Privacy Policy

Last updated: 2025-08-01

Annexa collects and processes your personal data in accordance with the GDPR (Regulation (EU) 2016/679).

Data controller

Leandro Sierra — leandrosierra1@gmail.com

Data collected

  • Email address, name, organization (account creation)
  • Compliance data entered by the user (registries, checklists)
  • Technical data: IP hash (anti-spam), session token (authentication)
  • Analytics: anonymous visits via Umami (no cookies, GDPR compliant)

Processing purposes

  • Providing the Annexa compliance service
  • Authentication and account security
  • Responding to contact form messages
  • Anonymous site usage statistics

Retention period

Account data: retained until account deletion. Contact messages: 3 years. Sessions: 7 days.

Your rights

You have the right to access, rectify, delete, and port your data. To exercise your rights:

→ Contact form

Cookies

Annexa uses only one essential cookie (session token, HttpOnly, not accessible via JS). Analytics are handled by Umami, a cookieless GDPR-compliant solution.