GDPR Data Protection Statement

At Nordcrit Labs, protecting your personal data and digital infrastructure is our mission — both technically and legally. We fully comply with the European Union’s General Data Protection Regulation (GDPR).

What We Collect

• Log data: Technical logs during system usage for troubleshooting and security auditing.
• User information: Names, email addresses, and contact data when registering or communicating with us.
• Infrastructure metadata: When using the Cloud version of Nordcrit ATLAS, the following data may be stored:
  • Hostnames
  • IP addresses
  • System identifiers
  • Configuration metadata

Where Your Data Is Stored

All data is securely stored on EU-based servers under strict data protection policies.

Retention & Deletion

All data will be automatically deleted after 36 months of inactivity. You will receive an automated notice prior to deletion.

Your Rights

According to GDPR, you have the right to:

• Access your personal data
• Correct inaccurate data
• Request data deletion
• Object to certain processing operations
• Export your data (data portability)

To exercise your rights, contact us at privacy@nordcrit.com.

Third-Party Access

We do not sell or share your data with third parties unless required by law or with your explicit consent. All subprocessors are contractually bound to GDPR standards.

Legal Basis

We process data based on:

• Legitimate interest (e.g., analytics, security)
• Contractual necessity (e.g., service delivery)
• Consent (e.g., for newsletters or optional features)