Privacy Policy

CEDREO (“us”, “we”, or “our”) operates (the “Site”) and Cedreo (the “Software”). The Software, the Site, and any other Cedreo products or services that link or refer to this Privacy Policy are collectively referred to as the “Service.”

This page informs you of our policies regarding the collection, use and disclosure of any information that could individually identify our users (“Personal Data”) in connection with our Service.

We use your Personal Data only for providing and improving the Service. By using the Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, accessible at

This policy applies immediately to new users who use or access the Service on or after the Effective Date and on the Effective Date to users who used or accessed the Service before the Effective Date.

Please contact us if you have any questions or comments about our Privacy Policy.


Personal Data

While using our Service, we may ask you to provide us with certain information that can be used to contact or identify you.

Personally identifiable information, or “Personal Data”, may include, but is not limited to:

  • Contact Information : information we collect to identify or contact you, such as your first and last name, physical address, email address, or telephone number.
  • User Account Information : information that identifies you to the Service, such as your user name, email address, password, and IP address.
  • User Content : to the extent that you choose to input Personal Data as part of such content, images, comments, and other content, information, and materials that you post to or through the Service.
  • Financial Account Information : information that you provide in connection with your purchase of the Service (or a purchase made through the Service), including credit card number, credit card expiration date, credit card verification code, ZIP code and country. You must only provide us with Financial Account Information for accounts and credit cards that you have the lawful right to access.

We collect Personal Data when a user (i) creates an account (a “User Account”); (ii) logs into the Service; (iii) interacts with the Service; (iv) uploads or generates User Content; (v) communicates with us; and (vi) responds to a communication or interaction from us.

Log Data

Like many site operators, we collect information that your browser sends whenever you visit our Site (“Log Data”). This Log Data may include information such as your computer’s Internet Protocol (“IP”) address, browser type, browser version, the pages of our Site that you visit, the time and date of your visit, the time spent on those pages and other statistics.


The Service may use cookies or other technologies serving the same or similar purpose (together referred to as “cookies”), that may collect or store Personal Data Cookies are text files stored and used to record non-personal and Personal Data concerning your browsing and use of the Service. Cookies can be either persistent (ie. remain after you logoff from the Service in order to be used on your subsequent visits to the Service) or transient (i.e., removed when you close the web browser).
We use cookies in order to :

  • Improve your user experience through (for example enabling a service to recognize your device so you don’t have to give the same information several times during one task or recognizing that you may already have given a username and password so you don’t need to do it for every web page requested)
  • Analyze traffic and data of the Service to measure how many people are using the Service, so they can be made easier to use and there’s enough capacity to ensure they have adequate response times,
  • Help us understand how people interact with the Service so we can enhance their functionality, content and performance to better reflect your needs and interests.

We may also use third party services (such as Google Analytics, Hubspot) to perform services on its behalf, in particular to analyze your browsing habits and measure the Service audience.

When you browse the Site, cookies are enabled by default and data may be read from or stored locally on your device if your browser settings allow. You will be notified of the use of cookies the first time you access the Service with a different device; we will not install any cookies before obtaining your explicit consent. You may decide to accept or refuse some or all cookies. You can configure your browser software to refuse all cookies (including cookies used for web analytics services); if you do so, however, some areas and features of the Service may not function properly and/or you may not be able to access some parts or Services.

When You navigate through the Service, some information may also be collected through the use of other technologies, such as Internet tags or web beacons, and/or the collection of navigational data (log files, server logs, clickstream data).

Your Internet browser will then automatically send us such information, such as the URL of the website that you just came from, the Internet Protocol (IP) address and the browser version your computer is currently using, your clickstream on the website (pages that you have visited, paths taken on the site etc.).

We may use your information collected through the Service in order to manage your account, improve the content of the Service, communicate information to you (if you have requested such information), for our research and marketing needs, for statistical purposes and/or to identify the products and services that you are interested in.


Operation and improvement of the Service

Cedreo uses your Personal Data to provide, administer, and improve our Service. The Personal Data we collect may be used to retrieve your projects, allow you to purchase a new project, or prevent any fraudulent, harmful, unauthorized, or illegal activity.


We may use your Personal Data to contact you with newsletters, SMS, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe instructions provided in any email we send.


We share Personal Data with third party service providers and agents who work on our behalf and provide us with services related to the Service, or following legal obligations.

External Service Provider

Where necessary, we will commission other companies and individuals to perform certain tasks contributing to our services on our behalf, such as billing and credit card payment processing, maintenance, sales, marketing, administration, support, hosting, and database management services.

Analytics Tools

Cedreo uses data for analytics and measurement to understand how our services are used. We use tools like Google Analytics to measure traffic to our Service and user interaction, to optimize your experience using our services.

Public bodies

We will only disclose your Personal Data to public bodies where this is required by law. We will for example respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside your country of residence.

We may be required to use and retain Personal Data for legal and compliance reasons, such as the prevention, detection, or investigation of a crime, loss prevention, fraud or any other abuse of our services and IT systems. We may also use your Personal Data to meet our internal and external audit requirements, information security purposes, or to protect or enforce our rights, privacy, safety, or property, or those of other persons.


