Privacy Policy

1. Introduction

Enactory Ltd ("we," "our," or "us") operates aerlogs ("the Service"), a changelog and product updates platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

Data Controller: Enactory Ltd (Company Number: 15664650)

We are committed to protecting your privacy and complying with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR).

2. Information We Collect

2.1 Information You Provide to Us

Account Information: Email address, password (encrypted), organization name, display name.

Content You Create: Changelog posts and drafts, images and files you upload, custom themes and branding, API keys you generate.

2.2 Information Collected Automatically

Usage Data: IP address, browser type and version, device information, pages visited and features used, time and date of visits, referring URLs.

Analytics Data: Changelog view counts (aggregated daily), emoji reactions on releases, public page impressions, widget interactions.

3. How We Use Your Information

We process your personal data for the following purposes:

• Service Delivery: Provide and maintain the aerlogs platform, authenticate users, store and display your content.
  Legal Basis: Performance of a contract (GDPR Art. 6(1)(b))
• Product Improvements: Analyze usage patterns to improve features, debug technical issues, monitor system performance.
  Legal Basis: Legitimate interests (GDPR Art. 6(1)(f))
• Communications: Send product updates, provide customer support, send marketing communications (with your consent).
  Legal Basis: Consent (GDPR Art. 6(1)(a)) for marketing

4. Data Sharing and Disclosure

We do not sell your personal data.

We share information only with trusted third-party service providers:

5. Data Retention

We retain your personal data only as long as necessary:

• Account information: Duration of account + 90 days after deletion
• Published content: Duration of account + 90 days after deletion
• Analytics data: 3 years from date of collection
• Soft-deleted releases: 90 days (then permanently deleted)

6. Your Rights

Under UK GDPR and EU GDPR, you have the following rights:

• Right of Access: Request a copy of your personal data (GDPR Art. 15)
• Right to Rectification: Correct inaccurate personal data (GDPR Art. 16)
• Right to Erasure: Request deletion of your data (GDPR Art. 17)
• Right to Data Portability: Receive your data in a machine-readable format (GDPR Art. 20)
• Right to Object: Opt out of processing based on legitimate interests (GDPR Art. 21)
• Right to Lodge a Complaint: Contact the ICO (UK) or your local data protection authority (EU)

How to Exercise Your Rights: Email us at . We will respond within 30 days.

7. Security Measures

We implement industry-standard security practices to protect your data:

• Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Role-based permissions; application-level data isolation ensures customers can only access their own data
• Monitoring: Automated security scanning and anomaly detection
• Incident Response: 72-hour breach notification process (GDPR Art. 33)

8. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights:

• Right to Know: What personal information we collect, use, and share
• Right to Delete: Request deletion of your personal data
• Right to Opt-Out: Opt out of the "sale" of personal information (we do not sell data)
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights

9. Contact Us

For privacy inquiries, data requests, or concerns: