Privacy Policy

1. Data Controller

The data controller for Compabase is Content Writer Sp. z o.o., with its registered office at ul. Strzelecka 29A/39, 61-846 Poznań, Poland.

KRS: 0001088645

NIP: 7792567297

Contact: contact@contentwriter.co

2. Scope of This Policy

This Privacy Policy describes:

• how we process data of users purchasing datasets,
• how we process personal data contained in public business registers,
• how we protect technical and transactional data related to platform use.

Compabase is a B2B data intelligence platform and is intended for professional use.

3. Categories of Data Processed

3.1. Transaction and Billing Data

We collect only the information necessary to deliver purchased datasets and issue invoices: email address, company name, Tax Identification Number (NIP/VAT), billing details.

3.2. Payment Data

Payments are processed by external payment providers (e.g., Stripe). We do not store payment card numbers or banking credentials.

3.3. Technical Data

Basic technical logs may include: IP address, request metadata, timestamps. These logs are used for security, system stability, and abuse prevention.

3.4. Public Corporate and Personal Data

Compabase processes and structures data originating from official public sources, including: National Court Register (KRS), financial statements filed in public repositories. Such data may include: company identifiers, management structures, names of board members or representatives, data relating to sole traders (JDG), financial indicators derived from public filings.

4. Sources of Data

All corporate and personal data available in Compabase originate from publicly accessible official registers and filings. We do not collect such data directly from individuals.

5. Purposes and Legal Basis

We process data on the following legal bases:

Contract Performance (Art. 6(1)(b) GDPR) — To: process orders, confirm payments, deliver generated datasets.

Legal Obligation (Art. 6(1)(c) GDPR) — To: issue VAT invoices, maintain accounting documentation.

Legitimate Interest (Art. 6(1)(f) GDPR) — To: provide structured access to public business information, ensure platform security, prevent abuse, defend legal claims, maintain technical integrity of data processing systems.

Public corporate and personal data are processed on the basis of legitimate interest in providing access to structured economic information derived from official registers.

6. Automated Processing and Data Transformation

Compabase performs automated extraction, normalization, and analysis of publicly available records. Financial indicators (e.g., EBITDA, growth metrics, stability indicators) may be: derived, calculated, estimated, algorithmically interpreted. These processes may result in inaccuracies.

7. Data Sharing

We do not sell personal data and do not use behavioral advertising. Data may be shared only with: payment processors (e.g., Stripe), cloud infrastructure providers hosting the platform, accounting and tax service providers, technical service providers supporting platform security and operations.

8. International Data Transfers

Due to the global nature of our services and infrastructure providers, data may be processed outside the European Economic Area. Where this occurs, appropriate safeguards are applied, including standard contractual clauses where required.

9. Data Retention

Billing and accounting records: retained for the period required by applicable tax law.

Transaction email: stored only as long as necessary to ensure delivery and resolve technical issues.

Technical logs: retained for a limited period necessary for security and system integrity.

Public corporate data: retained as long as necessary to provide the service and maintain data integrity.

10. Rights of Data Subjects

Individuals whose personal data appear in public registers and within Compabase have the right to: access their data, request rectification, request restriction of processing, object to processing based on legitimate interest.

Requests can be submitted via: contact@contentwriter.pl

Individuals also have the right to lodge a complaint with the Polish data protection authority (UODO).

11. Cookies

Compabase uses only essential technical cookies required for: session handling, payment flow, system functionality. We do not use advertising trackers or behavioral analytics tools.

12. Security Measures

We implement organizational and technical measures to protect data, including: secure infrastructure, access control, encrypted data transmission, monitoring against unauthorized access and abuse.