.css-70ixli{box-sizing:border-box;margin:0;min-width:0;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;position:-webkit-sticky;position:sticky;top:0rem;width:100%;height:7.2rem;padding-left:1.2rem;padding-right:1.2rem;font-size:1.2rem;font-weight:700;background:linear-gradient(180deg, rgba(1, 8, 24, 0.00) 0%, rgba(1, 8, 24, 0.30) 100%),#E93349;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;text-align:center;-webkit-box-pack:center;-ms-flex-pack:center;-webkit-justify-content:center;justify-content:center;z-index:0;color:commonWhite;}@media screen and (min-width: 48em) and (min-height: 36em){.css-70ixli{height:7.2rem;}}@media screen and (min-width: 70em) and (min-height: 36em){.css-70ixli{height:6.9rem;}}Warning: It looks like JavaScript is disabled in your browser. For the best experience, please enable JavaScript.

Privacy Policy
Last updated on 2026-02-26

What data do we process?

Personal data

Control D primarily acts as a PII Processor under applicable data protection laws. In this capacity, we process Personal Data solely on behalf of and according to the instructions of our customers.

We maintain compliance with ISO 27701 requirements specifically applicable to PII Processors to ensure that all personal information is handled with the necessary technical and organizational safeguards.

Personal Data encompasses all personal information collected, processed, stored, or transmitted by Control D, including but not limited to:

Customer data
Employee data
Vendor data
Any other personally identifiable information (PII) or protected Information, regardless of format or storage medium

Technical data

We and/or our authorized external service providers may automatically collect technical data when you visit or interact with our Website and Platform for statistical and analytical purposes.

The technical data may include, in particular:

The URL of the website you visited before using our service
The time and date of user visits and surfing habits
IP address
Browser name
Type of computer or device accessing our service
Time spent on the website and other similar technical information
Cookies/temporary files

In certain cases, it may be possible to use technical data to identify you as an individual, making it Personal Data in accordance with applicable law.

When such technical data can be linked to an identifiable person, we treat it as Personal Data and apply the same technical and organizational safeguards as described in this Policy; otherwise, this data is processed in an anonymized or aggregated format that does not allow for individual identification.

Processing purposes

We process your Personal Data for the following purposes:

Performance of the contract

Performance of the contract concluded with you based on your decision to use the Platform.

This purpose includes the following processing activities:

Informing you about updates and new functions of our services
Notifying you of updates to our Terms and Conditions and this Policy
Answering your queries about our services
Resolving any problems and disputes related to the contract between us

Training our algorithmic modelsFor this purpose, we process anonymized data that you have voluntarily provided to us when using the Platform for model training. The legal basis for such processing is the performance of the contract. We maintain compliance with SOC 2, ISO 27001, and ISO 27701 standards. You may opt out at any time of your data being used to train our models.

Improving our servicesFor this purpose, we collect anonymized information about how you use the Platform, such as your clicks, the features you use, the time you spend on each screen, and other analytical data. The legal basis for such processing is the performance of the contract. We maintain compliance with SOC 2, ISO 27001, and ISO 27701 standards.

Marketing

We may offer services via email if you have opted in to receive newsletters on our Website. By subscribing, you provide consent for Control D to process your email address for these marketing purposes.

We maintain compliance with SOC 2, ISO 27001, and ISO 27701 standards throughout this process.

There are two ways you can unsubscribe from newsletters and stop direct marketing communications. Click on the “Unsubscribe from newsletter” link in any email we send you, and we will stop sending you newsletters. Alternatively, you can revoke your consent by sending an e-mail to security@controld.com.

Third Parties

Your Personal Data is primarily processed by us. We do not share your Personal Data with any recipients unless one of the following circumstances occurs:

It is necessary in order for us to fulfill our obligations to youIn the event that our subcontractors with whom we work to operate our Platform need access to your Personal Data, we have taken appropriate contractual and organizational measures to ensure that your Personal Data is processed in accordance with all applicable laws and regulations. We only use third-party providers that maintain equivalent security standards.

It is necessary for legal reasonsWe may share your Personal Data with recipients outside of the Company if we believe in good faith that specific access to your Personal Data and the corresponding use is proportional and necessary to (i) comply with all applicable laws; (ii) detect, prevent, and resolve fraud, security, or technical problems; and/or (iii) protect the interests, property, or safety of the Company, our users, or the public, in accordance with the law. We will inform you of such processing unless prohibited by law.

Cross-Border Data Transfers

We may transfer your Personal Data to countries outside the European Union and the European Economic Area, where we cooperate with external subcontractors. We transfer your Personal Data only to a country that is considered to have an adequate level of Personal Data protection in accordance with the European Commission's decisions, or where there are appropriate measures to protect your Personal Data, such as standard contractual clauses and/or binding corporate rules. Regardless of the country in which your Personal Data is processed, the Company will take appropriate technical, legal, and organizational measures to ensure that the level of protection is the same as in the European Union and the European Economic Area. If you want to know more about the international transfer of your Personal Data and the relevant safeguards we have in place, you can contact us at security@controld.com.

If we participate in a merger, acquisition, or other reorganization, your data may be transferred as part of this transaction. We will inform you of each such transaction (for example, via a message to the e-mail address associated with your account) and explain your options in this situation.

Data Security

We take all proportional and appropriate security measures to protect us and our customers from unauthorized access or unauthorized alteration, disclosure, or destruction of Personal Data. Measures include, where appropriate, encryption, firewalls, secure devices, and access rights systems.

Privacy compliance activities will be regularly monitored and audited to ensure compliance with this Policy and applicable regulations. This includes annual reviews of processing activities, data subject rights fulfillment, and privacy impact assessments.

Should a data breach occur, despite security measures, that is likely to adversely affect your privacy, we will notify you as soon as reasonably possible.

Privacy incidents and data breaches are handled according to established procedures:

Immediate containment and assessment of privacy incidents
Notification to supervisory authorities within required timeframes
Communication to affected individuals when required
Documentation of incident response and remedial actions
Post-incident review and process improvement

Data Subject Rights

Control D will respect and facilitate data subject rights as required by applicable privacy laws:

Right of access to your Personal Data - you may at any time ask us to confirm whether or not your Personal Data is being processed, and if so, for what purposes, to what extent, to whom it is made available, how long we will process it, whether you have the right to correction, deletion, or restriction of processing, the right to object, from where we obtained your Personal Data, and whether there is automatic decision-making based on the processing of your Personal Data, including possible profiling. You also have the right to obtain a copy of your Personal Data, the first copy being provided free of charge; for subsequent copies, we may charge a reasonable administrative fee.
Right to rectification - you may at any time request that we correct or supplement your Personal Data if it is inaccurate or incomplete.
Right to erasure - you can also request the deletion of your Personal Data from our systems. We will comply with these requests unless we have a legitimate reason not to delete your Personal Data.
Right to restrict processing - you can ask us to restrict certain processing of your Personal Data. If we restrict certain processing of your Personal Data, this may lead to limits on the use of our Platform and Website.
Right to data portability - you have the right to receive your Personal Data from us in a structured, commonly used, and machine-readable format for the purpose of transferring Personal Data to another processor.
How to exercise your rights - you can exercise the rights listed above free of charge by emailing security@controld.com. Depending on your request, we may require verification of your identity.

Can you file a complaint?

If you believe that our processing of your Personal Data is not in accordance with applicable data protection laws, you may file a complaint with your local supervisory authority.