This policy describes how Rondanini Publishing Ltd (“we”, “us”) collects, uses, and protects personal data when you use the Cost Doctor platform (“Service”). It applies to the web application, CLI tool, marketing site, and associated APIs.
1. Data controller
Rondanini Publishing Ltd, registered in England and Wales.
Contact: privacy@berta.one
2. What we collect
Account data
When you sign up via our identity provider (Clerk), we receive your name, email address, and profile image. Clerk also stores authentication credentials (passwords, OAuth tokens) on their infrastructure — we do not have access to these.
Platform connection tokens (BYOK)
You may provide API tokens for cloud platforms (Railway, Render, Vercel, Netlify). These are encrypted at rest using AES-256-GCM before storage. We use them solely to perform read-only audits of your cloud infrastructure on your behalf.
Audit data
When you run an audit, we store the results (service metadata, cost estimates, recommendations) linked to your account. Community (free) tier data is retained for 7 days. Paid-tier retention periods are longer and detailed in your subscription terms.
Payment data
All payment processing is handled by Polar Software Inc., which acts as the Merchant of Record for subscription transactions. We do not collect, store, or have access to your credit card numbers or bank details. Polar shares with us: transaction IDs, subscription status, plan type, billing country, and email address for invoice purposes. See Polar’s Privacy Policy.
Usage and analytics
We use analytics to understand how the Service is used. This may include page views, feature usage, and anonymised session data. We do not use advertising or remarketing trackers.
Transactional email
We use Brevo (formerly Sendinblue) to send transactional emails such as audit reports and account notifications. Your email address is shared with Brevo solely for delivery purposes.
3. Why we collect it
| Purpose | Lawful basis (UK / EU GDPR) |
|---|---|
| Provide the Service (audits, reports, dashboard) | Article 6(1)(b) — performance of a contract |
| Process subscription payments via Polar | Article 6(1)(b) — performance of a contract |
| Send transactional emails (reports, alerts) | Article 6(1)(b) — performance of a contract |
| Improve the Service and fix bugs | Article 6(1)(f) — legitimate interest |
| Prevent fraud and abuse | Article 6(1)(f) — legitimate interest |
| Comply with legal obligations (e.g. tax records) | Article 6(1)(c) — legal obligation |
4. Third-party processors
We share personal data only with the following processors, each for a specific purpose:
| Processor | Purpose | Data shared |
|---|---|---|
| Clerk | Authentication and identity | Name, email, profile image |
| Polar | Payment processing (Merchant of Record) | Email, billing country, transaction details |
| Neon (PostgreSQL) | Database hosting | All Service data (encrypted tokens, audit results) |
| Brevo | Transactional email delivery | Email address, report content |
| Vercel | Application hosting | Server logs (IP, user-agent) |
We do not sell, rent, or otherwise transfer personal data to any third party for marketing purposes. We do not use your data to train machine-learning models.
5. International transfers
Some processors listed above operate outside the UK / EEA. Where personal data is transferred internationally, it is protected by Standard Contractual Clauses (SCCs) or an adequacy decision recognised by the UK Information Commissioner’s Office.
6. Data retention
- Community (free) tier: audit history is retained for 7 days, then automatically deleted.
- Paid tiers: audit history is retained for the duration of your subscription plus 30 days after cancellation.
- Encrypted API tokens: deleted immediately when you remove a connection or close your account.
- Account data: retained for 30 days after account closure, then deleted.
- Payment records: retained by Polar in accordance with tax and accounting obligations (typically 7 years).
7. Cookies
The Service uses essential cookies for authentication and session management. Analytics cookies (if enabled) are first-party and anonymised. We do not use advertising, remarketing, or cross-site tracking cookies.
8. Security
We implement industry-standard security measures including:
- AES-256-GCM encryption of all stored API tokens;
- HTTPS-only connections;
- authentication via a dedicated identity provider (Clerk);
- role-based access control;
- regular dependency auditing.
9. Your rights
Under UK GDPR / EU GDPR you have the right to:
- access the personal data we hold about you;
- have inaccurate data corrected;
- have your data erased (“right to be forgotten”);
- restrict or object to our processing;
- request a copy of your data in a portable format;
- withdraw consent at any time (where processing is based on consent);
- lodge a complaint with the Information Commissioner’s Office (UK) or your local data protection authority.
To exercise any of these rights, email privacy@berta.one with the word “Privacy” in the subject line. We will respond within 30 days.
10. Children
The Service is not directed at individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it promptly.
11. Changes to this policy
Material changes will be communicated via email or an in-app notice at least 14 days before they take effect. The “last updated” date at the top of this page reflects the most recent revision. Continued use of the Service after changes constitutes acceptance of the updated policy.
12. Contact
Data protection inquiries: privacy@berta.one
Data controller: Rondanini Publishing Ltd, England and Wales.