Privacy Policy
Last updated: October 3, 2025
This Privacy Policy explains how The Weekly Dev SRL (“we”, “us”, “our”) processes your personal data when you use Centrikos, our freelancer client portal SaaS. We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and applicable laws.
1. Who we are
The Weekly Dev SRL
Registered in Belgium - BE1016.231.683
Email: [email protected]
2. Personal data we collect
- Account Data: name, email address, profile image (if provided).
- Client/Portal Data: client contact details you enter; project names, notes, categories, and status updates.
- Files & Content: files you upload (e.g., invoices, contracts, deliverables) and associated metadata (filename, size, content type).
- Billing Data: subscription and payment info processed by Stripe (we do not store full card details).
- Usage & Device Data: IP address, browser/device, pages visited, event logs for security and reliability.
- Communications: emails we send (e.g., status updates, file upload notifications) and your newsletter opt-ins.
3. Purposes & legal bases
- Provide & operate the service (create portals, upload/share files, send updates) — Art. 6(1)(b) GDPR (contract).
- Billing & subscriptions — Art. 6(1)(b) GDPR.
- Security, fraud prevention, abuse monitoring, and service improvement — Art. 6(1)(f) GDPR (legitimate interests).
- Marketing emails/newsletters (only with opt-in) — Art. 6(1)(a) GDPR (consent), which you may withdraw at any time.
- Legal compliance (tax, accounting, lawful requests) — Art. 6(1)(c) GDPR.
4. Sharing & subprocessors
We do not sell personal data. We share data only as necessary with trusted providers under data protection terms:
- Amazon Web Services (AWS) — S3: secure file storage for uploads and downloads using private buckets and short-lived presigned URLs. Primary region: eu-west-3 (Paris).
- Stripe: subscription billing and payments (we don’t store full card details; Stripe acts as a PCI-DSS compliant processor).
- Resend: transactional and lifecycle emails (e.g., updates, onboarding, confirmations) sent to users and/or clients.
These providers may process data outside the EEA. Where applicable, we rely on Standard Contractual Clauses (SCCs) or equivalent safeguards. We maintain an up-to-date list of subprocessors on request.
5. International transfers
If personal data is transferred outside the EEA, we ensure adequate protection via SCCs, additional technical and organizational measures (e.g., encryption), and provider audits.
6. Data retention
- Account & portal data: retained while your account is active or as needed to provide the service.
- Files & notes: retained until you delete them or your account is deleted.
- Billing records: retained as required by law (typically up to 7 years).
- Backups & logs: retained for limited periods for security and reliability, then purged.
7. Your GDPR rights
You have the right to access, rectify, erase, restrict processing, object, and data portability, as well as the right to withdraw consent (where applicable). You may lodge a complaint with the Belgian Data Protection Authority (APD/GBA).
To exercise your rights, contact: [email protected].
8. Security
We apply appropriate technical and organizational measures (encryption at rest/in transit, least-privilege access, audit logs, short-lived links, multi-tenant isolation) to protect personal data against unauthorized access, alteration, or disclosure.
9. Cookies & similar technologies
We may use cookies or local storage to remember preferences, authenticate sessions, and perform analytics. You can manage cookies in your browser settings. Where required, we will request your consent.
10. Data Processing Agreement (DPA)
If you act as a controller and require a DPA with The Weekly Dev SRL (as your processor), we provide a GDPR-compliant DPA covering Centrikos usage and our subprocessors (including AWS, Stripe, and Resend). To request a DPA, email [email protected]. We will countersign and return a copy. If you have your own DPA template, share it for review.
11. Children’s data
Centrikos is not intended for children under the age of 16. We do not knowingly collect data from children under 16.
12. Changes to this policy
We may update this policy from time to time. We will post the updated version here and adjust the “Last updated” date. Material changes will be communicated when appropriate.
13. Contact
The Weekly Dev SRL
Email: [email protected]
Subprocessor details (overview)
- AWS (Amazon Web Services) — Infrastructure & storage (S3). Primary region: eu-west-3 (Paris). Data access via private buckets and presigned URLs.
- Stripe — Billing & payments. Processes payer identifiers and payment info under PCI-DSS. We store subscription metadata but not full card numbers.
- Resend — Transactional/lifecycle email delivery. Sends messages to your users/clients; stores delivery metadata and templates required for sending.
We can provide the current subprocessor list and SCC references upon request.