Privacy Policy

as of October 2024

1. Introduction

This Privacy Policy outlines how tppvalidation.com (the "Service") collects, processes, and safeguards information provided by users. We are committed to ensuring your privacy and data protection. Although our services do not fall under the EU General Data Protection Regulation (GDPR), we respect privacy best practices and adhere to applicable legal frameworks within the EU and EEA.

2. Information We Collect

• Personal Data: We do not collect or process personal data except as necessary for the performance of the Service.

• Log Data: We collect operational log data, including request details and timestamps. This data is used for service monitoring, troubleshooting, and for users to access their own logs related to service usage.

3. How We Use Data

We aggregate and process data exclusively from trusted sources, such as EU regulatory bodies, the EBA, and Qualified Trust Service Providers (QTSPs). These trusted sources are identified and listed on the EU/EEA Trusted Lists in accordance with applicable regulatory standards. We only use data that is publicly available and non-classified.

Additionally, submitted certificates (in public PEM format) are considered public, non-sensitive data. These certificates are stored to enhance the service in several ways, including reducing service latency, automating tasks, and improving the overall service performance over time.

All data is used solely to provide validation services to our clients, including verifying regulatory approval and certificate validation, in full compliance with legal and regulatory frameworks.

4. Data Resilience and Consistency

We implement high standards of data resilience and consistency to protect the integrity of our users' data. Industry-standard encryption and data protection techniques, including the use of 256-bit hashes, are employed to secure sensitive data. These hashes are used to ensure data integrity, verifying that it remains consistent and unaltered throughout its lifecycle.

Our system is designed to maintain full traceability to the source of origin, allowing complete transparency in data handling and validation processes. This traceability ensures all actions on data are auditable and verifiable, enhancing security and accountability.

In the unlikely event of a data discrepancy or failure, we have implemented robust data recovery and consistency protocols to preserve data integrity at all times.

5. Data Retention

We retain log data as necessary for operational purposes, such as service monitoring and auditing, in accordance with our data retention policies and applicable legal requirements.

Data is retained for a reasonable period, after which it is deleted, unless there is a specific legal or operational requirement to retain it for a longer period.

6. Data Privacy and User Information

Our service does not fall under the scope of the GDPR; however, we ensure there is no direct link between a user's API Key and their personal details. Any personal information we do collect is strictly limited to sales and subscription purposes only and is not associated with API key usage or any operational processes.

By terminating a subscription, the user acknowledges and agrees that all associated logs will be erased at the end of the subscription period unless the subscription is renewed or extended.

7. Changes to this Policy

We may update this Privacy Policy periodically to reflect changes in our service or legal obligations. All updates will be posted on our website, and we recommend reviewing this page regularly.