Legal

Privacy Policy

Last updated: 2026-01-05

1. Who we are

Controller: SIA Coma Cloud
Registration number: 42403046764
VAT number: LV42403046764
Legal address: Ganību iela 59, Jelgava, LV-3007, Latvia
Contact: [email protected] (or [email protected])

2. Roles – when we are controller and when we are processor

Website and sales operations: We act as data controller for personal data processed for account creation, billing, support, and website analytics (where applicable).

Hosting services: When you host applications or store data with us, we typically act as a processor for personal data contained in Customer Content, and you act as the controller. In those cases, the Data Processing Agreement (DPA) applies.

3. What data we collect

  • Account data: name, email, phone, company name, address, VAT number (if applicable).
  • Billing data: invoices, payment status, transaction references.
  • Support data: messages, tickets, logs you submit, and communications.
  • Technical data: IP addresses, authentication logs, service usage metrics, security events, and system logs.
  • Website data: cookies and similar technologies, subject to your preferences and applicable consent requirements.

4. Purposes and legal bases

  • Contract performance: to provide Services, manage accounts, billing, support.
  • Legal obligation: accounting and tax compliance under Latvian law.
  • Legitimate interests: security, fraud prevention, abuse prevention, service reliability, and defending legal claims.
  • Consent: marketing communications and non-essential cookies where required.

5. Retention

We retain personal data only as long as needed for the purposes above, including statutory retention obligations. Billing and accounting records are typically retained for the period required by law. Security logs are retained for a limited period appropriate to security and audit needs.

6. Sharing and recipients

We may share data with:

  • Payment providers for payment processing.
  • Infrastructure and subprocessing providers used to deliver Services (see Subprocessors page).
  • Professional advisers (lawyers, auditors) where necessary.
  • Authorities where we are legally required to disclose information.

7. International transfers

Where data is transferred outside the EEA, we rely on appropriate safeguards such as adequacy decisions or Standard Contractual Clauses, as applicable.

8. Security

We apply technical and organisational measures to protect personal data, including access controls, encryption where appropriate, logging, and incident response procedures.

9. Your rights

You may have rights to access, rectification, erasure, restriction, portability, and objection, and to withdraw consent where processing is based on consent. To exercise rights, contact us at [email protected].

10. Complaints

You may lodge a complaint with the Latvian supervisory authority: Datu valsts inspekcija.

11. Cookies

See our Cookie Policy for details on cookies and similar technologies.

12. Changes to this policy

We may update this Privacy Policy from time to time. The updated version will be published on this page with a new “Last updated” date.