1. Overview
This Privacy Policy describes how Cendigo collects, uses, and protects personal data when you visit our website, evaluate the platform, or use our services as a client.
2. Data we collect
- Account data: name, email, company, role
- Billing data: handled by Stripe; we store only metadata
- Project data: assets and content you provide
- Usage data: logs, IP, device, performance telemetry
- Audit data: administrative activity for governance
3. How we use data
- Deliver and operate the services
- Authenticate users and prevent abuse
- Provide support and respond to inquiries
- Improve performance, security, and product quality
- Comply with legal obligations
4. Sharing
We share data with vetted sub-processors (hosting, payments, email, analytics) under contractual safeguards. See the DPA for the current sub-processor list.
5. International transfers
Transfers outside the EEA/UK rely on Standard Contractual Clauses and supplementary measures where required.
6. Your rights
You may request access, correction, deletion, portability, or restriction of your personal data by emailing privacy@cendigo.com.
7. Retention
We retain data only as long as needed for the purposes described or as required by law. Backups are rotated on a defined schedule.
8. Security
We use TLS in transit, encryption at rest, RBAC, audit logging, MFA for admin, and signed-upload workflows. See the Trust Center.
9. Contact
Privacy questions: privacy@cendigo.com.