Cerclepay · Cohort analytics now in your dashboard →
Cerclepay.
Get started
Legal Cerclepay LLC

Privacy Policy

Last updated 4 May 2026

1. Overview

This Privacy Policy explains how Cerclepay LLC processes personal data when you use our platform, dashboard or website.

2. Data we collect

We collect only what's needed to run the platform well:

  • Operator account — name, email, role.
  • Member metadata — name, email, plan, subscription state. (Cerclepay doesn't see card details — those stay with your processor.)
  • Communication content — messages your team or members send through the platform.
  • Usage — pages viewed, API calls, device.

3. Bases

Processing relies on contract performance with you, your legitimate interest in operating membership billing, legal obligations (accounting), and member consent where applicable to direct messaging.

4. Sharing

We share data with sub-processors (listed in the trust center), with authorities where legally required, and with your chosen payment processor for member billing. We never sell personal data.

5. International transfers

EU operator data is stored in EU regions (Frankfurt and Amsterdam). Cross-border transfers use SCCs with supplementary measures.

6. Retention

Operator data is kept for the duration of the contract plus 7 years for accounting. Member event data is kept as long as the operator's contract is active, plus 90 days for safe export.

7. Your rights

Operators and members have GDPR rights of access, rectification, erasure, restriction, portability and objection. Member requests are routed to the operator; we provide tooling in the dashboard.

8. Security

TLS 1.3 in transit. AES-256 at rest. Per-tenant data keys. ISO 27001 and SOC 2 Type II controls. Bug bounty paid since launch.

9. Cookies

See the Cookie Policy for cookie details and your choices.

10. Contact

Privacy questions: [email protected]. Our supervisory authority is the Autoriteit Persoonsgegevens (Netherlands).