Privacy policy
Last updated
This policy explains how Gravitek SASU ("we") processes personal data collected through CloudCompass.eu.
Data controller
Gravitek SASU, 8 avenue Gabriel Roquelaure, 13011 Marseille, France. Data Protection Officer: dpo@gravitek.io.
Data we collect
- Account data — Email address, display name, and a hashed password (never stored in clear text).
- Organization data — Organization name, sector, size, country.
- Assessment data — Answers to assessment questions, computed scores, and the optional free-text justifications you provide.
- Technical logs — IP address, user agent, connection timestamps. Used for security and abuse prevention only.
Why we process your data
- Provide the cloud sovereignty self-assessment service.
- Send transactional communications (email verification, organization invitations).
- Prevent fraud and abuse.
- Produce anonymized industry benchmarks (only if you opt in).
Legal bases
- Contract execution — for account, organization, and assessment data.
- Consent — for marketing communications and statistical aggregation (both opt-in).
- Legitimate interest — for security logs and fraud prevention.
Subprocessors
We rely on the following processors, all based in the European Union:
| Subprocessor | Function | Location |
|---|---|---|
| Scaleway SAS | Application hosting and PostgreSQL database | France (region fr-par) |
| Mindbaz SAS (Sweego) | Transactional email delivery | France (Lille, RCS 893278382) |
| Plausible Insights OÜ | Cookieless audience measurement (no personal data) | European Union (Estonia) |
None of our subprocessors are subject to the U.S. CLOUD Act.
How long we keep your data
- Active account: for as long as you use the service.
- Deleted account: data is removed immediately, except where the law requires longer retention.
- Technical logs: 6 months.
- Assessments: kept while your organization exists, so you can track your progress over time.
Your GDPR rights
You have the right to access, rectify, erase, port, object to, or restrict processing of your personal data. Contact dpo@gravitek.io — we respond within one month. If you believe your rights are not respected, you can lodge a complaint with the CNIL (cnil.fr).
Cookies and local storage
CloudCompass uses essential cookies only: an authentication session cookie and a locale preference cookie. Your theme preference (dark/light) is stored in browser localStorage. Our audience measurement (Plausible) is cookieless and collects no personal data, so we use no tracking cookies and display no cookie banner.
Updates to this policy
The "Last updated" date at the top of this page reflects the most recent revision. We notify users by email of any substantial change at least 30 days before it takes effect.