Back to Home

Privacy Policy

Last updated: December 5, 2025

1. Introduction

ASQUARED SRL ("we", "us", "our") operates Changelogy (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

Data Controller:
ASQUARED SRL
Brașov, Romania
Email: contact@changelogy.com

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Information We Collect

2.1 Personal Information You Provide

When you register for an account, we collect:

  • Email address (required for authentication)
  • Full name (optional)
  • Organization name
  • Profile picture (optional)
  • Payment information (processed securely through Stripe)

2.2 Automatically Collected Information

When you use our Service, we automatically collect:

  • IP address and browser type
  • Device information and operating system
  • Usage data (pages visited, features used, time spent)
  • Cookies and similar tracking technologies

2.3 Content You Create

  • Changelog posts and updates
  • Images and media uploaded
  • Organization and team information
  • Custom domain configurations

3. How We Use Your Information

We use your personal data for the following purposes:

  • Service Provision: To provide, maintain, and improve the Service
  • Authentication: To verify your identity and manage your account
  • Payment Processing: To process subscriptions and payments
  • Communications: To send service-related notifications and updates
  • Customer Support: To respond to your inquiries and provide assistance
  • Analytics: To understand how users interact with our Service and improve features
  • Security: To detect, prevent, and address technical issues and fraudulent activity
  • Legal Compliance: To comply with legal obligations and enforce our Terms of Service

3.1 Legal Basis for Processing (GDPR)

We process your personal data based on:

  • Contract Performance: Processing necessary to provide the Service you've subscribed to
  • Legitimate Interest: Improving our Service, preventing fraud, and ensuring security
  • Consent: Marketing communications (where applicable)
  • Legal Obligation: Compliance with applicable laws and regulations

4. Third-Party Service Providers

We use the following third-party services to operate our platform:

4.1 Vercel (Hosting)

We use Vercel for application hosting and infrastructure. Vercel may collect and process technical data such as IP addresses and request logs. Vercel is GDPR-compliant and processes data in accordance with their Privacy Policy.

4.2 Supabase (Database & Authentication)

We use Supabase to store user data and manage authentication. Supabase is GDPR-compliant and hosts data in secure, EU-based data centers when applicable. Learn more in their Privacy Policy.

4.3 Stripe (Payment Processing)

We use Stripe to process payments. Stripe collects and processes payment information on our behalf. We do not store complete credit card information on our servers. Stripe is PCI-DSS compliant and GDPR-compliant. View their Privacy Policy.

5. Data Storage and Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

  • Encryption in transit (HTTPS/TLS) and at rest
  • Secure authentication mechanisms
  • Regular security audits and updates
  • Access controls and authentication
  • Data backup and disaster recovery procedures

Your data is stored on secure servers within the European Economic Area (EEA) or in jurisdictions that provide adequate data protection as recognized by the European Commission.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

  • Active Accounts: Data is retained while your account is active
  • Deleted Accounts: Personal data is deleted within 30 days of account deletion
  • Billing Records: Retained for 7 years to comply with tax and accounting regulations
  • Backup Data: May persist in backups for up to 90 days

7. Your Rights Under GDPR

As a data subject in the EU, you have the following rights:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise any of these rights, please contact us at contact@changelogy.com. We will respond to your request within 30 days.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience:

  • Essential Cookies: Required for authentication and basic functionality
  • Performance Cookies: Help us understand how users interact with the Service
  • Functionality Cookies: Remember your preferences and settings

You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of the Service.

9. International Data Transfers

While we primarily store data within the EEA, some of our service providers may process data outside the EEA. In such cases, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions recognizing equivalent data protection
  • Service providers certified under recognized privacy frameworks

10. Children's Privacy

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you become aware that a child has provided us with personal data, please contact us, and we will take steps to delete such information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we will provide prominent notice or obtain your consent where required by law.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

ASQUARED SRL
Brașov, Romania
Email: contact@changelogy.com

Data Protection Authority:
If you are not satisfied with our response, you have the right to lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) or your local data protection authority.