Privacy Policy
Last updated: April 2026
1. Who we are
Certeasy (contact@certeasy.tech) publishes this site and operates the license management service available at certeasy.tech. We are the data controller within the meaning of the GDPR (Regulation (EU) 2016/679).
2. What data we collect and why
We collect the minimum necessary to operate the service:
| Data | Purpose | Legal basis |
|---|---|---|
| Email address | Deliver the license file, send renewal reminders, re-send licenses on request | Contract performance (Art. 6(1)(b)) |
| Full name | Personalise the welcome email and identify the license holder | Contract performance (Art. 6(1)(b)) |
| IP address | Rate limiting and abuse prevention (processed in memory, not stored to disk) | Legitimate interest (Art. 6(1)(f)) |
Payment data (card, billing address) is handled exclusively by Stripe and never passes through our servers. Stripe acts as an independent data controller for payment processing. See stripe.com/privacy.
3. Analytics
We use Cloudflare Web Analytics to measure traffic on this site (page views, unique visitors, country of origin, referrers).
- Cloudflare Web Analytics is cookie-free — no tracking cookie is set.
- It does not collect personal data or build individual profiles.
- Data is aggregated and anonymised before being stored.
- No consent banner is required under the GDPR or ePrivacy Directive.
See Cloudflare's privacy policy for details on how aggregated analytics data is handled.
4. What we do not do
- We do not sell, rent or share your data with third parties for marketing purposes.
- We do not use your email for advertising or profiling.
- We do not use tracking pixels or advertising cookies.
- We do not set any cookies.
5. Cookies
This site sets no cookies — neither session, analytics nor advertising.
6. Data retention
We retain your email address and name for as long as your license is active, plus 3 years after the last license expires (for accounting and dispute resolution purposes). You may request earlier deletion — see section 7.
7. Your rights
Under the GDPR you have the right to:
- Access — obtain a copy of the data we hold about you.
- Rectification — correct inaccurate data.
- Erasure — request deletion of your data ("right to be forgotten").
- Portability — receive your data in a structured, machine-readable format.
- Objection — object to processing based on legitimate interest.
- Restriction — ask us to limit processing while a dispute is resolved.
To exercise any of these rights, email us at contact@certeasy.tech with the subject line "GDPR request". We will respond within 30 days.
You also have the right to lodge a complaint with your national supervisory authority (in France: CNIL).
8. Data transfers outside the EU
Our infrastructure is hosted in the EU. Transfers outside the EU concern: Stripe (United States, payment processing) and Cloudflare (United States, analytics) — both covered by Standard Contractual Clauses and the EU–US Data Privacy Framework.
9. Security
License files are cryptographically signed with Ed25519. Email addresses are stored in a local database with restricted access. We apply rate limiting on all public endpoints to prevent abuse.