Legal

Privacy Policy

How we collect, process, and protect your personal data.
In full compliance with GDPR.

🔒 Privacy Policy Last updated: 1 January 2026

🇪🇺 Secrato is fully GDPR-compliant. All personal data is stored exclusively within the European Union in a Belgian based datacenter. We never transfer data outside the EU/EEA.

1. Who We Are

Secrato is a GRC software company incorporated in Belgium and is the data controller for personal data collected through our website (secrato.io) and our platform. For any privacy-related enquiries, contact us at legal@secrato.io.

2. What Data We Collect

We collect personal data in two ways:

  • Data you provide directly — such as your name, email address, company name, and message when you request a demo, contact us, or create an account.
  • Data collected automatically — such as IP address, browser type, device information, and pages visited when you use our website or platform.

3. How We Use Your Data

We use your personal data for the following purposes:

  • To respond to your enquiries and provide the services you have requested
  • To send you product updates and marketing communications (with your explicit consent)
  • To improve our website and platform through analytics
  • To fulfil our contractual obligations as a SaaS provider
  • To comply with our legal obligations under Belgian and EU law

We process your personal data on the following legal bases under GDPR Article 6:

  • Contractual necessity — to provide the Secrato platform to paying customers
  • Legitimate interests — to respond to enquiries and improve our services
  • Consent — for marketing communications and non-essential cookies
  • Legal obligation — where required by Belgian or EU law

5. EU Data Sovereignty

All personal data processed by Secrato is stored exclusively on Belgian datacenter infrastructure within the European Union. We do not transfer personal data outside the EU/EEA under any circumstances. This is a core architectural commitment of the Secrato platform.

6. Cookies

We use the following types of cookies on our website:

  • Essential cookies — required to operate the website and cannot be disabled
  • Analytics cookies — used to understand how visitors interact with our site (only with your consent)
  • Preference cookies — used to remember your settings and preferences

You can manage or withdraw your cookie consent at any time by contacting us or adjusting your browser settings.

7. Data Sharing

We do not sell your personal data. We may share your data with trusted third-party service providers who assist us in operating our platform (such as cloud infrastructure providers), but only under strict data processing agreements that comply with GDPR. All sub-processors are located within the EU/EEA.

8. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Customer data is deleted within 30 days of account termination upon request.

9. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

  • Right of access — to obtain a copy of your personal data
  • Right to rectification — to correct inaccurate or incomplete data
  • Right to erasure — to request deletion of your personal data
  • Right to restriction — to limit how we process your data
  • Right to data portability — to receive your data in a structured format
  • Right to object — to object to processing based on legitimate interests
  • Right to withdraw consent — at any time, without affecting prior processing

To exercise any of these rights, contact us at legal@secrato.io. We will respond within 30 days.

10. Contact & Data Protection Officer

For any privacy-related questions or to exercise your rights, please contact:

You also have the right to lodge a complaint with the Belgian Data Protection Authority (Autorité de protection des données / Gegevensbeschermingsautoriteit) at dataprotectionauthority.be.