Privacy Policy
Last updated: 29/05/2026. Data controller: Rad Connections sp. z o.o., Poland.
We respect your privacy. This Policy explains what data we collect, why, where we store it, and how you can exercise your rights under the EU General Data Protection Regulation 2016/679 (GDPR).
1. Data controller
Rad Connections sp. z o.o., a limited liability company under Polish law. For any question about your personal data: privacy@radcms.io.
2. What data we collect
2.1 Data you provide to us
- Account details: name, email, encrypted password.
- Billing details: company name, address, VAT number. Card data is handled exclusively by our payment provider (Stripe) — it is never stored on our servers.
- Content you upload: text, images, products, site settings.
- Communications: messages to our support and sales teams.
2.2 Data collected automatically
- Technical data: IP, user agent, operating system, sign-in times.
- Platform usage: pages, actions, errors (via Sentry for bug tracking).
- Cookies: session, CSRF, locale, consent preferences. See section 7.
3. Purposes and legal bases for processing
| Purpose | Legal basis |
|---|---|
| Service delivery (hosting, dashboard, billing) | Performance of contract |
| Support communications | Performance of contract |
| Newsletter / marketing emails | Consent (opt-in) |
| Security and abuse detection | Legitimate interest |
| Tax / accounting compliance | Legal obligation |
4. Who we share data with
We never sell personal data. We work with the following processors, all within the EU/EEA or under SCCs:
- Stripe (Ireland): payment processing.
- Cloudflare: CDN, DDoS protection.
- Sentry: error monitoring.
- Email provider (Postmark / SES): transactional emails.
- Hosting infrastructure (EU regions): Frankfurt, Stockholm.
5. Where data is stored
All data is hosted in EU datacenters (primary: Frankfurt, secondary: Stockholm). We do not transfer data outside the EEA without appropriate safeguards (Standard Contractual Clauses).
6. How long we keep data
- Accounts: for the lifetime of the subscription, +30 days grace period after cancellation.
- Invoices: 5 years, per tax legislation.
- Security logs: up to 90 days.
- Newsletter subscribers: until consent is withdrawn.
7. Cookies
We use strictly necessary cookies for authentication and CSRF protection (no consent required). We do not use third-party tracking or advertising cookies on radcms.io.
8. Your rights
- Access — a copy of all data we hold about you.
- Rectification — correction of inaccurate details.
- Erasure — the "right to be forgotten" under conditions.
- Portability — receive your data in a structured format.
- Objection — to processing based on legitimate interest.
- Withdraw consent — at any time, without retroactive effect.
- Complaint to a supervisory authority — in Poland (UODO) or the authority in your country of residence.
To exercise your rights: privacy@radcms.io. We respond within 30 days.
9. Security
We apply encryption in transit (TLS 1.3) and at rest (AES-256), 2FA for administrators, approved password policies, rate limiting and regular penetration tests. In the event of a data breach we will notify you and the supervisory authority within 72 hours, as required by GDPR.
10. Children
Our services are aimed at adults and businesses. We do not knowingly collect data from anyone under 16.
11. Changes to this Policy
We will notify you of material changes by email or via a dashboard notification, at least 30 days before they take effect.
12. Contact
Rad Connections sp. z o.o.
Poland
Email: privacy@radcms.io