Data Processing Rules

This document describes how ClearEditor processes personal data in compliance with applicable data protection laws. It supplements our Privacy Policy with technical and procedural details.

Data Controller

ClearEditor acts as the data controller for personal data collected through our service. We determine the purposes and means of processing your data.

Categories of Data

• Identity data: Name, email, account credentials.
• Image data: Photos uploaded for processing.
• Technical data: IP address, browser type, device information.
• Usage data: Feature usage, processing history, preferences.

Processing Purposes

• Service delivery: Processing images according to your requests.
• Account management: Authentication, billing, support.
• Security: Fraud prevention, abuse detection, access logging.
• Improvement: Analytics to enhance service quality (anonymized).

Data Storage

Data is stored in secure data centers with industry-standard protections. We offer regional processing options to meet data residency requirements.

• Account data: Encrypted at rest and in transit.
• Images: Stored temporarily, deleted after 30 days by default.
• Logs: Retained for security purposes, anonymized after 90 days.

Sub-processors

We use trusted sub-processors for infrastructure and operations. All sub-processors are bound by data protection agreements meeting legal requirements.

• Cloud infrastructure providers (data hosting)
• Analytics services (anonymized usage data only)
• Payment processors (financial data only)

International Transfers

When data is transferred outside your region, we use approved transfer mechanisms including Standard Contractual Clauses to ensure adequate protection.

Security Measures

• TLS 1.3 encryption for all data in transit.
• AES-256 encryption for data at rest.
• Role-based access controls with audit logging.
• Regular security assessments and penetration testing.
• Incident response procedures with notification protocols.

Data Subject Rights

You have the right to access, rectify, erase, restrict processing, and port your data. Requests are processed within 30 days. Contact support@cleareditor.io to exercise your rights.

Retention Periods

• Uploaded images: 30 days (configurable shorter)
• Account data: Duration of account plus 90 days
• Transaction records: 7 years (legal requirement)
• Security logs: 90 days, then anonymized

Updates

We may update these rules to reflect changes in our practices or legal requirements. Material changes will be communicated via email or service notifications.

Contact

For data processing inquiries, contact our data protection team at support@cleareditor.io.