Pacod
AboutFeaturesRegulationsPricingHow it worksFAQ

Privacy Policy

Last updated: May 2, 2026

1. Introduction

Pacod.net ("Pacod", "we", "our", or "us") operates the website at pacod.net and provides a self-serve Digital Product Passport (DPP) compliance platform for EU fashion brands. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our platform or visit our website.

We are committed to protecting your privacy in compliance with the EU General Data Protection Regulation (GDPR) — Regulation (EU) 2016/679.

By using Pacod.net, you agree to the collection and use of your information in accordance with this policy.

2. Data Controller

The data controller responsible for your personal data is:

Pacod.net
Email: business@pacod.net
Website: https://www.pacod.net

For any privacy-related questions or requests, contact us at business@pacod.net.

3. What Data We Collect

We collect the following categories of personal data:

3.1 Account Data
When you create an account, we collect your email address, full name, and password (stored encrypted). This is required to provide the service.

3.2 Brand and Product Data
Information you enter about your brand, products, suppliers, and compliance records. This data belongs to you and is processed on your behalf.

3.3 Supplier Data
Contact details of suppliers you invite through the platform, including name, email address, and WhatsApp number. Suppliers are informed of data collection when they access their invitation form.

3.4 Usage Data
We may collect anonymised usage data including pages visited, features used, and session duration to improve the platform. This does not identify you personally.

3.5 Payment Data
Payment processing is handled by Stripe. We do not store your card details. Stripe's privacy policy governs the processing of payment data.

3.6 Communication Data
If you contact us by email, we retain that correspondence to respond to your request.

4. How We Use Your Data

We use your personal data for the following purposes:

  • To provide and operate the Pacod.net platform
  • To authenticate your account and maintain security
  • To process your subscription and payments via Stripe
  • To send transactional emails related to your account (passport alerts, certification expiry reminders, chemical deadline alerts)
  • To respond to your support requests and feedback
  • To comply with our legal obligations under EU law
  • To improve the platform using anonymised analytics

We do not sell your personal data to third parties. We do not use your data for advertising purposes.

5. Legal Basis for Processing

Under GDPR, we process your personal data on the following legal bases:

  • Contract performance: processing necessary to provide the service you have signed up for
  • Legitimate interests: platform security, fraud prevention, and product improvement
  • Legal obligation: compliance with applicable EU regulations
  • Consent: where you have explicitly opted in to specific communications

6. Data Storage and Security

Your data is stored on Supabase infrastructure, which uses PostgreSQL databases hosted on AWS. Data is stored within the European Union where possible.

We implement the following security measures:

  • Encrypted data transmission (HTTPS/TLS)
  • Encrypted password storage (hashed via bcrypt)
  • Row-level security policies on all database tables
  • Access controls limiting data to account owners
  • Regular security reviews and audits

No method of transmission over the internet is 100% secure. We take all reasonable measures to protect your data but cannot guarantee absolute security.

7. Data Retention

We retain your personal data for as long as your account is active. If you delete your account, your personal data is deleted within 30 days, except where we are required to retain it for legal or regulatory compliance purposes.

Supplier data submitted through invitation forms is retained for the duration of the brand account that generated the invitation.