Sicherheitskontakt
Support-Anfrage
Feedback

GDPR Compliance

Version: 1.1Effective: April 19, 2026
Last updated: April 19, 2026

Under the European Union General Data Protection Regulation (GDPR) 2016/679, your personal data is protected. This page summarizes your rights and how to exercise them on the CADENSA platform.

1. Your Rights Under GDPR

The GDPR grants you the following rights regarding your personal data:

📄 Right to Access (GDPR Article 15)

You can request a copy of the personal data we hold about you.

How: Profile → Settings → Export Data (JSON format).

✏️ Right to Rectification (GDPR Article 16)

You can request correction of inaccurate or incomplete data.

How: Profile → Edit, or contact us:

🗑️ Right to Erasure (GDPR Article 17)

You can request deletion of your personal data ("right to be forgotten").

How: Settings → Delete Account. Note: All data is removed from Cadensa systems. VAT invoices remain with external providers (e.g. Billingo).

⏸️ Right to Restriction (GDPR Article 18)

You can request restriction of processing under certain conditions.

How:

📦 Right to Data Portability (GDPR Article 20)

You can request your data in a machine-readable format.

Format: JSON export (Profile → Export Data)

🛑 Right to Object (GDPR Article 21)

You can object to data processing (e.g., direct marketing).

How: Unsubscribe from marketing emails, or contact

↩️ Right to Withdraw Consent (GDPR Article 7)

You can withdraw consent at any time (e.g., cookies, marketing).

How: Cookie Settings (footer), or Settings → Privacy

⚖️ Right to Lodge a Complaint (GDPR Article 77)

You can file a complaint with a supervisory authority if you believe your data protection rights have been violated.

Hungarian supervisory authority:
Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH)
Address: 1055 Budapest, Falk Miksa utca 9-11.
Email: ugyfelszolgalat@naih.hu
Web: https://naih.hu

2. Data Retention Periods

Detailed information about data retention periods is available in our Privacy Policy:

  • User accounts: Retained until user-initiated deletion
  • Time entries: 8 years (anonymized after account deletion - Accounting Act)
  • Billing records: Removed from Cadensa systems on account deletion; VAT invoices remain with external providers
  • Audit logs: 2 years (security best practice)
  • Marketing consent: until withdrawn

For more details: Privacy Policy

3. Data Export Guide

Under the right to data portability, you can export all your personal data in JSON format:

  1. Sign in to your CADENSA account
  2. Navigate to Settings → Privacy
  3. Click "Export Data" button
  4. A JSON file containing all your personal data will be downloaded
💡 Exported data includes:
  • Profile information
  • Time entries
  • Projects and tasks
  • Settings and preferences
  • Billing history

4. Account Deletion (Right to be Forgotten)

Under GDPR Article 17, you can request deletion of your account and personal data:

Deletion Process:

  1. Settings → Delete Account
  2. Confirm deletion intent (irreversible)
  3. 30-day grace period: you can export your data
  4. All personal data will be deleted (except legal obligations)

⚠️ Important Notes:

  • Billing records: Removed from Cadensa systems. VAT invoices remain with external providers (e.g. Billingo) — their retention obligations apply.
  • Audit logs: Retained for 2 years for security purposes (anonymized)
  • Backups: Removed from backups within 90 days

5. Third-Party Data Processors

CADENSA uses the following GDPR-compliant third-party processors:

Hetzner Online GmbH

Server hosting + MongoDB (Germany, EU)

DPA: hetzner.com/legal/data-privacy-faq

Mollie B.V.

Payment processing, subscription management (Netherlands, EU — Amsterdam)

DPA: Automatic upon registration (GDPR Art. 28 — EU-based processor)

Tarhely.eu / EZIT Kft.

Email delivery (Hungary, EU)

ÁSZF: tarhely.eu/aszf

Vercel Inc.

Landing hosting (Global, EU edge servers)

DPA: vercel.com/legal/dpa

Wasabi Technologies, LLC

Invoice PDF archival (eu-central-2 / Frankfurt, EU) — WORM Object Lock in COMPLIANCE mode, 8-year immutable retention per Hungarian Accounting Act §169

DPA: wasabi.com/legal/data-processing-addendum

Billingo Technologies Zrt.

Electronic invoicing + NAV Online Számla 3.0 reporting (Hungary, EU). Data transferred: customer name, billing address, tax/EU VAT number, email, invoice line items.

DPA: billingo.hu/adatvedelem

Plausible Analytics OÜ

Cookie-free website analytics (Estonia, EU) — no personal data collected, no consent required

DPA: Not required (not personal data under GDPR)

Google LLC (Google Calendar)

Optional Google Calendar integration (USA) — user-initiated only, with explicit consent (GDPR Art. 6(1)(a))

DPA: cloud.google.com/terms/data-processing-addendum

6. Contact and Questions

If you have questions about your GDPR rights or wish to exercise any of them:

Privacy Contact:

  • Email:
  • Response time: Within 30 days
  • Service Provider: Axeri Labs Bt.
  • Address: 2120 Dunakeszi, Brassói utca 7., Hungary

Related Documents:

Privacy Policy

Detailed data processing information

Cookie Policy

Cookie management and settings

Terms of Service

General terms and conditions

DPA Template

For ENTERPRISE customers (GDPR Article 28)