Privacy Policy
How AltShift collects, uses, and protects your personal data in connection with altshift.me.
Last updated: 14 May 2026 · Effective date: [TO BE COMPLETED]
Last updated: 14 May 2026. This policy applies to altshift.me and all AltShift products and services.
1. Who we are
AltShift is an independent European business producing governance, risk, and compliance (GRC) documentation systems for the EU regulatory market.
Legal entity
[TO BE COMPLETED]
Registered address
[TO BE COMPLETED]
Country
Romania, European Union
Contact
AltShift is the data controller for personal data processed in connection with this website and our products.
2. What personal data we collect and why
We collect only the minimum personal data necessary to operate our business.
| Category | Data collected | Purpose | Legal basis |
|---|---|---|---|
| Purchase data | Name, email address, billing country, transaction ID | Processing your order and delivering your product | Performance of a contract (Art. 6(1)(b) GDPR) |
| Communication data | Email address, message content | Responding to enquiries, licensing requests, or support | Legitimate interests (Art. 6(1)(f) GDPR) |
| Technical data | IP address, browser type, server logs | Website security, fraud prevention, service reliability | Legitimate interests (Art. 6(1)(f) GDPR) |
| Analytics data | Analytics identifiers, usage statistics | Measuring and improving website performance | Consent (Art. 6(1)(a) GDPR) where required |
| Cookie data | Session cookies, preference cookies | Basic site functionality | Legitimate interests (Art. 6(1)(f) GDPR) |
We do not collect sensitive personal data (special categories under Art. 9 GDPR).
3. Payment processing
All payments are processed by Lemon Squeezy (a Stripe company), acting as Merchant of Record for our transactions. Lemon Squeezy processes payment card details, billing information, and VAT data directly. AltShift does not store or have access to your payment card details.
Lemon Squeezy and Stripe act as independent data controllers for payment and fraud prevention purposes. Their privacy policies apply to transaction data:
4. How long we retain your data
We retain personal data only for as long as necessary for the purpose for which it was collected, or as required by applicable law.
Purchase records
7 years (Romanian accounting and tax law requirements)
Support communications
2 years from last communication
Website analytics data
13 months rolling
Cookie consent records
3 years
When the retention period expires, data is securely deleted or anonymised.
5. Who we share your data with
AltShift does not sell, rent, or trade your personal data. We share data only with the following third-party service providers and independent data controllers where applicable:
Provider
Purpose & Location
Lemon Squeezy / Stripe
Payment processing and invoicing · USA (Standard Contractual Clauses apply)
Hostinger
Website hosting and infrastructure · EU / USA (Standard Contractual Clauses apply)
Email provider
Transactional email delivery · [TO BE CONFIRMED]
Analytics provider
Aggregate website analytics · [TO BE CONFIRMED]
6. International transfers
Some of our third-party service providers may transfer and process your personal data outside the European Economic Area (EEA), including in the United States. Where such transfers occur, we ensure appropriate safeguards are in place in accordance with Chapter V of the GDPR, including Standard Contractual Clauses (SCCs) adopted by the European Commission.
8. Your rights under the GDPR
If you are located in the European Union or European Economic Area, you have the following rights regarding your personal data:
- Right of access — you may request a copy of the personal data we hold about you.
- Right to rectification — you may request that we correct inaccurate or incomplete data.
- Right to erasure — you may request that we delete your personal data, subject to legal retention obligations.
- Right to restriction of processing — you may request that we limit how we use your data in certain circumstances.
- Right to data portability — you may request your data in a structured, machine-readable format where processing is based on consent or contract.
- Right to object — you may object to processing based on legitimate interests.
- Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, contact us at: contact@altshift.me
We will respond within the timelines required by applicable law.
9. Right to lodge a complaint
If you believe we have processed your personal data unlawfully, you have the right to lodge a complaint with the competent supervisory authority.
The supervisory authority in Romania is:
Authority
Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP)
Website
You may also lodge a complaint with the supervisory authority in your country of residence or place of work.
10. Children's privacy
AltShift products and services are intended exclusively for professional and organisational use. Our website and products are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors.
11. Security
AltShift implements appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, or destruction. These include HTTPS encryption for all data transmitted to and from this website, access controls, and use of reputable third-party service providers with their own security programmes.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority as required by Articles 33–34 GDPR.
12. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal obligations. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage users to review this Privacy Policy periodically for updates.