SaaSFort

Privacy Policy

Last updated: March 2026

1. Data Controller

SaaSFort — web security audit platform.
Email: [email protected]
Website: https://saasfort.com

2. Data We Collect

We collect and process the following personal data in accordance with GDPR (EU 2016/679):

  • Contact form submissions: name, email address, company name, message content — used solely to respond to your inquiry.
  • Scan data: domain names and technical scan results — used to deliver the SaaSFort service.
  • Account data: email, name, company — used to manage your subscription and provide the service.
  • Billing data: processed via Stripe (PCI-DSS compliant). SaaSFort does not store payment card numbers.

3. Legal Basis for Processing

  • Contract performance (Art. 6(1)(b) GDPR): processing necessary to deliver the SaaSFort service.
  • Legitimate interest (Art. 6(1)(f) GDPR): improving our service, ensuring security, and communicating about your account.
  • Consent (Art. 6(1)(a) GDPR): marketing communications, if you opt in.

4. Data Storage and Security

All data is stored on EU infrastructure (OVH Kubernetes cluster, EU region; AWS eu-west-3, Paris, France). Data is encrypted in transit (TLS 1.2+) and at rest (AES-256).

5. Data Retention

  • Contact form data: 3 years from last interaction
  • Scan data: duration of subscription + 1 year
  • Account data: duration of subscription + 3 years
  • Billing records: 10 years (legal requirement)

6. Your Rights (GDPR)

You have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data ("right to be forgotten")
  • Restrict processing
  • Data portability — receive your data in a structured format
  • Object to processing based on legitimate interest
  • Withdraw consent at any time for consent-based processing

To exercise any right, contact [email protected]. We respond within 30 days.

7. Cookies

This website uses no tracking cookies. We use a single session cookie (Stripe) for checkout purposes only. No analytics, advertising, or third-party tracking cookies are used.

8. Sub-processors

  • Stripe (USA, EU SCCs) — payment processing
  • OVH (France) — infrastructure hosting
  • AWS (EU, Paris) — cloud services
  • Google Workspace (EU) — email

9. International Transfers

Where data is transferred outside the EU (Stripe), it is protected by Standard Contractual Clauses (SCCs) approved by the European Commission.

10. Supervisory Authority

You may lodge a complaint with the French data protection authority: CNIL — www.cnil.fr