Serpentua

Privacy Policy

Last updated: February 2026

Our Commitment to Privacy

At Serpentua, we are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our data validation and preservation platform.

We adhere to the principles of the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws worldwide.

Information We Collect

Information You Provide

  • Account Information: Name, email address, organization name, and contact details when you create an account.
  • Billing Information: Payment details processed securely through our payment providers.
  • Support Communications: Information you provide when contacting our support team.

Information Collected Automatically

  • Usage Data: Information about how you interact with our platform, including features used and actions taken.
  • Device Information: Browser type, operating system, and device identifiers.
  • Log Data: IP addresses, access times, and pages viewed.

Validation Data

Important: Serpentua processes file validation metadata only. Your actual files never leave your infrastructure. We only receive cryptographic checksums (hashes) and file metadata necessary for validation. This privacy-first design ensures your sensitive data remains under your control at all times.

How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Process transactions and send related information
  • Send technical notices, updates, and security alerts
  • Respond to your comments, questions, and support requests
  • Monitor and analyze usage patterns to improve user experience
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations

Legal Basis for Processing (GDPR)

Under the GDPR, we process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide our services to you.
  • Legitimate Interests: Processing for our legitimate business interests, such as improving our services and ensuring security.
  • Consent: Where you have given explicit consent for specific processing activities.
  • Legal Obligation: Processing necessary to comply with applicable laws.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law. Validation records are retained according to your chosen retention policy (6 months to indefinite).

When you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain certain information for legal or regulatory purposes.

Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data ("right to be forgotten").
  • Restriction: Request restriction of processing of your personal data.
  • Portability: Request transfer of your data to another service provider.
  • Objection: Object to processing based on legitimate interests or direct marketing.
  • Withdraw Consent: Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, please contact us at privacy@serpentua.com.

Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • TLS 1.3 encryption for all data in transit
  • AES-256 encryption for data at rest
  • Regular security audits and penetration testing
  • Access controls and authentication mechanisms
  • Employee training on data protection practices

International Data Transfers

If we transfer your personal data outside of the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, or transfers to countries with adequate data protection laws.

Third-Party Services

We may share your information with trusted third-party service providers who assist us in operating our platform, such as:

  • Cloud infrastructure providers
  • Payment processors
  • Analytics services
  • Customer support tools

These providers are contractually obligated to protect your data and may only use it for the specific purposes we authorize.

Cookies and Tracking

We use essential cookies necessary for the operation of our platform. We also use analytics cookies to understand how visitors interact with our website, but only with your consent. You can manage your cookie preferences at any time through your browser settings or our cookie consent banner.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

You also have the right to lodge a complaint with your local data protection authority if you believe we have not complied with applicable data protection laws.

← Back to Home