Ga naar hoofdinhoud

GDPR and Data Protection

Selgeo is built privacy-first: attribution is cookieless and server-side, infrastructure is EU-hosted, and the data-subject rights tooling described here is part of the product — not an afterthought. This page covers the compliance tools available to you as a merchant.

Generating a Data Processing Agreement (DPA)

Under GDPR Article 28 you need a DPA with every processor that handles personal data on your behalf — including Selgeo. You can generate one without involving a lawyer:

  1. Go to Settings → DPA.
  2. Fill in your company name, registered address, and contact email.
  3. Generate — the DPA is produced as a downloadable PDF, pre-filled with your details, Selgeo's role as data processor, the data categories processed, retention periods, and security measures.

If your company details change, generate a new version — earlier versions stay available in the version history on the same page.

Sub-processors

The DPA references the list of sub-processors Selgeo uses to deliver the platform (hosting, payments, email, CDN). The current list, with purposes and regions, is published at Data Sub-processors.

Partner data erasure (right to erasure, Art. 17)

Erasure can be initiated from either side:

  • By the partner — partners have a "Delete My Account" action in their portal settings. It requires typing a confirmation phrase before anything is anonymised; once erasure completes, the partner receives a confirmation email as a receipt.
  • By you — open a partner in the Partners list and use Erase Partner Data in the detail panel, for example when a partner emails you an erasure request directly.

In both cases erasure anonymises rather than deletes: name, email, VAT ID, and IP-derived identifiers are replaced with placeholder values, while historical conversion and commission records are retained in anonymised form (legal basis: legitimate interest in financial record-keeping). An erased partner can no longer be paid: marking a payout as paid is refused for erased participants, and no new commissions accrue to them.

Erased partners are hidden from your Partners list by default; a Show erased toggle reveals them with a redacted "Deleted partner" label.

Erasure is permanent

Anonymisation cannot be undone. The partner's personal identifiers are unrecoverable once erasure completes.

Data export (right of access and portability, Arts. 15 and 20)

Partners can export everything the platform holds about them from their portal settings: profile data, participant records, click events, attributed conversions, commissions, and payout history. The export is a machine-readable JSON file, generated asynchronously; the download link expires after 24 hours.

Privacy-first attribution

Selgeo's tracking uses no cookies and no cross-site identifiers — the snippet stores attribution data in sessionStorage only, and IP addresses are stored as salted hashes. No cookie consent banner is required for Selgeo tracking. See How the snippet works for the technical details.