Privacy Policy

We value your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our websites, services, and applications (the "Services").

Information We Collect
1. Personal Information: Includes data such as your name, email address, phone number, company name, address, and payment details.
2. Usage Data: Includes data related to your interactions with our Services, such as IP address, browser type, and pages visited.
3. Billing and Business Information: If you use our document template feature, we may collect your billing details, including company name, legal address, tax identification number, and payment details necessary for processing transactions.
How We Use Your Information and Legal Bases We process your personal data only when we have a valid legal basis under the GDPR. Your information is used for the following purposes:
1. Providing and improving the Services: Necessary for the performance of our contract with you (Art. 6(1)(b) GDPR).
2. Communicating with you: Necessary for the performance of our contract with you regarding updates or account management (Art. 6(1)(b) GDPR).
3. Analyzing usage patterns: Based on our legitimate interest to improve our service performance and user experience (Art. 6(1)(f) GDPR), or your consent where required.
4. Ensuring security and integrity: Based on our legitimate interest to detect and prevent fraud, unauthorized access, and malicious activity (Art. 6(1)(f) GDPR).
5. Facilitating document generation and payment processing: Necessary for the performance of our contract with you (Art. 6(1)(b) GDPR) and to comply with legal tax/accounting obligations (Art. 6(1)(c) GDPR).
Cookies
1. We use cookies and similar technologies to enhance your experience and improve our Services. For detailed information about the types of cookies we use, how we obtain your prior consent, and how you can manage them, please see our configo.org/docs/legal/cookies.
Data Sharing and Disclosure
1. We do not sell or rent your personal data to third parties. However, we may share information with trusted third-party service providers for operational purposes, such as hosting, payment processing, security, or analytics. These providers act as data processors and are bound by strict contractual obligations (Data Processing Agreements).
2. We use Cloudflare, Inc. to provide security, DNS resolution, and content delivery network (CDN) services. Certain technical data (such as your IP address, request information, and device/browser details) may be processed by Cloudflare in order to ensure availability, performance, and protection against malicious activity. Cloudflare acts as our data processor and processes this data strictly on our behalf and in accordance with our instructions. For more information, please see Cloudflare’s Privacy Policy: https://www.cloudflare.com/privacypolicy/.
3. For processing payments and generating documents, we may share necessary billing details with trusted payment service providers.
4. We may also disclose your information when required by law or to protect our rights or the safety of others.
Data Security
1. We implement appropriate technical and organizational security measures to protect your personal data from unauthorized access, loss, or disclosure. However, no data transmission over the internet is completely secure, and we cannot guarantee the absolute security of your information.
2. Our security infrastructure is supported by Cloudflare’s protective services (including DDoS mitigation, firewall, and encrypted DNS), which help safeguard your data while using our Services.
International Data Transfers
1. Where Cloudflare services or other third-party providers involve transfers of personal data outside the European Economic Area (EEA), such transfers are safeguarded by Standard Contractual Clauses (SCCs) approved by the European Commission and/or the provider's participation in the EU–US Data Privacy Framework. Cloudflare does not sell personal data and only retains logs for a limited period necessary to provide security and service functionality.
Data Retention
1. We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including during the period of your active account. We may retain certain operational, transactional, or financial records for longer periods if required to comply with statutory legal, tax, or accounting obligations ( typically 5 to 10 years depending on jurisdiction).
Your Rights (GDPR)
1. If you are located in the European Union or European Economic Area (EEA), you have the following rights under the GDPR regarding your personal data:
  - Right of access: You can request a copy of the personal data we hold about you.
  - Right to rectification: You can request that we correct inaccurate or incomplete data.
  - Right to erasure ("Right to be forgotten"): You can request that we delete your personal data under certain conditions.
  - Right to restriction of processing: You can request that we limit how we process your data.
  - Right to data portability: You can request a transfer of your data to another organization or directly to you in a structured, machine-readable format.
  - Right to object: You can object to the processing of your data based on legitimate interests or for direct marketing.
  - Right to withdraw consent: If we process data based on your consent, you can withdraw it at any time.
2. To exercise any of these rights, please contact us. You also have the right to lodge a complaint with a Data Protection Authority (DPA) in the EU if you believe our processing violates the GDPR.
Children's Privacy
1. Our Services are not intended for children under 16, and we do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately.
Changes to This Privacy Policy
1. We may update this Privacy Policy from time to time. Any changes will be posted on this page, and we will notify you of significant changes via email or through our Services.