Privacy Policy

1. Overview

This Privacy Policy describes how Commandor (“Commandor”, “we”, “us”, “our”) processes personal data in connection with: the public Commandor website; the Commandor software platform and services (“Platform”); related communications, sales, marketing and support activities. Commandor is committed to protecting personal data and complying with applicable data protection laws, including the EU General Data Protection Regulation (GDPR) and other relevant international privacy regulations.

2. Data Controller

Legal entity: Commandor Website: https://commandor.app Contact email: info@commandor.app Unless explicitly stated otherwise, Commandor acts as the data controller for personal data processed under this Privacy Policy.

3. Applicability

This Privacy Policy applies to: website visitors; registered users of the Platform; trial users and customers; representatives of business customers; individuals contacting Commandor. This policy does not apply to third-party services or platforms that may be linked to or integrated with the Platform.

4. Roles & Responsibilities (Controller vs Processor)

4.1 Commandor as Data Controller Commandor acts as data controller for personal data related to: account registration; billing and contract administration; customer communication and support; marketing and sales activities; website analytics.

4.2 Commandor as Data Processor When customers connect third-party tools and data sources to the Platform, Commandor processes data solely on behalf of the customer. In such cases: the customer remains the data controller; Commandor acts as a data processor; processing is governed by a Data Processing Agreement (DPA).

5. Categories of Personal Data

5.1 Data Provided by You Name Company name Email address Phone number (optional) Login credentials Billing details Communication content (support requests, emails)

5.2 Data Collected Automatically IP address Device, browser and operating system data Log and usage data Date and time of access Referrer URLs Platform interaction data

5.3 Data via Integrations Data imported through integrations with third-party platforms, including marketing, analytics, advertising or CRM tools, as configured by the customer.

6. Purposes of Processing

Personal data is processed for the following purposes: providing and maintaining the Platform; user authentication and account management; customer support and service communication; billing, invoicing and payments; analytics and platform performance monitoring; product development and improvement; security, fraud prevention and abuse detection; legal and regulatory compliance; marketing communications (where permitted).

7. Legal Bases (GDPR)

Processing is based on one or more of the following legal grounds: Contractual necessity – to provide the Platform and services; Legitimate interests – such as service improvement, security and business operations; Consent – for marketing communications and certain cookies; Legal obligations – such as tax or accounting requirements. Where consent is required, it may be withdrawn at any time.

8. Cookies & Tracking

Commandor uses cookies and similar technologies to: enable website functionality; analyze traffic and usage; improve user experience; support marketing efforts (where applicable). Detailed information is provided in the Cookie Policy.

9. Data Sharing & Sub-Processors

Personal data may be shared with trusted third parties, including: cloud hosting and infrastructure providers; analytics and monitoring services; payment processors; customer support tools; professional advisors; public authorities where legally required. All sub-processors are subject to contractual data protection obligations.

10. International Data Transfers

Personal data may be transferred outside the EEA. Where applicable, appropriate safeguards are implemented, including: EU Standard Contractual Clauses (SCCs); adequacy decisions; equivalent lawful transfer mechanisms.

11. Data Retention

Personal data is retained only for as long as necessary to fulfil the purposes outlined in this policy, unless longer retention is required by law. Retention periods depend on: data type; contractual obligations; statutory requirements; legitimate business interests.

12. Security Measures

Commandor applies appropriate technical and organizational measures to protect personal data, including: encryption in transit and at rest where applicable; access controls and authentication; monitoring and logging; secure hosting environments. While no system is fully secure, Commandor continuously improves its security posture.

13. Your Rights

Depending on applicable law, you may have the right to: access personal data; rectify inaccurate data; request erasure; restrict or object to processing; data portability; withdraw consent; lodge a complaint with a supervisory authority. Requests can be submitted to: info@commandor.app

14. Children

The Platform is not intended for individuals under 18 years of age. Commandor does not knowingly collect personal data from children.

15. Changes to This Policy

This Privacy Policy may be updated periodically. The most recent version will always be published on the website. Continued use of the Platform constitutes acceptance of the updated policy.

16. Contact

For questions or requests regarding privacy: Email: info@commandor.app Company: Commandor

Last updated: 19 December 2025