Information We Collect

Data You Provide Directly

When you sign up for CerevoVolt services or contact us, we collect information you give us voluntarily. This includes your business name, contact details, billing information, and technical requirements for integration.

Transaction Information

Our systems process payment data to complete transactions. We collect transaction amounts, timestamps, merchant identifiers, and status codes. Customer payment details pass through our infrastructure but are tokenized immediately—we don't store complete card numbers or sensitive authentication data.

Technical Data

Like most online services, we automatically collect certain technical information. This includes IP addresses, browser types, access times, and API usage patterns. We use this data to maintain system security, troubleshoot issues, and improve performance.

How We Use Your Information

We're not in the business of selling data or bombarding you with marketing. Here's what we actually do with the information we collect:

• Process payment transactions according to your business rules and configurations
• Monitor system performance and detect potential security threats
• Provide technical support when you run into issues
• Send service updates about system maintenance or security patches
• Comply with financial regulations and anti-fraud requirements
• Generate anonymized analytics to improve our infrastructure

Data Sharing and Transfers

When We Share Information

Payment processing doesn't happen in isolation. We share data with specific parties when necessary:

• Banking partners: Transaction data goes to banks and card networks to authorize and settle payments
• Fraud prevention services: We share relevant data with specialized security providers to protect against fraudulent transactions
• Cloud infrastructure providers: Our systems run on secure cloud infrastructure, which processes data according to strict agreements
• Regulatory authorities: When legally required, we provide information to Bulgarian financial regulators or law enforcement

International Data Transfers

We operate primarily within Bulgaria, but payment networks are global. Some data may be transferred to processors in the European Union or other regions with adequate data protection standards. These transfers comply with GDPR requirements through standard contractual clauses and approved transfer mechanisms.

Your Rights Under Bulgarian and EU Law

Bulgarian data protection law, aligned with GDPR, gives you specific rights over your personal information. We've set up practical procedures to exercise these rights:

Access Your Data

You can request a copy of the personal data we hold about you. We'll provide this in a readable format within 30 days. Contact our support team at support@cerevovolt.com with your request.

Correct Inaccurate Information

If we have incorrect details about your business or contacts, you can update them through your account dashboard or by contacting support. Most contact information can be changed directly in the system.

Request Data Deletion

You can ask us to delete your personal data, though financial regulations require us to retain transaction records for seven years. After that period, we'll delete data upon request unless there's a legitimate legal reason to keep it.

Object to Processing

In certain situations, you can object to how we process your data. This right is limited when processing is necessary for legal compliance or contract fulfillment—which covers most payment processing activities.

Data Portability

You can request your data in a structured, machine-readable format to transfer to another service provider. We'll provide transaction logs and account data in CSV or JSON format within 30 days.

Security Measures

Payment data security isn't optional for us—it's the foundation of what we do. Our infrastructure uses multiple layers of protection:

• End-to-end encryption for all data in transit using TLS 1.3 protocols
• Database encryption at rest with regularly rotated encryption keys
• Network segmentation isolating payment processing systems from other infrastructure
• Multi-factor authentication required for all administrative access
• Regular security audits conducted by independent third parties
• Real-time monitoring systems that alert us to suspicious activity
• Strict access controls limiting employee access to customer data

Our data centers in Bulgaria meet ISO 27001 standards and undergo regular compliance assessments. We maintain detailed security logs and conduct quarterly penetration testing to identify potential vulnerabilities.

Breach Notification

If we discover a security breach affecting your data, we'll notify you within 72 hours as required by Bulgarian law. The notification will include what happened, what data was affected, and what steps we're taking to address the situation.

Data Retention and Deletion

We keep data only as long as necessary for business operations and legal compliance. Different types of information have different retention schedules:

Active Business Relationships

While you're an active customer, we retain all necessary data to provide services and support. Transaction records are kept for the duration of your account plus seven years to meet Bulgarian tax and financial regulations.

After Account Closure

When you close your account, we delete non-essential data within 90 days. Financial transaction records are archived according to legal requirements—typically seven years from the transaction date. After that period, all remaining data is permanently deleted.

Technical Logs

System logs used for security monitoring and troubleshooting are retained for 13 months, then automatically deleted. Anonymized analytics data may be retained longer since it can't identify specific individuals or businesses.

Cookies and Tracking

Our website uses minimal cookies necessary for system functionality. We don't use advertising cookies or third-party tracking scripts. Here's what we do use:

• Session cookies: Keep you logged in while using the dashboard—deleted when you close your browser
• Security cookies: Help us detect and prevent unauthorized access attempts
• Preference cookies: Remember your dashboard settings and display preferences

You can disable cookies in your browser settings, though this may affect system functionality. Our payment processing APIs don't rely on browser cookies.

Third-Party Services

We work with carefully selected service providers who help us operate CerevoVolt. These companies process data on our behalf under strict contractual obligations:

• Cloud hosting infrastructure providers maintaining our servers
• Email service providers for account notifications and support communications
• Security monitoring services that analyze system logs for threats
• Payment card networks and banking partners necessary for transaction processing

All third-party processors sign data processing agreements requiring them to protect information according to GDPR standards. We regularly audit these relationships and immediately address any compliance concerns.

Children's Privacy

CerevoVolt provides business payment services. We don't knowingly collect information from individuals under 18 years old. Our services are designed for business use and require legal capacity to enter commercial agreements.

Changes to This Policy

We update this privacy policy periodically to reflect changes in our practices or legal requirements. When we make significant changes, we'll notify active customers by email at least 30 days before the new policy takes effect.

Minor updates—like clarifying existing practices or fixing typos—won't trigger individual notifications. The "Last Updated" date at the top of this page always reflects the most recent changes.

Continued use of CerevoVolt services after a policy update constitutes acceptance of the new terms. If you disagree with changes, contact us to discuss options before they take effect.