Privacy Policy

The data controller responsible for processing your personal data is Costum, reachable at support@costum.cloud.

We only collect the minimum data necessary to provide our service:

• Account data: your name and email address, provided when you register.
• Authentication data: a session token stored as a strictly necessary cookie to keep you logged in.
• Usage data: actions performed within the app (creating projects, characters, breakdowns, etc.) necessary to provide the service.

We do not collect payment data, location data, device fingerprints, or any data beyond what is strictly required to operate the platform.

• Providing the service (Art. 6.1.b GDPR): to create and manage your account and give you access to Costum.
• Authentication (Art. 6.1.b GDPR): to maintain your session securely using a token cookie.
• Service communications (Art. 6.1.b GDPR): to send transactional emails such as account verification or password reset.
• Legal obligations (Art. 6.1.c GDPR): to comply with applicable laws and regulations.

Your data is retained for as long as your account remains active. If you request account deletion, all personal data associated with your account will be permanently erased within 30 days, except where retention is required by law.

We do not sell, rent, or share your personal data with third parties for commercial, advertising, or analytics purposes.

Your data is processed exclusively to enable the functionality of Costum. We may use infrastructure providers (such as hosting or database services) that act as data processors under a data processing agreement, ensuring the same level of protection required by GDPR.

We implement appropriate technical and organizational measures to ensure the confidentiality, integrity, and availability of your data, including encrypted connections (TLS/HTTPS), access controls, and secure data storage. Our infrastructure is designed to prevent unauthorized access, loss, or disclosure.

We strive to process and store data within the European Economic Area (EEA). If any data transfer outside the EEA is necessary, we ensure adequate safeguards are in place in accordance with Chapter V of the GDPR.

As a data subject, you have the following rights:

• Right of access (Art. 15): obtain confirmation of whether we process your data and access a copy.
• Right to rectification (Art. 16): correct inaccurate or incomplete data.
• Right to erasure (Art. 17): request deletion of your data ("right to be forgotten").
• Right to restriction (Art. 18): limit how we process your data in certain circumstances.
• Right to data portability (Art. 20): receive your data in a structured, machine-readable format.
• Right to object (Art. 21): object to processing based on legitimate interests.

To exercise any of these rights, contact us at support@costum.cloud. We will respond within 30 days. You also have the right to lodge a complaint with your national supervisory authority.

Costum is currently in an early access (beta) phase. The platform is free to use during this period. This policy will be updated as new features are introduced. We will notify registered users of any material changes.

We may update this Privacy Policy periodically to reflect changes in our practices or applicable law. The date at the top of this page indicates the most recent revision.