Privacy Policy

1. Introduction

GPSRPass ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our GPSR compliance platform.

2. Information We Collect

We collect information that you provide directly to us:

• Account Information: Email address, name, and password when you create an account
• Business Information: Company name, address, and EU representative details for compliance documents
• Product Information: Product names, SKUs, categories, and specifications you enter
• Payment Information: Processed securely through our payment provider (we do not store card details)

We also automatically collect certain information when you use our Service, including IP address, browser type, device information, and usage patterns.

3. How We Use Your Information

We use the information we collect to:

• Generate GPSR labels and Declaration of Conformity documents
• Provide, maintain, and improve our Service
• Process transactions and send related information
• Send technical notices, updates, and support messages
• Respond to your comments, questions, and customer service requests
• Monitor and analyze usage trends to improve user experience

4. Data Storage and Security

Your data is stored securely on servers located within the European Union. We implement industry-standard security measures including:

• Encryption of data in transit (TLS/SSL) and at rest
• Regular security audits and vulnerability assessments
• Access controls and authentication mechanisms
• Secure backup procedures

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you services. You may request deletion of your account and associated data at any time by contacting us.

Compliance documents you generate may be retained for regulatory purposes as required by applicable laws, typically for a minimum of 10 years from the date the product was placed on the market.

6. Third-Party Services

We use the following third-party services to operate our platform:

• Supabase: Database and authentication services (EU region)
• Vercel: Hosting and deployment platform
• Stripe: Payment processing (PCI-DSS compliant)
• Analytics: Anonymous usage analytics to improve our service

These services have their own privacy policies governing how they handle your data.

7. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the right to:

• Access: Request a copy of the personal data we hold about you
• Rectification: Request correction of inaccurate personal data
• Erasure: Request deletion of your personal data ("right to be forgotten")
• Portability: Receive your data in a structured, machine-readable format
• Objection: Object to processing of your personal data
• Restriction: Request restriction of processing in certain circumstances

To exercise any of these rights, please contact us at the email address below.

8. Cookies

We use cookies and similar tracking technologies to:

• Maintain your session and authentication status
• Remember your preferences
• Analyze site traffic and usage patterns

You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of the Service.

9. Children's Privacy

Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete such information.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Your continued use of the Service after any changes constitutes acceptance of the new Privacy Policy.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: