At Custocom, we are deeply committed to protecting your data and privacy. This page outlines our data protection principles, the security measures we have in place, and your rights under global data protection laws like GDPR and CCPA.

1. Our Data Protection Principles

We process your personal data based on the following core principles:

• Lawfulness, Fairness, and Transparency: We process data lawfully and with full transparency.
• Purpose Limitation: We only collect data for specified, explicit, and legitimate purposes.
• Data Minimization: We ensure that the data we collect is adequate, relevant, and limited to what is necessary.
• Accuracy: We take reasonable steps to ensure your data is accurate and up-to-date.
• Storage Limitation: We keep your data only for as long as necessary to fulfill the purposes for which it was collected.
• Integrity and Confidentiality: We use robust security measures to protect the confidentiality and integrity of your data.

2. Data Security Measures

We have implemented state-of-the-art security measures to protect your data:

• Secure Infrastructure: Our platform's backend and database are managed by Convex, which provides a secure, serverless environment with built-in data protection.
• Authentication: User authentication and account management are handled by Clerk, a leading, secure identity platform that protects your credentials.
• Payment Processing: All payments are processed by Stripe, a PCI-DSS compliant provider, ensuring your financial data is handled with the highest level of security.
• Encryption: All data is encrypted in transit using TLS 1.2+ and encrypted at rest, safeguarding your information from unauthorized access.
• Error Monitoring: We use Sentry for error monitoring, which helps us identify and fix security vulnerabilities proactively. Sentry is configured to avoid capturing sensitive personal data.

3. Your Data Protection Rights

In accordance with GDPR and CCPA, you have the right to:

• Access and Correct Your Data: You can view and update your personal information directly from your account settings, managed by Clerk.
• Delete Your Data: You have the right to be forgotten and can permanently delete your account and associated data from your account settings.
• Object to or Restrict Processing: You can object to or request restrictions on certain data processing activities.

To exercise any of these rights, please use your account dashboard or contact us at the email below.

4. Data Retention Policy

We retain your personal data for as long as your account is active or as needed to provide you with our Services. After you delete your account, your data will be permanently removed from our production systems within a specified period, subject to any legal obligations to retain certain information.

5. Contact for Data Protection Inquiries

For any questions or concerns regarding your data protection, please contact our data protection team at: sayan@custocom.com