cmcendpoint.com (“we”, the “Company”) complies with applicable data protection laws. This Policy explains what we collect, why we use it, and how we protect it.
1. General
This Policy applies to our website and related services (the “Service”). We collect and use personal data on a minimal and transparent basis.
2. Data We Collect
Required: email, password (hashed), Service usage records (logs, IP address, device info), payment identifiers (for paid transactions)
Optional: profile name, contact details, project metadata
3. How We Collect
We collect data via account registration, inquiries/support requests, automatically during Service use (including cookies or similar technologies), and via payment processors for paid transactions.
4. Purposes of Use
- User identification, login, and access control
- Providing the Service (e.g., issuing endpoints) and settlement
- Customer support, incident response, and notices
- Service improvement and security monitoring
- Compliance with laws and dispute resolution
5. Retention & Deletion
We promptly delete personal data once the purpose of processing is fulfilled. However, data may be retained as required by law:
- Records of contracts or withdrawal: 5 years
- Payment and supply records: 5 years
- Customer complaints or dispute records: 3 years
- Access logs: 3 months (per applicable communications laws)
Electronic files are destroyed using irrecoverable technical methods; physical records are shredded or incinerated.
6. Sharing with Third Parties
We share personal data with third parties only with your consent or when permitted by law, and only to the minimum extent necessary. Where sharing is necessary, we will inform you in advance of the recipient, purpose, items, and retention period and obtain consent.
7. Subprocessors
We may engage subprocessors to provide stable Service operations and require appropriate technical and organizational measures via contracts (e.g., cloud/hosting, payment processing, email delivery).
8. Your Rights
You may request access, rectification, deletion, or suspension of processing of your personal data at any time. We will act without undue delay in accordance with applicable law. Upon account deletion, we destroy your data except where retention is legally required.
9. Cookies
We use cookies to improve Service quality and maintain authentication. You can refuse or delete cookies via your browser settings, but some features may not function properly.
10. Security Measures
- Transport-layer encryption (HTTPS), one-way password hashing
- Least-privilege access, support for 2FA
- Firewalls and vulnerability assessments
- Logging, anomaly monitoring, and backups
11. International Transfers
Your data may be stored or processed on servers outside your country due to cloud infrastructure or external solutions. In such cases, we comply with applicable legal safeguards.
12. Data Protection Officer
Responsible person: Data Protection Officer
Email: business@meccain.com
We respond promptly to inquiries and strive to protect your rights.
13. Changes to This Policy
We will announce additions, deletions, or modifications to this Policy at least 7 days prior to the effective date via website notices. Material changes may be notified separately.