CEBuddy
Sign in Register

Privacy Policy

Last updated: 2026. This policy is written in English; it is a starting draft and should be reviewed by a qualified data-protection adviser before you rely on it.

CEBuddy ("the Service") is a free, hosted compliance-support workbench. This policy explains what personal data the Service processes, why, and your rights under the EU General Data Protection Regulation (GDPR).

Who is responsible

The operator who hosts this instance of CEBuddy is the data controller. Contact details for the controller are shown at the bottom of this page or on the sign-in screen.

What we store

  • Account data — your email address, display name, language and theme preferences, and authentication credentials (passwords are stored only as salted hashes, never in clear text).
  • Project content you enter — machine descriptions, hazards, safety functions, standards, and any files you upload to the evidence vault. This may include commercially confidential design information and the names, roles, and contact details of people you record as team members or signing authorities.
  • Audit trail — an append-only, tamper-evident record of changes to your projects (who changed what, and when), kept for the integrity of the compliance record.
  • Operational logs — technical logs needed to run and secure the Service, retained for a limited period.

Why we process it (legal basis)

  • To provide the Service you have asked to use (performance of a service / your consent on registration).
  • To keep the Service secure and to maintain the integrity of the compliance audit trail (legitimate interests, and to meet record-keeping expectations such as the 10-year technical-file retention period in the Machinery Regulation).

Where your data is held

Data is stored on servers located in the European Union. We do not sell personal data and do not share it with third parties except service providers strictly necessary to operate the Service (for example, email delivery), under appropriate safeguards.

Retention

Project and audit data is retained while your account is active and, where you keep it, for as long as you need it to support the 10-year technical-file retention obligation. You can export or delete your data at any time (see below). Account data is deleted when you delete your account, subject to any minimal records we must keep for legal or security reasons.

Your rights

Under the GDPR you have the right to access, rectify, export (data portability), and erase your personal data, to restrict or object to processing, and to lodge a complaint with a supervisory authority. You can export a complete copy of any project (including evidence and the audit trail) at any time, and you can request deletion of your account and its data. To exercise these rights, use the in-app controls where available or contact the operator below.

Cookies

The Service uses only strictly necessary cookies: an authentication cookie when you are signed in, and small preference cookies for your chosen language and theme. No advertising or third-party tracking cookies are used.

Contact

Questions about this policy or your data should be sent to the operator of this CEBuddy instance. If a contact address has not yet been configured, please ask the administrator who gave you access.