1. Data controller
Polaris Innovation Technologies
Website: www.polarisinno.com
Contact e-mail: hello@polarisinno.com
2. Personal data we process
- Registration data: name, e-mail address, password in encrypted form.
- Authentication data: login status, session identifier, CSRF protection token.
- Security data: IP address, user agent, login attempt time, username or e-mail used during login, failed login count and temporary lockout information.
- Account protection data: two-factor authentication status and related technical identifiers, if enabled.
- Communication data: e-mails sent by the system, such as registration, password reset, security or notification messages.
- Technical logs: server logs required for security, troubleshooting and service reliability.
3. Purposes of processing
- Creating and managing user accounts.
- Providing secure login and authenticated access to the platform.
- Protecting accounts against unauthorized access and brute-force attacks.
- Preventing abuse, spam, automated attacks and malicious requests.
- Sending necessary system, security and account-related messages.
- Maintaining the stability, security and proper operation of the service.
4. Legal bases
| Processing activity | Legal basis |
|---|---|
| Registration, login and account management | Performance of a contract or steps prior to entering into a contract. |
| Security logs, failed login tracking, temporary lockout and abuse prevention | Legitimate interest in protecting the platform, users and data. |
| CSRF protection, session handling and essential cookies | Legitimate interest and technical necessity for secure service operation. |
| Required system and security e-mails | Performance of a contract and legitimate interest. |
| Compliance with legal obligations | Legal obligation, where applicable. |
5. Login protection and temporary lockout
Polaris CRM may record failed login attempts in order to protect user accounts. If too many unsuccessful attempts are detected, the account or login attempt may be temporarily blocked. This protection may use the submitted e-mail address or username, the IP address, timestamps and technical request information.
6. Cookies
Polaris CRM uses only essential cookies required for secure authentication, session management, CSRF protection and remembering the cookie notice acknowledgment. These cookies are not used for marketing, advertising, profiling or third-party tracking.
| Cookie | Purpose |
|---|---|
csrftoken |
Protects forms and actions against unauthorized or forged requests. |
sessionid |
Maintains the authenticated user session while using the platform. |
cookie_consent |
Stores acknowledgment of the cookie notice. |
7. Data retention
- Account data is stored while the user account exists or while required for service operation.
- Security and login protection records are stored only as long as necessary for abuse prevention, troubleshooting and security.
- Technical logs may be kept for a limited period for security and operational reasons.
- Data required by law may be retained for the legally required period.
8. Who can access the data
Personal data may be accessed only by authorized persons who need access for platform operation, support, security, administration or legal compliance. We do not sell personal data.
9. Processors and service providers
The platform may use hosting, database, e-mail delivery, backup and security service providers. These providers process data only as necessary for operating the service.
10. Data security
- Passwords are stored in hashed form and are not stored as plain text.
- The platform uses CSRF protection and session-based authentication.
- Failed login attempts may be monitored and temporarily blocked.
- Two-factor authentication may be used for enhanced account protection.
- Access to administrative functions is restricted.
11. Your rights
Under applicable data protection law, you may have the right to request access to your data, correction, deletion, restriction of processing, data portability, objection to processing, and information about how your data is processed.
12. How to exercise your rights
You can contact us at hello@polarisinno.com. We may need to verify your identity before fulfilling a request related to personal data.
13. Complaint
If you believe that your personal data has not been processed properly, you may contact us first. You may also lodge a complaint with your local data protection authority.
14. Changes to this notice
We may update this privacy notice from time to time. The latest version will always be available on this page.