Privacy Policy

1. Data Controller

The data controller is Brillnet Piotr Adamski, located at ul. Sienkiewicza 73/6, 90-057 Lodz, Poland (hereinafter: "Controller").

Contact for data protection matters: contact@pulsar-grc.com

2. Purposes and Legal Bases

Personal data is processed for the following purposes:

Purpose Legal Basis
Service provision (Account, Subscription) Art. 6(1)(b) GDPR - contract performance
Billing, invoices Art. 6(1)(c) GDPR - legal obligation
Direct marketing Art. 6(1)(a) GDPR - consent
Inquiry handling Art. 6(1)(f) GDPR - legitimate interest

3. Categories of Data

We process the following categories of personal data:

  • Identification data: name, surname, company name
  • Contact data: email address, phone number
  • Billing data: VAT ID, address, invoice details
  • Technical data: IP address, logs, device data
  • Usage data: activity, preferences

4. Data Recipients

Data may be shared with the following categories of recipients:

  • Hosting providers (Vercel, Neon, Upstash)
  • Payment service providers
  • AI service providers (Google - Gemini API) - only when using AI features
  • Government authorities - as required by law

5. Data Transfers

Data may be transferred to third countries (USA) in connection with the use of cloud services. Transfers are based on Standard Contractual Clauses approved by the European Commission.

6. Retention Period

  • Account data: duration of the contract + 3 years
  • Billing data: 5 years (tax obligation)
  • Marketing data: until consent withdrawal
  • Technical logs: 12 months

7. Your Rights

You have the following rights:

  • Right of access
  • Right to rectification
  • Right to erasure ("right to be forgotten")
  • Right to restriction of processing
  • Right to data portability
  • Right to object
  • Right to withdraw consent
  • Right to lodge a complaint with a supervisory authority

8. Data Security

We implement the following security measures:

  • Data encryption in transit (TLS 1.3)
  • Data encryption at rest
  • Row-Level Security for organization data isolation
  • Regular backups
  • Role-Based Access Control (RBAC)
  • Security monitoring and alerts

9. Profiling and Automated Decisions

The Platform does not make decisions based solely on automated processing, including profiling, that produce legal effects or similarly significantly affect an individual.

AI features (Gemini) are assistive tools and do not make autonomous decisions.

10. Contact

For data protection inquiries, please contact: contact@pulsar-grc.com

Last updated: 2026-02-01