Privacy Policy

Last updated: July 1, 2025

CdBase ("we", "our", or "us") is committed to protecting your privacy. This policy explains what information we collect, how we use it, and your rights regarding that information.

1. Scope

This policy applies to the CdBase website at cdbase.dev, the customer portal, and any related services we operate (collectively, the "Services"). It does not apply to self-hosted CdBase instances — when you self-host, your data stays entirely on your own infrastructure and is governed by your own policies.

2. Information We Collect

2.1 Information you provide

  • Account information: name and email address when you register or purchase a license.
  • Payment information: processed by our payment provider (Stripe). We do not store card numbers.
  • Support communications: messages you send to our support email.

2.2 Information collected automatically

  • Server logs: IP address, browser type, referring URL, and pages visited.
  • License validation: when your self-hosted instance checks license validity, we receive the license key and a workspace identifier. No database contents or migration data are transmitted.

2.3 Cookies

We use only strictly necessary session cookies on the customer portal (for authentication). We do not use advertising or cross-site tracking cookies.

3. How We Use Your Information

  • To create and manage your account and license.
  • To process payments and send receipts.
  • To respond to support requests.
  • To send transactional emails (license keys, renewal reminders). We do not send marketing email without your explicit opt-in.
  • To detect abuse and enforce our Terms of Service.
  • To improve the Services using aggregated, anonymised usage data.

4. Legal Basis for Processing (GDPR)

Where EU/UK GDPR applies, we process your data on the following bases:

  • Contract — to fulfil your license purchase and provide the Services.
  • Legitimate interests — security, fraud prevention, and service improvement.
  • Consent — for optional marketing communications.
  • Legal obligation — to comply with applicable law (e.g. tax records).

5. Data Sharing

We do not sell your personal data. We share it only with:

  • Stripe — payment processing. See stripe.com/privacy.
  • Hosting providers — infrastructure needed to run the Services, bound by data processing agreements.
  • Law enforcement — when required by applicable law or valid legal process.

6. Data Retention

We retain account and billing records for as long as your account is active and for up to 7 years after account closure to comply with tax and accounting obligations. Server logs are retained for 90 days. You may request earlier deletion — see Section 8.

7. Data Security

We use industry-standard measures including TLS encryption in transit, encrypted storage at rest, and access controls limited to personnel who need the data. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.

8. Your Rights

Depending on your location you may have the right to:

  • Access a copy of the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your data ("right to be forgotten").
  • Object to or restrict certain processing.
  • Data portability in a machine-readable format.
  • Withdraw consent at any time (without affecting prior processing).

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

9. International Transfers

Our Services are hosted in the European Union. If you access the Services from outside the EU, your data may be transferred to and processed in the EU. We rely on Standard Contractual Clauses for any onward international transfers.

10. Children's Privacy

The Services are not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have done so inadvertently, please contact us and we will delete the data promptly.

11. Changes to This Policy

We may update this policy from time to time. When we do, we will revise the "Last updated" date at the top and, for material changes, notify you by email or a prominent notice on our website. Continued use of the Services after the effective date constitutes acceptance of the updated policy.

12. Contact

For privacy-related questions or requests, contact us at [email protected].