Data Protection Information

Last updated:

1. Data Controller

ReefSecure PasswordShare
Email: helpdesk@pluritech.com
Data Protection Inquiries: helpdesk@pluritech.com

2. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR:

  • Article 6(1)(a) - Consent: For non-essential data processing
  • Article 6(1)(b) - Contract: To provide our password sharing service
  • Article 6(1)(f) - Legitimate Interest: For security monitoring and service improvement
  • Article 6(1)(c) - Legal Obligation: To comply with applicable laws

3. Categories of Personal Data

Category Examples Purpose Retention
Secret Content Passwords, sensitive information Service provision Until expiration
Technical Data IP address, browser type, device info Security monitoring 30 days
Security Data Access logs, failed attempts Security monitoring 90 days

4. Data Processing Purposes

4.1 Service Provision

  • Encrypting and storing your shared secrets
  • Managing expiration and view limits
  • Providing secure access to shared content
  • Automatically deleting expired content

4.2 Security and Monitoring

  • Detecting and preventing abuse
  • Monitoring for security threats
  • Maintaining service integrity
  • Complying with legal requirements

5. Data Recipients

We may share your data with:

  • Service Providers: Hosting and security providers bound by data protection agreements
  • Legal Authorities: When required by law or to protect our rights
  • Business Transfers: In case of merger or acquisition (with notice)

6. International Transfers

Your data may be transferred to countries outside the EEA. We ensure adequate protection through:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission
  • Binding Corporate Rules where applicable
  • Certification schemes and codes of conduct

7. Your Rights

7.1 Access Rights (Article 15 GDPR)

You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and access to the personal data.

7.2 Rectification Rights (Article 16 GDPR)

You have the right to obtain the rectification of inaccurate personal data concerning you.

7.3 Erasure Rights (Article 17 GDPR)

You have the right to obtain the erasure of personal data concerning you without undue delay.

7.4 Restriction Rights (Article 18 GDPR)

You have the right to obtain restriction of processing where certain conditions apply.

7.5 Data Portability (Article 20 GDPR)

You have the right to receive your personal data in a structured, commonly used format.

7.6 Objection Rights (Article 21 GDPR)

You have the right to object to processing of your personal data for direct marketing or legitimate interests.

7.7 Withdrawal of Consent

Where processing is based on consent, you have the right to withdraw consent at any time.

8. Data Security Measures

We implement appropriate technical and organizational measures to protect your data:

  • Encryption: AES-256 encryption for data at rest
  • Access Controls: Limited access to authorized personnel only
  • Network Security: Secure server infrastructure and monitoring
  • Data Minimization: We only collect and store data necessary for the service

9. Data Breach Procedures

In case of a data breach, we will:

  • Notify the supervisory authority within 72 hours
  • Inform affected individuals without undue delay
  • Take immediate steps to contain and remediate the breach
  • Conduct a thorough investigation and implement preventive measures

10. Automated Decision Making

We do not use automated decision-making or profiling that produces legal effects or significantly affects you.

11. Children's Data

Our service is not intended for children under 16. We do not knowingly collect personal data from children under 16 without parental consent.

12. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe we have not handled your personal data in accordance with GDPR. The relevant supervisory authority depends on your location.

13. Contact Information

To exercise your rights or for any data protection inquiries:

  • General Support: helpdesk@pluritech.com
  • Data Protection Inquiries: helpdesk@pluritech.com
  • Response Time: We will respond within 30 days