign in

Legal

Privacy Policy

Version 0.1 (draft) · GDPR Art. 13/14 · Last updated [DATE].

⚠️ Draft — pending legal review. This privacy notice is a working draft. Bracketed [placeholders] (registration number, address, dates, contact address) must be completed and the whole document reviewed by qualified Latvian data-protection counsel before it is relied upon or published as binding.
1. Controller 2. Data & sources 3. Purposes & bases 4. Recipients 5. Transfers 6. Retention 7. Your rights 8. Cookies 9. Security 10. Changes

1. Who we are (controller)

Andrejs Sevcenko, an individual established in Latvia (contact address [___]), is the controller of the personal data described here. Contact: [[email protected]]. This notice covers personal data where Andrejs Sevcenko is the controller (website visitors, leads, account holders, correspondence). For Customer Content processed on behalf of customers we act as a processor — see the Data Processing Agreement.

2. What personal data we process, and sources

As controller:

  • Lead / enquiry data — name, work email, organisation, message — when you contact us or request access. Source: you.
  • Account data — name, work email, organisation, role, authentication data — when an account is created. Source: you / your organisation.
  • Correspondence — emails and support messages you send us.
  • Technical / usage data — IP address, timestamps, security / audit logs needed to operate and secure our website and Service. Source: automatically, via hosting / edge infrastructure (Hetzner, Cloudflare).

We do not sell personal data, do not use it for advertising profiling, and do not use Customer Content to train third-party AI models.

3. Purposes & lawful bases [Art. 6]

PurposeLawful basis
Respond to enquiries; manage the pre-sales relationshipLegitimate interests (Art. 6(1)(f)) / steps prior to a contract (6(1)(b))
Provide, secure and maintain accounts and the ServicePerformance of a contract (6(1)(b))
Secure our systems, prevent abuse, keep audit logsLegitimate interests (6(1)(f))
Send optional marketing / product updates [if any]Consent (6(1)(a)), withdrawable at any time
Comply with legal obligations (e.g. accounting)Legal obligation (6(1)(c))

4. Recipients & sub-processors

We share personal data only with service providers that help us run the website and Service, under contracts requiring appropriate safeguards: Hetzner (EU / Germany hosting) and Cloudflare (CDN / edge / TLS). The current list is on our Sub-processors page. We may disclose data where required by law. We do not otherwise share personal data with third parties.

5. International transfers [Ch. V]

Our hosting is in the EU (Germany). Where a provider (e.g. Cloudflare) processes data outside the EEA, we rely on appropriate safeguards — the European Commission's Standard Contractual Clauses and/or the EU–US Data Privacy Framework. See the Sub-processors page.

6. Retention

We keep personal data only as long as necessary for the purposes above and any legal retention period, then delete or anonymise it: leads [e.g. up to 24 months if no contract]; account data for the life of the account plus [e.g. 90 days]; logs [e.g. up to 12 months]; accounting records per statutory periods. Service content is retained per your organisation's agreement (see the DPA).

7. Your rights [Arts. 15–22]

Subject to law, you may request access, rectification, erasure, restriction, portability, and object to processing based on legitimate interests; where we rely on consent, you may withdraw it at any time. To exercise rights, contact [[email protected]]. For personal data contained in Customer Content, contact the organisation that controls it (we assist as processor). You may lodge a complaint with the Latvian supervisory authority, the Data State Inspectorate (Datu valsts inspekcija), [dvi.gov.lv], or your local authority.

8. Cookies & tracking

The marketing site (cerynix.com) is a fully static site with no analytics, no advertising and no tracking cookies (its content-security policy blocks scripts: script-src 'none'). The application (app.cerynix.com) uses only strictly necessary cookies / tokens for authentication and session management, which do not require consent.

9. Security

We apply measures appropriate to the risk, including multi-tenant isolation, role-based access control, encryption of connector secrets at rest, tamper-evident audit logging, and a hardened network edge. No system is perfectly secure; we work to reduce and respond to risk. We claim no certification we do not hold.

10. Changes & contact

We may update this policy; material changes will be posted here with a new version and date. Questions: [[email protected]].

© 2026 Andrejs Sevcenko. All rights reserved. HomePricingPrivacyTermsDPASubprocessorsContact

Cerynix supports your NIS2, ISO/IEC 27001 and GDPR readiness. It is not legal advice and does not guarantee compliance or certification. This page is a draft pending review by qualified counsel.