SertiqLegal Center

Privacy Policy

Effective: 12 May 2026 | v1.0

1. Who We Are (Data Controller)

Sertiq is a trading name of Mariusz Laszewski, trading as Zatto Dev, 210 Redwood Grove, Bedford, MK42 9JE, United Kingdom.

  • Trading Name: Sertiq / Zatto Dev
  • Owner & Operator: Mariusz Laszewski
  • Address: 210 Redwood Grove, Bedford, MK42 9JE, United Kingdom
  • UTR: 1153 45012
  • Contact: legal@sertiq.app

2. Scope

This Privacy Policy applies to personal data collected through the Sertiq website at sertiq.app, the Sertiq application, and any communications between you and us.

3. Data We Collect

3.1 Account & Contact Data

Full name, email address, job title, company name and address, phone number (if provided), account login credentials (passwords stored hashed only).

3.2 Supplier & Quality Data (Customer Data)

Contact details of supplier personnel (name, email, phone, job title); supplier company information; ISO certificates, audit reports, NCR documents, CAPA records; any other data you upload to the Platform.

3.3 Technical & Usage Data

IP address, browser type and version, operating system, pages viewed, features used, session duration, log data, error reports, performance data, cookie data.

3.4 Payment Data

Payment card details are processed by our third-party payment processor and never stored on our servers. We receive only a transaction reference and subscription status.

4. Legal Basis for Processing (UK/EU GDPR)

  • Contract (Art. 6(1)(b)): Processing necessary to provide the Platform services.
  • Legitimate Interests (Art. 6(1)(f)): Improving the Platform, preventing fraud, ensuring security, sending service-related communications.
  • Legal Obligation (Art. 6(1)(c)): Compliance with applicable laws (e.g., tax, accounting).
  • Consent (Art. 6(1)(a)): For marketing communications and non-essential cookies — you may withdraw consent at any time.

5. How We Use Your Data

Providing, maintaining, and improving the Platform; account registration and authentication; processing payments; sending transactional emails; customer support; security monitoring and fraud prevention; analysing Platform usage; complying with legal obligations; sending marketing communications (with consent only).

6. Data Sharing & Third Parties

We do not sell your personal data. We share data only with: Cloud Hosting Provider (e.g., AWS/Vercel/Supabase); Email Service Provider (e.g., SendGrid/Resend); Payment Processor (e.g., Stripe); Analytics Provider (e.g., Plausible/PostHog); Legal and professional advisors where required; Law enforcement where required by law. A full list of sub-processors is available at legal@sertiq.app.

7. International Data Transfers

Where sub-processors process data outside the UK/EEA, we ensure appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission and UK ICO. Contact legal@sertiq.app for details.

8. Data Retention

  • Account data: duration of subscription plus 6 months.
  • Customer Data: duration of subscription, then 30-day export window, then deleted.
  • Financial/billing records: 7 years (UK tax law).
  • Technical logs: up to 12 months.
  • Backup copies: may persist up to 90 days after deletion requests.

9. Your Rights

Under UK and EU GDPR:

  • Right of access
  • Right to rectification
  • Right to erasure (“right to be forgotten”)
  • Right to restriction of processing
  • Right to data portability
  • Right to object
  • Rights related to automated decision-making

To exercise rights, contact legal@sertiq.app. We respond within 30 days. You may lodge a complaint with the UK ICO (ico.org.uk) or your local EU supervisory authority.

10. Cookies

We use cookies and similar technologies. See our Cookie Policy for details. Essential cookies require no consent. Analytics and marketing cookies require consent, manageable via our Cookie Consent Manager.

11. California Privacy Rights (CCPA)

California residents have rights under the CCPA including right to know, delete, and opt-out of sale of personal information. We do not sell personal information. Contact legal@sertiq.app. We do not discriminate against users who exercise CCPA rights.

12. Security

We implement industry-standard measures including TLS encryption in transit, encryption at rest, access controls, and regular security reviews. In the event of a data breach affecting your rights, we will notify you and relevant authorities within 72 hours as required by GDPR.

13. Children

The Platform is not directed at individuals under 18. We do not knowingly collect personal data from children. Contact legal@sertiq.app immediately if you believe a child has provided data.

14. Changes to This Policy

We may update this Privacy Policy and will notify you of material changes at least 14 days before they take effect. Current version always at sertiq.app/legal/privacy.

15. Contact

Email: legal@sertiq.app
Post: Zatto Dev (Mariusz Laszewski), 210 Redwood Grove, Bedford, MK42 9JE, United Kingdom