🛡 Privacy Policy
Effective Date: April 30, 2025
CrossBridge (“we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and store your data when you access our services through https://crossbridge.rs and https://analytics.crossbridge.rs.
1. Data We Collect
a. Authentication Data
When you create or log into your account via:
- Google OAuth
- Microsoft OAuth
- Email and password
We collect the following personal data:
- Name
- Email address
- Profile photo
This data is stored securely via Supabase, our authentication provider.
b. Client ERP Data (Analytics App Users)
If you are a client using our Analytics App, we process and store business data from your ERP system, including:
- Sales and profit information
- Orders and inventory
- Financial performance metrics
- Supply chain data
- Any additional ERP data relevant to your analytics dashboards
This data is hosted exclusively on our own secured Linux server infrastructure and is not stored in Supabase or with any third-party service.
2. How We Use Your Data
Authentication Data:
- To authenticate and log you into the platform
- To display your profile (e.g., name or profile picture)
- To maintain account security and manage user sessions
ERP Data:
- To generate real-time dashboards and analytics
- To help you monitor performance, trends, and KPIs
- To fulfill service and support obligations outlined in our agreement
We never sell, lease, or use your data for advertising or unrelated purposes.
3. Legal Basis for Processing (GDPR)
We process your data under the following legal bases:
- Consent: When you explicitly authorize OAuth login or submit your email/password.
- Contractual necessity: To provide analytics services based on your agreement with us.
- Legitimate interest: To maintain and improve our platform's functionality and security.
4. Data Storage and Security
- Authentication data is stored with Supabase, which follows strict security practices.
- ERP data is stored on our private, access-controlled Linux servers. All access is logged and restricted to essential personnel.
- All connections are secured with HTTPS and encryption protocols.
5. Data Retention
- Authentication data is retained for as long as your account is active. You may request deletion at any time.
- ERP data is retained based on our service agreement with you. Upon termination or request, your data will be permanently deleted within 30 days, unless otherwise required for legal compliance.
6. Your Rights (EU/EEA & GDPR)
Under the GDPR, you have the right to:
- Access your personal data
- Correct inaccurate or outdated information
- Request deletion ("right to be forgotten")
- Withdraw consent (e.g., revoke OAuth access)
- Request data portability
- Lodge a complaint with your national data protection authority
To exercise any of these rights, contact: support@crossbridge.rs
7. Third Parties We Use
We rely on the following services:
- Supabase (authentication only)
- Google & Microsoft (OAuth login only)
We do not share ERP data with any third-party service provider unless legally required or contractually authorized by you.
8. International Data Transfers
All personal and ERP data is stored in data centers under our control, located within jurisdictions that comply with EU data protection laws. We do not transfer your data outside the EU/EEA unless adequate safeguards are in place.
9. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will notify users via email or in-app message and update the date at the top.
10. Contact Us
For any questions, data access requests, or complaints, contact:
CrossBridge
Email: support@crossbridge.rs