SellSafely

Privacy

Privacy policy

Last updated: 2026-04-30

Data we collect

We collect the minimum needed to operate the site and respond to inquiries:

  • Contact form submissions — name, work email, company, audience type, sector, message. Sent via AWS SES (eu-west-1) to our team inbox.
  • Analytics events — page views and CTA interactions only. Cookieless (PostHog persistence:'memory'), no PII in event properties, IP not stored.
  • Server logs — request metadata for debugging (IP, user-agent, timestamp). Retained 30 days; not used for marketing.

Why we collect it

Three lawful bases under GDPR:

  • Contract — to respond to your contact-form inquiry and follow up about a pilot.
  • Legitimate interest — to operate, secure, and improve the site (analytics, abuse defense via Cloudflare Turnstile).
  • Legal obligation — to retain published passport data and evidence for the duration ESPR requires (10+ years).

Third-party processors

We use a small set of vetted sub-processors, each under a Data Processing Agreement. See the maintained list on our Security & Trust page (sub-processors section). EU residency where possible; SCCs where transfer is unavoidable.

How long we keep it

  • Contact submissions — 24 months (legitimate-interest follow-up).
  • Analytics events — 365 days; aggregated metrics longer.
  • Server logs — 30 days.
  • Published passports + evidence — 10+ years per ESPR availability requirement (this is product data, not visitor data).
  • Backups — 30-day rolling, encrypted, EU region.

Your GDPR rights

You have the right to:

  • Access — ask for a copy of personal data we hold about you
  • Rectification — correct inaccurate data
  • Erasure — request deletion of personal data (“right to be forgotten”)
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interest
  • Restriction — restrict processing in certain circumstances
  • Lodge a complaint with your local supervisory authority

Email dpo@sellsafely.ai to exercise any of these rights. We respond within 30 days.

Cookies

We don't set non-essential cookies pre-interaction. Analytics runs in cookieless mode (memory persistence). Calendly is loaded only after you submit the contact form. If you'd still rather we never load any 3p script, contact dpo@sellsafely.ai.

Contact for privacy questions

Data Protection Officer: dpo@sellsafely.ai. For procurement / DPA requests, see the Security & Trust page.