This policy applies to Security Pulse Daily and complies with GDPR / DSGVO requirements.
1. Data Controller
Security Pulse Daily operates as the data controller for personal data collected through this platform. Contact: privacy@securitypulsedaily.com
2. Data We Collect
- Account data: Email address, name, hashed password
- Organization data: Organization name, subscription plan
- Usage data: Login timestamps, feature usage (audit logs)
- Payment data: Billing is handled by Stripe — we do not store card details
- Preferences: Language, timezone, alert settings, watchlists
3. Legal Basis (GDPR)
- Contract performance (Art. 6(1)(b) GDPR) — for account and subscription management
- Legitimate interest (Art. 6(1)(f) GDPR) — for security and fraud prevention
- Consent (Art. 6(1)(a) GDPR) — for email marketing (opt-in only)
4. Data Retention
Account data is retained for the duration of the subscription plus 90 days after cancellation. Audit logs are retained for 12 months. You may request earlier deletion at any time.
5. Third-Party Services
- Stripe — Payment processing (Stripe Privacy Policy applies)
- Resend — Transactional email delivery
- Vercel — Hosting infrastructure
6. Your Rights (GDPR)
Under GDPR, you have the right to:
- Access your personal data
- Rectify inaccurate data
- Erase your data ("right to be forgotten")
- Restrict processing
- Data portability
- Object to processing
- Lodge a complaint with a supervisory authority
To exercise these rights, contact: privacy@securitypulsedaily.com
7. Data Security
Passwords are hashed using bcrypt. All data is transmitted over HTTPS. API keys are stored as cryptographic hashes. We implement role-based access control and organization-level data isolation.
8. Cookies
We use session cookies for authentication (NextAuth.js). No advertising or tracking cookies are used.