Privacy Policy

This Privacy, Data Protection, Confidentiality & Cookie Policy (“Policy”) explains how ReportingLab processes personal data and protects confidentiality in connection with the Platform.

This Policy applies globally to both (i) Natural Persons (individual users) and (ii) Legal Entities (corporate users). The Platform is designed primarily for Legal Entity (B2B) use, while remaining applicable to Natural Persons (B2C) where mandatory law applies.

Important distinction:

• For Natural Persons, account and usage information typically constitutes personal data.

• For Legal Entities, (a) profile data of authorized users is personal data, and (b) company/module data and financial data created or uploaded within modules is generally business data (not personal data) unless it identifies a natural person.

ReportingLab acts as a data controller for personal data related to Platform administration (e.g., account creation, billing, support).

For Legal Entities, to the extent ReportingLab processes company datasets uploaded to modules under the Legal Entity’s instructions, the Legal Entity is typically the data controller and ReportingLab acts as a data processor for such business data, where applicable.

ReportingLab may process:

• Identification and contact data (name, email, role, company name);

• Account and authentication data (credentials, access controls);

• Billing and transaction data (subscriptions, invoices, payment status);

• Technical and usage data (IP address, device/browser info, logs);

• User Content and business/financial data uploaded or created inside modules (company data, financial schedules, reports).

ReportingLab does not intentionally collect special categories of personal data; Users should not upload such data unless necessary and lawful.

ReportingLab processes data for:

• Providing and operating the Platform;

• Account administration and authentication;

• Subscription management and billing;

• Customer/technical support;

• Security, fraud prevention, and abuse detection;

• Compliance with legal obligations;

• Platform analytics and service improvement (including aggregated/anonymized usage metrics).

Depending on the context and applicable law, ReportingLab relies on one or more legal bases, including:

• Performance of a contract;

• Legitimate interests (e.g., security, preventing abuse, improving the Platform);

• Compliance with legal obligations;

• Consent (where required for certain cookies/marketing or specific processing).

ReportingLab undertakes to keep User information confidential and to use it only as required to provide the Platform and perform contractual obligations.

ReportingLab does not sell User data. User data is not shared with third parties except as described in Section 7.

ReportingLab may share data with:

• Hosting and cloud infrastructure (Google) providers;

• Payment service providers (for billing);

• Email/communication providers (for service messages);

• Security and monitoring providers (for protection);

• Professional advisors (lawyers, auditors) under confidentiality;

• Public authorities where legally required.

All service providers are subject to contractual confidentiality and (where applicable) data processing obligations consistent with this Policy.

Personal data may be processed in countries other than the User’s country of residence. Where required, ReportingLab implements appropriate safeguards such as Standard Contractual Clauses (SCCs) or equivalent lawful mechanisms.

ReportingLab uses cookies and similar technologies to operate and improve the Platform.

Cookie categories:

• Strictly necessary cookies (always on) for security and core functionality;

• Analytics cookies (subject to consent where required);

• Optional cookies (if used) subject to consent where required by law.

Users can manage cookie preferences via browser settings and any Platform cookie tools made available.

Certain Platform functionalities may involve automated or AI-supported processing of User Content to deliver decision-support features requested by the User.

ReportingLab does not engage in fully automated decision-making that produces legal or similarly significant effects within the meaning of applicable data protection laws. Outputs require human review and discretion.

Users are responsible for ensuring that data uploaded or entered is accurate, lawful, and appropriately authorized.

For Legal Entities, management is responsible for the accuracy and completeness of financial/company data and for ensuring they have the right to provide such data.

During any active paid period, User Content and Outputs remain accessible to the User.

Upon subscription termination due to non-renewal or non-payment, ReportingLab deletes User Content and Outputs stored in the Platform (including company/module data). Once deleted, data cannot be recovered, even if the User re-subscribes using the same email address or company name.

Users are responsible for exporting/backing up data prior to the end of the paid period.

Where legal retention obligations apply (e.g., billing records), ReportingLab may retain limited data for the required period.

ReportingLab implements reasonable technical and organizational measures, including access controls, logging/monitoring, and encryption where appropriate.

No system is completely secure; Users are encouraged to use strong passwords and appropriate internal access controls.

Subject to applicable law, Users may request access, rectification, erasure, restriction, objection, and portability of their personal data.

Requests may be submitted via the contact channels stated on the Platform. ReportingLab may need to verify identity before fulfilling requests.

ReportingLab may update this Policy from time to time. Updated versions will be made available on the Platform. Continued use after updates constitutes acceptance, except where mandatory law requires additional consent.