Privacy Policy

Last updated: October 1, 2025

Introduction

At Cerast Intelligence, we are committed to maintaining the trust and confidence of our users. In this Privacy Policy, we've provided detailed information on when and why we collect your personal information, how we use it, and how we keep it secure.

Information We Collect

Account Information

When you register for an account, we collect:

Email Registration: If you register with email, we collect your email address, name, and password (stored securely using industry-standard hashing).
OAuth Registration: If you register via Google or GitHub, we collect your email address, name, and profile information provided by these services. We do not receive or store your Google or GitHub passwords.
Referral Codes: If you use or share a referral code, we track this information for credit allocation purposes.

Two-Factor Authentication

If you enable two-factor authentication (2FA), we store encrypted authentication data necessary to verify your identity during login. This data is stored securely and cannot be accessed by our staff.

Usage Data

When you use our platform, we collect:

IP addresses and device information for security and analytics
Search queries and patterns (to provide the service)
Search results accessed and purchased
Coin transaction history
Login history and session data
Browser type, operating system, and device identifiers

Payment Information

Stripe Payment Processing

All payment processing is handled by our third-party payment provider, Stripe. Cerast Intelligence does not collect, process, or store your payment card details, bank account information, or other financial data.

Transaction Information

We receive limited transaction information from Stripe, including:

Transaction ID and payment status
Amount paid and currency
Timestamp of transaction
Payment method type (e.g., "card" without actual card details)

The collection, use, and storage of your payment information are governed by Stripe's Privacy Policy.

Third-Party Authentication Services

Google OAuth

When you authenticate via Google, we receive your email address, name, and profile picture from Google. We do not receive your Google password or access to other Google services. Google's use of your information is governed by Google's Privacy Policy.

GitHub OAuth

When you authenticate via GitHub, we receive your email address, name, and profile information from GitHub. We do not receive your GitHub password or access to your repositories. GitHub's use of your information is governed by GitHub's Privacy Statement.

Gravatar Profile Pictures

We use Gravatar to display profile pictures based on your email address. When you view pages with profile pictures, your browser may request images from Gravatar's servers (gravatar.com). Gravatar is operated by Automattic and their use of your information is governed by Automattic's Privacy Policy. We do not send your email address to Gravatar - your browser requests the image using a hash of your email address.

How We Use Your Information

We use the information we collect for the following purposes:

Service Delivery: To provide, maintain, and improve our search services and security intelligence platform
Account Management: To create and manage your account, process authentication, and enable 2FA
Payment Processing: To process coin purchases and track your account balance
Communication: To send service-related notifications, security alerts, and respond to your inquiries
Security: To detect, prevent, and address fraud, abuse, security issues, and technical problems
Analytics: To understand usage patterns and improve our services
Compliance: To comply with legal obligations and enforce our Terms of Service
Referral Program: To track and process referral rewards

Data Sharing and Disclosure

Third-Party Service Providers

We share your information with trusted third-party service providers who assist us in operating our platform:

Stripe: For payment processing
Google/GitHub: For OAuth authentication (only when you choose these login methods)
Cloud Infrastructure Providers: For hosting and data storage

These service providers are bound by confidentiality agreements and are only permitted to use your information to provide services to us.

Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).

Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal information may be transferred to the acquiring entity.

Data Retention

We retain your personal information for as long as your account is active or as needed to provide you services. If you request account deletion, we will delete or anonymize your personal information, except where we are required to retain it for legal, regulatory, or security purposes.

Account Data: Retained until account deletion is requested
Transaction History: Retained for tax and accounting purposes (typically 10 years under German law)
Search History: Retained until account deletion
Security Logs: Retained for up to 90 days for security monitoring

Your Rights Under GDPR

As a German-based service, we comply with the General Data Protection Regulation (GDPR). You have the following rights:

Right of Access: You can request a copy of the personal information we hold about you
Right to Rectification: You can request correction of inaccurate or incomplete information
Right to Erasure: You can request deletion of your personal data (subject to legal retention requirements)
Right to Restrict Processing: You can request limitation on how we use your data
Right to Data Portability: You can request your data in a structured, machine-readable format
Right to Object: You can object to certain types of processing
Right to Withdraw Consent: You can withdraw consent for data processing at any time

To exercise any of these rights, please contact us at [email protected].

Data Security

We implement appropriate technical and organizational measures to protect your personal information:

Password encryption using industry-standard bcrypt hashing
Encrypted data transmission using HTTPS/TLS
Secure authentication with optional two-factor authentication (2FA)
Regular security audits and monitoring
Access controls and employee confidentiality agreements
Secure payment processing through PCI-compliant Stripe infrastructure

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

Cookies and Tracking

Essential Cookies

We use essential cookies for authentication and session management. These cookies are necessary for the service to function and cannot be disabled.

Analytics

We may use analytics tools to understand how users interact with our service. This helps us improve functionality and user experience.

Children's Privacy

Our service is not intended for users under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us immediately.

International Data Transfers

Your information may be transferred to and processed in countries other than Germany. When we transfer data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, regulatory, or operational reasons. We will notify you of material changes by email or through a prominent notice on our service. Continued use of the service after changes constitutes acceptance of the updated policy.

Contact Us

If you have any questions about this Privacy Policy, your personal data, or wish to exercise your rights, please contact us:

Email: [email protected]
Mail: Cerast Intelligence Einzelunternehmen, Dr. Dietz Straße 23, 36043 Fulda, Germany

Data Controller: Cerast Intelligence Einzelunternehmen, represented by Daniel Riebel, Dr. Dietz Straße 23, 36043 Fulda, Germany