Summary: CertControl is hosted in the EU, GDPR aligned, and we do not sell your data. We collect only what is needed to operate the service.

1. Who we are

CertControl is a certificate and attack surface security platform built and operated in Denmark by Certiva ApS (CVR: 46450965). References to "we", "us", or "our" in this policy refer to Certiva ApS.

For questions about this policy, contact us at mail@certcontrol.pro.

2. What data we collect

We collect the following categories of data:

  • Account data: name, email address, company name, and password (bcrypt-hashed)
  • Usage data: actions performed in the platform, scan results, endpoint configurations
  • Technical data: IP addresses, browser type, session identifiers
  • Communication data: messages sent via the contact form or email

We do not collect payment card details directly — payments are handled by our payment processor.

3. How we use your data

  • To provide and operate the CertControl platform
  • To send service-related notifications (certificate expiry alerts, scan results)
  • To respond to support requests and enquiries
  • To improve platform security and performance
  • To comply with legal obligations

We do not use your data for advertising and do not sell or share it with third parties for marketing purposes.

4. Legal basis (GDPR)

Our processing is based on:

  • Contract performance — to deliver the service you signed up for
  • Legitimate interest — to improve the platform and ensure security
  • Legal obligation — where required by applicable law
  • Consent — for optional communications, where applicable

5. Data storage and transfers

All data is stored on infrastructure located within the European Union. We do not transfer personal data to countries outside the EU/EEA without adequate safeguards in place.

A Data Processing Agreement (DPA) is available on request for customers who require one for their own compliance obligations.

6. Data retention

We retain account data for as long as your account is active, plus a reasonable period thereafter to fulfil legal obligations. Scan data and audit logs are retained according to the retention policy configured in your account settings.

You may request deletion of your data at any time by contacting us.

7. Your rights

Under GDPR you have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate or incomplete data
  • Request erasure ("right to be forgotten")
  • Restrict or object to processing
  • Data portability
  • Lodge a complaint with a supervisory authority

To exercise any of these rights, contact us at mail@certcontrol.pro.

8. Security

CertControl is built with security as a core requirement. We apply industry-standard practices including encryption at rest and in transit, multi-factor authentication, session management, and regular security reviews. All private keys are encrypted using AES-256-GCM. Full audit logging is maintained for all administrative actions.

9. Cookies

We use necessary session cookies required to operate the platform, and optional analytics cookies to understand how the site is used. You can manage your cookie preferences at any time via the Cookie settings link in the page footer.

  • Necessary cookies: Session and CSRF security — always required. Expire when the browser closes.
  • Analytics cookies: Anonymous visit statistics. Session ID deleted after 30 minutes of inactivity. Only set with your consent.

10. Changes to this policy

We may update this policy from time to time. Material changes will be communicated to active users by email. The "last updated" date at the top of this page reflects the most recent revision.

11. Contact

For any privacy-related questions or requests:
Certiva ApS (CVR: 46450965)
Nøddehaven 1, 3500 Værløse, Denmark
Phone: +45 25 68 14 03
Email: mail@certcontrol.pro
Web: certcontrol.pro/contact