Our Service is not designed to be marketed to children who are considered as minor under the applicable data protection law and we do not knowingly collect or store Personal Data from children under such age. For children whose usual place of residence is in the European Union, Lichtenstein, Norway or Iceland, the default age at which a person is no longer considered a child is 16 subject to local law to adjust that limit between 13 and 16.

Certain of our products and services may be appropriate for use by children, however, in which case children below the age of consent under local data protection laws must seek consent from their parents or guardians prior to registering. Teachers and school administrators may act in the place of parents and guardians and provide consent for the collection of Personal Data from children (schools should always ensure that they have received permission from parents or guardians to do so).

If parents or guardians become aware that their child has provided us with Personal Data without their consent or without a teacher’s or school administrator’s consent, they can ask us to remove such Personal Data and terminate the child’s account by contacting us.

If Cedreo becomes aware that it has collected Personal Data from a child below the age of consent under local data protection laws without consent from a parent or guardian, Cedreo will take steps to remove such Personal Data and terminate the child’s account.


The security of your personal information is important to us.

Cedreo has implemented various measures to ensure that the information is adequately protected against unauthorised access, use, disclosure and destruction. Please keep in mind that risk can never be eliminated but can be significantly mitigated and reduced. You should bear in mind that submission of information over the internet is never entirely secure.

All measures which Cedreo has taken significantly reduce the risk. Cedreo shall not be held liable by any third party, including you, in any event of unauthorized access, use and/or disclosure of information provided that such is not due to Gross Negligence, willful misconduct, fraud or bad faith by Cedreo.

Security measures adopted by Cedreo include:

  • Access to the information stored within Cedreo’s servers is restricted to a limited number of Cedreo employees,
  • The Site and the Service are all secured by SSL protocol, which provides encryption to all data transmitted,
  • Cedreo’s servers are protected by a) firewalls establishing a barrier between our trusted, secure internal network and the Internet and b) IP restrictions, limiting access to whitelisted IPs,
  • Cedreo uses third-party vendors and hosting partners (such as Google Cloud) to provide the necessary hardware, software, networking, storage, and related technology to run the Service. These vendors all offer best-in-class security.
  • When payments are processed via credit card, Cedreo uses third party vendors that are PCI_DSS compliant.

Cedreo takes reasonable security measures to protect your personal information to prevent loss, misuse, unauthorized access, disclosure, alteration, and destruction. Please be aware, however, that despite our efforts, no security measures are 100% bulletproof.


We do not store your Personal Data for more time than necessary. Retention periods may vary depending on the data categories and the processing activities.

Where Cedreo is processing and using your Personal Data as permitted by law or under your consent, we will store your Personal Data (i) as long as you have an open account with us or as otherwise necessary to provide you with the Service, (ii) where Cedreo has a legitimate interest in using your Personal Data, until you object to Cedreo’s use of your Personal Data, or (iii) where you gave your consent, until you withdraw it.

Please note that certain personal information may need to be retained by Cedreo for a period of time following cancellation of your account where this is necessary for our legitimate business purposes or required or authorized by applicable law.

However, where Cedreo is required by applicable law to retain your Personal Data longer or where your Personal Data is required to assert or defend against legal claims, Cedreo will retain your Personal Data until the end of the relevant retention period or until the claims in question have been settled.


Unconditional rights

At any time, you may:

  • Rectify your Personal Data
  • Obtain a copy of such Personal Data
  • Refuse any use which relates to marketing

Conditional rights

As the case may be, you may :

  • Withdraw your consent where one of our use is based hereupon
  • Refuse for a legitimate reason our use based on our legitimate interest or a public interest
  • Request the transfer to anyone of data we hold on the basis of a contract or of your consent (right to data portability)
  • Request that we keep your data without using it in case of inaccuracy, unlawfulness, while we examine your refusal that we use your data or should you need it before courts
  • Request deletion in case data is unnecessary or where you have withdrawn consent or refused our use or if you were a child upon collection (right to be forgotten)

Additional rights

Finally, you may introduce a claim with the data protection authority of your country.

The Site and the Service might offer links to third party websites that may be of interest to you.

Unless we receive your express authorization, we do not share any Personal Data with these third parties. However, we may provide them with non-Personal Data.

We do not exercise any control over the content of third party websites or the practices of these third parties in connection with the protection of Personal Data that they might collect and are thus not in our control.

It is therefore your responsibility to inform yourself as to these third parties’ privacy policies.


This Privacy Policy may be updated from time to time for any reason; each version will apply to information collected while it was in place. We will notify you of any modifications to our Privacy Policy by posting the new Privacy Policy on our Site and indicating the date of the latest revision. You are advised to consult this Privacy Policy regularly for any changes.

In the event that the modifications materially alter your rights or obligations hereunder, we will make reasonable efforts to notify you of the change. For example, we may send a message to your email address or generate a pop-up or similar notification when you access the Service for the first time after such material changes are made. Your continued use of the Service after the revised Privacy Policy has become effective indicates that you have read, understood and agreed to the current version of this Privacy Policy.


If you have any questions about this Privacy Policy, please contact us.