This Privacy Policy describes how Backend-Core (“Backend-Core,” “we,” “us,” or “our”) collects, uses, discloses, and protects personal information when you visit our websites (such as api.backend-core.com), contact us, or use our cloud services (collectively, the “Services”). It is designed to support transparency obligations under the EU General Data Protection Regulation (“GDPR”), the UK GDPR (where applicable), and applicable US state privacy laws such as the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA/CPRA”). This policy does not limit any rights you may have under law.
1. Data controller
For personal data processed in connection with the Services, the data controller is:
Alona Umaneca, operating as Backend-Core
Parka iela 11, Salaspils, LV-2169, Latvia
Contact: use the details published at Contact once operational mailboxes are configured.
2. Scope
This Policy applies to personal information we process about visitors, prospective customers, customers, and authorized users who interact with our marketing websites or administer Backend-Core accounts. If you are an employee of a business customer and your employer configures Services that process end-user data, your employer may be an independent controller for such data. Where applicable, customer agreements and data processing terms govern customer-controlled content and configuration.
3. Personal information we collect
Depending on how you interact with us, we may collect:
- Identity and contact data: name, email address, company name, phone number (if provided), job title (if provided).
- Account and billing data: account identifiers, subscription details, invoices, payment transaction references (payment card data is typically handled by payment processors, not stored by us as full card numbers).
- Technical and usage data: IP address, device identifiers, browser type, operating system, approximate location derived from IP, log timestamps, pages viewed, referring URLs, diagnostics from CLI/SDK integrations where you enable them.
- Communications: messages you send via forms, email, or support channels, including attachments you voluntarily provide.
- Cookie and similar technologies data: as described in our Cookie Policy.
We do not intentionally collect sensitive categories of personal information (such as health information) through our marketing site. Please do not submit such information unless a separate agreement explicitly covers it.
4. How we use personal information
We use personal information for purposes including:
- Providing, maintaining, securing, and improving the Services;
- Creating and administering accounts; authenticating users;
- Processing payments and fulfilling contractual obligations;
- Customer support, troubleshooting, and incident response;
- Sending service-related notices and (where permitted) marketing communications with appropriate consent or opt-out;
- Analyzing usage in aggregated or de-identified form to understand product performance;
- Complying with law, regulatory requests, and enforcing our Terms of Service;
- Protecting rights, privacy, safety, and property of Backend-Core, customers, and the public.
5. Legal bases (GDPR / UK GDPR)
Where GDPR or UK GDPR applies, we rely on one or more of the following legal bases:
- Contract: processing necessary to perform our agreement with you or your organization;
- Legitimate interests: securing Services, improving features, fraud prevention, internal analytics that are not overridden by your rights;
- Consent: where required for certain cookies, marketing emails, or optional analytics;
- Legal obligation: tax, accounting, or lawful requests from authorities.
6. How we share personal information
We may share personal information with service providers that assist us (for example hosting, email delivery, payment processing, analytics—when consented, customer support tooling). We enter into agreements that require processors to protect personal data and process it only on our instructions where required by law. We may disclose information if required by law, or to protect Backend-Core and users. Business transfers (such as a merger) may involve transferring information subject to appropriate safeguards and notices.
7. International transfers
We may process data in the European Economic Area (“EEA”), the United Kingdom, the United States, and other regions where we or our providers operate. Where GDPR applies and data is transferred outside the EEA/UK, we use appropriate safeguards such as Standard Contractual Clauses approved by the European Commission (and the UK Addendum where relevant), supplemented by technical and organizational measures where appropriate.
8. Retention
We retain personal information for as long as necessary to fulfill the purposes described in this Policy, unless a longer period is required by law. Criteria include the duration of the customer relationship, statutory limitation periods, and the need to resolve disputes or enforce agreements. Backup systems may retain residual copies for a limited period consistent with industry practice.
9. Security
We implement administrative, technical, and organizational measures designed to protect personal information against accidental loss, misuse, unauthorized access, disclosure, or alteration. No method of transmission or storage is completely secure; we cannot guarantee absolute security. Please use strong credentials and protect access tokens used with our Services.
10. Your rights
Depending on your location, you may have rights to access, rectify, erase, restrict processing, object to certain processing, data portability, and withdraw consent without affecting the lawfulness of processing prior to withdrawal. You may also lodge a complaint with your local supervisory authority.
EEA/UK residents: you may exercise GDPR rights by contacting us using the details in Section 1. We may need to verify your request.
California residents (CCPA/CPRA): you may have the right to know, delete, and correct certain personal information, and to opt out of “sale” or “sharing” of personal information for cross-context behavioral advertising where those terms apply. We do not knowingly sell personal information of minors under 16. To submit requests, use our contact methods once published; we will not discriminate for exercising rights where prohibited by law.
Other US states: additional privacy laws may grant comparable rights; we will honor applicable requests in line with law.
11. Automated decision-making
We do not use fully automated decision-making that produces legal or similarly significant effects solely based on automated processing for consumer marketing without human involvement. If this changes, we will update this Policy and provide required disclosures.
12. Children
The Services are not directed to children under 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us and we will take appropriate steps to delete it.
13. Changes to this Policy
We may update this Privacy Policy from time to time. We will post the revised version with an updated “Last updated” date and, where legally required, provide additional notice (such as email or an in-product banner). Continued use after the effective date constitutes acceptance of the updated Policy where permitted by law.
14. Contact
Questions about this Policy or privacy requests: use the contact details on our Contact page. For EU/EEA matters, you may also contact your supervisory authority.