Privacy Policy.

Registora (operated by BoltPath LLC, “we”, “us”) is a software service that helps companies maintain a public list of their subprocessors. To run that service we collect the minimum personal data required to operate your account and bill you. We do not sell data, we do not advertise, and we do not share data with anyone except the subprocessors listed below that we need to run the service.

From you, when you open an account:

• Your name and email address.
• A hashed password if you sign up with email, or the OAuth profile data Google returns to us if you sign up with Google (email, name, profile picture URL).
• The IP address and user-agent of your sign-in sessions, for security.

From you, when you use the product:

• The configuration of your hosted /subprocessors page: company name, contact email, list of subprocessors, custom domain.
• The list of your customers' email addresses, only if you upload them so we can dispatch notification emails on your behalf.
• If you subscribe to a paid plan, billing information collected and stored by our payment processor Paddle (we do not see or store card numbers).

Automatically:

• Standard server logs (timestamp, request path, response code, user agent, IP address) retained for ninety days for security and abuse prevention.

• To operate your account, render your hosted page, and bill your plan.
• To dispatch transactional email on your behalf (account verification, password reset, subprocessor change notifications to your customers).
• To detect and prevent abuse, fraud, and security incidents.
• To comply with our own legal obligations.

We do not use your data for advertising. We do not sell your data. We do not train any AI model on your data.

Registora itself uses these third-party services to operate. By using Registora you accept these as our subprocessors.

Registora is operated from the United States. If you are in the European Economic Area, the United Kingdom, or another jurisdiction outside the United States, your data is transferred to and processed in the United States. We rely on the Standard Contractual Clauses adopted by the European Commission for such transfers where applicable.

Depending on where you live, you may have rights to access, correct, delete, or export your personal data, and to object to or restrict our processing of it. To exercise any of these rights, email privacy@registora.com. We respond within thirty days.

We keep your account data for as long as your account is open. If you close your account, we delete your personal data within ninety days, except where we are required to keep records for legal or accounting reasons.

We encrypt data in transit (TLS 1.3) and at rest. Passwords are hashed with scrypt. We follow the principle of least privilege for internal access. No system is perfectly secure; we will notify affected users without undue delay if a breach occurs.

We will post any material change to this policy on this page and update the “Last revised” date above. If the change is material we will also notify account holders by email at least thirty days in advance.

For privacy questions, write to privacy@registora.com.

Postal: BoltPath LLC, Registora, [registered office address], New Mexico, USA.