Data Protection Information
Last updated:
1. Data Controller
ReefSecure PasswordShare
Email: helpdesk@pluritech.com
Data Protection Inquiries: helpdesk@pluritech.com
2. Legal Basis for Processing
We process your personal data based on the following legal grounds under GDPR:
- Article 6(1)(a) - Consent: For non-essential data processing
- Article 6(1)(b) - Contract: To provide our password sharing service
- Article 6(1)(f) - Legitimate Interest: For security monitoring and service improvement
- Article 6(1)(c) - Legal Obligation: To comply with applicable laws
3. Categories of Personal Data
| Category | Examples | Purpose | Retention |
|---|---|---|---|
| User Account Data | Username, email, password hash | Service provision, authentication | Until account deletion |
| Secret Content | Passwords, sensitive information | Service provision | Until expiration (content cleaned) |
| View Tracking Data | IP address, user agent, referrer, browser, OS | Security monitoring, audit trail | Indefinite (for audit) |
| Technical Data | Session data, login history | Security monitoring | 30 days |
| Security Data | Access logs, failed attempts | Security monitoring | 90 days |
4. Data Processing Purposes
4.1 Service Provision
- Creating and managing user accounts
- Authenticating users and managing sessions
- Encrypting and storing your shared secrets
- Managing expiration and view limits
- Providing secure access to shared content
- Automatically cleaning expired content while preserving metadata
4.2 Security and Monitoring
- Tracking secret views and access patterns
- Detecting and preventing abuse
- Monitoring for security threats
- Maintaining service integrity
- Creating audit trails for compliance
- Complying with legal requirements
5. Data Recipients
We may share your data with:
- Legal Authorities: When required by law or to protect our rights
- Business Transfers: In case of merger or acquisition (with notice)
6. Data Location
All data processing and storage takes place within Belgium, which is part of the European Economic Area (EEA). No international data transfers occur as all processing is conducted locally within Belgian jurisdiction, ensuring full GDPR compliance without the need for additional transfer mechanisms.
7. Your Rights
7.1 Access Rights (Article 15 GDPR)
You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and access to the personal data.
7.2 Rectification Rights (Article 16 GDPR)
You have the right to obtain the rectification of inaccurate personal data concerning you.
7.3 Erasure Rights (Article 17 GDPR)
You have the right to obtain the erasure of personal data concerning you without undue delay.
7.4 Restriction Rights (Article 18 GDPR)
You have the right to obtain restriction of processing where certain conditions apply.
7.5 Data Portability (Article 20 GDPR)
You have the right to receive your personal data in a structured, commonly used format.
7.6 Objection Rights (Article 21 GDPR)
You have the right to object to processing of your personal data for direct marketing or legitimate interests.
7.7 Withdrawal of Consent
Where processing is based on consent, you have the right to withdraw consent at any time.
8. Data Security Measures
We implement appropriate technical and organizational measures to protect your data:
- Encryption: AES-256 encryption for data at rest
- Access Controls: Limited access to authorized personnel only
- Network Security: Secure server infrastructure and monitoring
- Data Minimization: We only collect and store data necessary for the service
9. Data Breach Procedures
In case of a data breach, we will:
- Notify the supervisory authority within 72 hours
- Inform affected individuals without undue delay
- Take immediate steps to contain and remediate the breach
- Conduct a thorough investigation and implement preventive measures
10. Automated Decision Making
We do not use automated decision-making or profiling that produces legal effects or significantly affects you.
11. Children's Data
Our service is not intended for children under 16. We do not knowingly collect personal data from children under 16 without parental consent.
12. Supervisory Authority
You have the right to lodge a complaint with a supervisory authority if you believe we have not handled your personal data in accordance with GDPR. The relevant supervisory authority depends on your location.
13. Contact Information
To exercise your rights or for any data protection inquiries:
- General Support: helpdesk@pluritech.com
- Data Protection Inquiries: helpdesk@pluritech.com
- Response Time: We will respond within 30 days