Privacy Policy
Last updated: December 18, 2025
This Privacy Policy explains how Colluno ("we", "us", or "our") collects, uses, discloses, and safeguards your information when you use our collaboration platform. We are committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
1. Data Controller
Colluno is the data controller responsible for your personal data. If you have any questions about this Privacy Policy or our data practices, please contact us at:
Email: privacy@colluno.com
Website: https://colluno.com
Email: privacy@colluno.com
Website: https://colluno.com
2. Information We Collect
We collect information you provide directly and information collected automatically:
Information You Provide:
• Account information (email address, name, password)
• Business information (company details, billing addresses)
• Content you upload (posts, media files, documents)
• Communication data (chat messages, comments)
• Invoice and payment information
Information Collected Automatically:
• Device and browser information
• Usage data and interaction patterns
• Log data (IP address, access times, pages viewed)
Information You Provide:
• Account information (email address, name, password)
• Business information (company details, billing addresses)
• Content you upload (posts, media files, documents)
• Communication data (chat messages, comments)
• Invoice and payment information
Information Collected Automatically:
• Device and browser information
• Usage data and interaction patterns
• Log data (IP address, access times, pages viewed)
3. How We Use Your Information
We process your personal data for the following purposes:
• Service Delivery: To provide, maintain, and improve our collaboration platform
• Account Management: To create and manage your user account
• Communication: To send service-related notifications and respond to inquiries
• Security: To detect, prevent, and address fraud and security issues
• Legal Compliance: To comply with legal obligations and enforce our terms
• Service Delivery: To provide, maintain, and improve our collaboration platform
• Account Management: To create and manage your user account
• Communication: To send service-related notifications and respond to inquiries
• Security: To detect, prevent, and address fraud and security issues
• Legal Compliance: To comply with legal obligations and enforce our terms
4. Legal Basis for Processing (GDPR Article 6)
We process your personal data based on the following legal grounds:
• Contract Performance: Processing necessary to fulfill our service agreement with you
• Legitimate Interests: For business operations, security, and service improvement
• Consent: Where you have given explicit consent for specific processing activities
• Legal Obligation: To comply with applicable laws and regulations
• Contract Performance: Processing necessary to fulfill our service agreement with you
• Legitimate Interests: For business operations, security, and service improvement
• Consent: Where you have given explicit consent for specific processing activities
• Legal Obligation: To comply with applicable laws and regulations
5. Cookies and Local Storage
We use cookies and browser storage to provide essential functionality:
Essential Cookies:
• refresh_token - Secure, HttpOnly authentication cookie for session management
Local Storage:
• language - Your preferred language setting
• theme - Your dark/light mode preference
• chat-panel-sizes - Layout preferences for the chat interface
• error-boundary-logs - Temporary error logs for troubleshooting (automatically cleared)
These storage mechanisms are essential for the service to function properly and do not require separate consent under GDPR as they are strictly necessary.
Essential Cookies:
• refresh_token - Secure, HttpOnly authentication cookie for session management
Local Storage:
• language - Your preferred language setting
• theme - Your dark/light mode preference
• chat-panel-sizes - Layout preferences for the chat interface
• error-boundary-logs - Temporary error logs for troubleshooting (automatically cleared)
These storage mechanisms are essential for the service to function properly and do not require separate consent under GDPR as they are strictly necessary.
6. Data Sharing and Third Parties
We may share your information with:
• Cloud Infrastructure: Cloudflare R2 for secure file storage
• Email Service Providers: For transactional and notification emails
• Analytics (Optional): Google Tag Manager if enabled by your account
We do not sell your personal data to third parties. Any data sharing is governed by appropriate data processing agreements ensuring GDPR compliance.
• Cloud Infrastructure: Cloudflare R2 for secure file storage
• Email Service Providers: For transactional and notification emails
• Analytics (Optional): Google Tag Manager if enabled by your account
We do not sell your personal data to third parties. Any data sharing is governed by appropriate data processing agreements ensuring GDPR compliance.
7. International Data Transfers
Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place, including:
• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions where applicable
• Binding Corporate Rules where available
• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions where applicable
• Binding Corporate Rules where available
8. Data Retention
We retain your personal data only as long as necessary:
• Account Data: For the duration of your account plus 30 days after deletion
• Business Records: As required by applicable tax and commercial laws (typically 7-10 years)
• Security Logs: Up to 90 days for security monitoring
• Backup Data: Up to 30 days in backup systems
• Account Data: For the duration of your account plus 30 days after deletion
• Business Records: As required by applicable tax and commercial laws (typically 7-10 years)
• Security Logs: Up to 90 days for security monitoring
• Backup Data: Up to 30 days in backup systems
9. Your Rights Under GDPR
You have the following rights regarding your personal data:
• Right of Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restriction: Limit how we process your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
To exercise these rights, contact us at privacy@colluno.com. We will respond within 30 days.
• Right of Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restriction: Limit how we process your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
To exercise these rights, contact us at privacy@colluno.com. We will respond within 30 days.
10. Data Security
We implement appropriate technical and organizational measures to protect your data:
• Encryption in transit (TLS/HTTPS) and at rest
• Secure password hashing (bcrypt)
• Role-based access controls
• Regular security assessments
• Secure, HttpOnly authentication cookies
• Encryption in transit (TLS/HTTPS) and at rest
• Secure password hashing (bcrypt)
• Role-based access controls
• Regular security assessments
• Secure, HttpOnly authentication cookies
11. Children's Privacy
Our service is not directed to individuals under 16 years of age. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.
13. Complaints
If you believe we have not handled your personal data properly, you have the right to lodge a complaint with a supervisory authority. In Bulgaria, this is the Commission for Personal Data Protection (CPDP). You can also contact your local data protection authority.
14. Contact Us
For any questions about this Privacy Policy or our data practices:
Email: privacy@colluno.com
Website: https://colluno.com/contact
Email: privacy@colluno.com
Website: https://colluno.com/contact