Brantics
Commencer gratuitement
Légal

Confidentialité

Dernière mise à jour: 2026-04-20

1. Who we are

Brantics is operated from Romania. For data protection purposes, we are the controller of your personal data. Contact: privacy@brantics.com.

2. Data we collect

  • Account data: email, password hash, full name (optional), preferred language, referral code, timestamps.
  • Billing data: Stripe customer ID, subscription status, current period end. Card details are held by Stripe — we never see or store them.
  • Scan data: domains you submit, scores, findings, AI recommendations, scan timestamps.
  • Usage data: IP address (for rate limiting and abuse prevention), A/B testing visitor ID cookie, browser user-agent.

3. Why we process it

  • Provide the Service (contract, art. 6(1)(b) GDPR).
  • Send transactional email (contract).
  • Comply with legal obligations such as tax records (legal obligation).
  • Product analytics and A/B testing (legitimate interest, minimized via pseudonymous visitor IDs).

4. Sub-processors

We use a small set of vendors under GDPR-compliant DPAs:

  • Stripe (payments)
  • Resend (transactional email)
  • Anthropic (AI recommendations — scan findings only, no personal data)
  • DataForSEO (SEO data)
  • Our hosting provider for EU-located servers

5. Retention

Account and scan data are retained while your account is active and for up to 24 months after deletion, unless a longer retention is required by law (e.g. billing records — 10 years). Server logs are rotated within 30 days.

6. Your rights

Under GDPR you have the right to access, rectify, erase, restrict, port, and object to the processing of your personal data. You may also withdraw consent where processing is based on consent. To exercise any of these rights, email privacy@brantics.com. You may also lodge a complaint with the Romanian supervisory authority (ANSPDCP) or the authority in your country of residence.

7. International transfers

Some sub-processors may process data outside the EU/EEA. We rely on Standard Contractual Clauses and adequacy decisions where applicable.

8. Security

Passwords are hashed with bcrypt, sessions are signed JWT stored in httpOnly cookies, database credentials are encrypted, and all traffic is over TLS. Access to production is restricted and logged.

9. Changes

We will notify you of material changes to this policy by email or via a banner on the Service at least seven days before taking effect.

Ce document est informatif et ne constitue pas un conseil juridique.