Privacy Policy

Last updated: 5 May 2026

This draft outlines how The AuthenticALLY collects, uses, and protects your personal data. Have your DPO review this page before launch.

1. Who we are

The AuthenticALLY is the data controller for personal data you provide while using this service. Contact: privacy@authentically.eu.

2. Data we collect

• Account data — email, display name, avatar, OAuth provider identifier.
• Verification data — name, title, bio, credentials, social handles, supporting documents.
• Payment data — processed by Stripe; we store only the payment intent / session ID and amount.
• Usage data — IP address and user agent on a limited basis for security and audit logging.

3. Legal bases (GDPR Art. 6)

• Performance of a contract — for verification processing and payments.
• Consent — for optional social profile verification and marketing communications.
• Legitimate interests — for security, fraud prevention, and audit logging.
• Legal obligation — for payment records retention (7 years in the UK/EU).

4. Where your data is stored

All personal data is stored in the European Union (Frankfurt, Germany) via Supabase GmbH. Payment processing uses Stripe Payments Europe Ltd. Transactional email is sent via Resend, Inc. with EU region enabled. See our sub-processors page.

5. Your rights

You have the right to:

• Access your data — see Data controls.
• Rectify inaccurate data — edit your profile or contact us.
• Erasure ("right to be forgotten") — delete your account from settings.
• Data portability — export a JSON copy of your data.
• Object to processing or restrict it.
• Lodge a complaint with your local supervisory authority.

6. Retention

We keep verification records for as long as your account is active. After deletion, payment records are retained for 7 years for tax and legal compliance. Audit logs are retained for 2 years.

7. Contact

For any privacy concern, email privacy@authentically.eu.