Back to homepage

    Document typeLegal policy

    Privacy Policy

    Infrastructure-Level Privacy

    1. Who we are

    ZenthraCore is a Romania-based DevSecOps and infrastructure security consultancy. We operate under EU data protection law (GDPR), and our primary hosting infrastructure is located in Switzerland.

    2. What this policy covers

    This Privacy Policy explains how we handle information when you browse our website or contact us through the channels we provide. It does not replace any specific data processing agreements we may sign with clients for particular projects.

    3. Data we do not collect on this site

    • No analytics or tracking pixels for advertising purposes.
    • No third-party cookies used for behavioral profiling.
    • No automatic creation of user accounts or marketing lists.

    4. Cookies and local storage

    We use only strictly necessary cookies and local storage mechanisms required for the website to function properly. These include:

    • Sidebar state cookie: Stores the open/closed state of navigation sidebar to preserve your preference during your session. This cookie expires after 7 days.

    These cookies are essential for the website's functionality and do not require consent under GDPR, as they are strictly necessary for the service you have requested. We do not use cookies for tracking, analytics, advertising, or any other purpose beyond basic functionality. No cross-site tracking mechanisms are implemented.

    You can control cookies through your browser settings, but disabling strictly necessary cookies may affect the website's functionality.

    5. Information you choose to share

    If you contact us (for example, by email or via secure messaging channels), you may provide basic business contact information and details about your infrastructure or security needs. We use this information solely to respond to your inquiry, evaluate fit, and, if both parties agree, prepare a proposal or contract.

    6. Legal basis for processing

    Where GDPR applies, we process personal data on the basis of our legitimate interest in responding to business inquiries and delivering security services (Art. 6(1)(f) GDPR), or on the basis of contractual necessity when entering into or performing an agreement (Art. 6(1)(b) GDPR). We balance our legitimate interest against your fundamental rights and freedoms.

    7. Data retention

    We retain communication records and project-related information only for as long as necessary to respond to your request, perform an engagement, comply with legal obligations, or protect our legitimate interests (for example, in case of disputes). Routine inquiries are typically deleted within 6–12 months unless an engagement is initiated. When data is no longer needed, it is deleted or irreversibly anonymized.

    8. Data sharing and third parties

    We do not sell your data and do not share it with third parties for advertising or profiling. Where we rely on carefully selected service providers (for example, secure email or hosting providers), they act as processors under contract and are bound by confidentiality and data protection obligations.

    We use a security and content delivery provider to protect our infrastructure against abuse, automated attacks, and denial-of-service events. This provider may process IP addresses and technical request metadata strictly for security and traffic filtering purposes. No behavioral profiling or advertising tracking is enabled.

    Automated abuse prevention mechanisms (such as bot detection or CAPTCHA challenges) may be used when necessary to maintain service availability.

    9. International transfers

    Our primary processing activities take place within the EU/EEA and Switzerland. If data is transferred outside these jurisdictions, we use appropriate safeguards such as adequacy decisions, standard contractual clauses, or equivalent protections required by law.

    10. Your rights

    Depending on your jurisdiction, you may have rights to access, correct, delete, or restrict the processing of your personal data, as well as the right to object to certain processing and to data portability. You also have the right to lodge a complaint with a competent supervisory authority.

    11. Security measures

    We design our infrastructure and internal practices around privacy and security by default. This includes encrypted communication channels, strict access control, and minimal data retention. Nevertheless, no system is completely immune to risk, and we cannot guarantee absolute security.

    12. Changes to this policy

    We may update this Privacy Policy to reflect changes in our services, legal requirements, or technical measures. The latest version will always be available on this page. Substantive changes will apply only going forward.

    13. Contact

    If you have questions about this policy or how we handle data, you can reach us via the encrypted contact channels listed on the homepage. We deliberately keep communication channels narrow to reduce exposure and to maintain high security standards.