Get started free
← HomeLegal

Privacy Policy

Last updated: 11 June 2026

Operator / Data controller

Company name
[COMPANY LEGAL NAME] Kft.
Registered seat
[REGISTERED SEAT — street and number, postal code, city], Hungary
Company reg. no.
[COMPANY REGISTRATION NUMBER]
Court of registration
[COURT OF REGISTRATION]
Tax number
[TAX NUMBER]
EU VAT number
[EU VAT NUMBER]
Represented by
[MANAGING DIRECTOR]
Contact e-mail
info@sealium.eu

This Privacy Policy explains how [COMPANY LEGAL NAME] Kft.(“Sealium”, “we”) processes personal data when you visit sealium.eu, register for an account, or use our document validation API. We act as the data controller for the personal data described below, within the meaning of Regulation (EU) 2016/679 (“GDPR”) and Hungarian Act CXII of 2011 on Informational Self-Determination and Freedom of Information.

1.The data we process

Account data

When you register we process your name, e-mail address and the identifier from your sign-in provider, together with the onboarding details you choose to give us (such as company type and primary use case).

Usage data

We process metadata about your API usage: request counts and timestamps, the formats validated, batch job records, and the Validation Reports generated for your account. Validation Reports may contain personal data about the signers of the documents you validate (for example a signer’s name and the distinguished name of their certificate).

Billing data

Payments are handled by our payment provider Paddle. We do not receive or store your full card details; we store your subscription tier and the references Paddle returns (such as a subscription or customer identifier).

Technical data

Our servers and infrastructure providers process technical data such as IP address, request headers and structured application logs for security, debugging and abuse prevention.

Documents — not collected

We do not store the documents you submit for validation. Documents are processed in memory (large files use transient temporary storage that is deleted immediately after processing) and are never retained once a validation completes. Only the structured Validation Report is kept.

2.Why we process it and our legal bases

  • To provide the Service — performing our contract with you (GDPR Art. 6(1)(b)): authentication, running validations, storing reports, quotas and support.
  • Billing and tax — performing our contract and complying with legal obligations (Art. 6(1)(b) and (c)).
  • Security and abuse prevention — our legitimate interests in keeping the Service safe and reliable (Art. 6(1)(f)).
  • Service communications — our legitimate interests in operating the Service (Art. 6(1)(f)); marketing e-mails, if any, are sent only with your consent (Art. 6(1)(a)).
  • Legal compliance — complying with applicable Hungarian and EU law (Art. 6(1)(c)).

3.Service providers (sub-processors)

We use a small number of carefully selected providers to operate the Service. They process personal data only on our instructions and under data-processing agreements:

  • Microsoft Azure — cloud hosting and container infrastructure (EU region).
  • Neon — managed PostgreSQL database storing account, usage and report data (EU region, Frankfurt).
  • Auth0 (Okta) — authentication and identity management for the developer console.
  • Paddle — payment processing and tax handling as Merchant of Record.
  • Vercel — hosting of the public marketing website.

A current list of sub-processors is available on our GDPR page.

4.Where your data is stored and transfers

We host the Service and store account, usage and report data within the European Union. Some providers (for example our authentication and payment providers) may process limited personal data outside the EEA. Where that happens, the transfer is protected by an adequacy decision or by appropriate safeguards such as the European Commission’s Standard Contractual Clauses.

5.How long we keep it

  • Account data — for as long as your account is active, then deleted or anonymised within a reasonable period after closure.
  • Validation Reports and usage data — retained while your account is active so you can access your history; you can delete reports, and we delete remaining data after account closure unless we must keep it for legal reasons.
  • Billing records — retained for the period required by Hungarian accounting and tax law (generally 8 years).
  • Documents — not retained at all (see section 1).

6.Your rights

Under the GDPR you have the right to:

  • access the personal data we hold about you;
  • have inaccurate data rectified;
  • have your data erased (“right to be forgotten”);
  • restrict or object to certain processing;
  • receive your data in a portable format;
  • withdraw consent at any time, without affecting prior processing.

To exercise any of these rights, contact us at info@sealium.eu. We respond within one month. If you believe we have not handled your data lawfully, you may lodge a complaint with the Hungarian supervisory authority:

  • Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH)
  • H-1055 Budapest, Falk Miksa utca 9-11, Hungary
  • https://naih.hu · ugyfelszolgalat@naih.hu

7.Cookies

The marketing website uses only the cookies and local storage necessary to operate it and remember your preferences. The developer console uses cookies and browser storage strictly necessary for authentication and session management. We do not use advertising cookies. Where any non-essential analytics are introduced, we will ask for your consent first.

8.Security

We apply appropriate technical and organisational measures to protect personal data, including encryption in transit, scoped API-key authentication, per-tenant isolation of stored reports, signed webhooks, and least-privilege access to infrastructure. No method of transmission or storage is completely secure, but we work to protect your data and to notify you of incidents as required by law.

9.Children

The Service is intended for developers and businesses and is not directed at children under 16. We do not knowingly collect personal data from children.

10.Changes and contact

We may update this Privacy Policy from time to time; the “Last updated” date reflects the latest version. For privacy questions, e-mail info@sealium.eu.