Privacy Policy

Controller: AConsultIT OÜ (APower Flex)

This policy explains how APower Flex processes personal data for multi-tenant ERP services in compliance with GDPR.

1. Data we process

• Account data (tenant, username, role, authentication events)
• Business data entered by tenant users
• Security logs (login attempts, lockouts, audit events)

2. Purpose and legal basis

• Service delivery and account management (Art. 6(1)(b))
• Security and fraud prevention (Art. 6(1)(f))
• Legal obligations (Art. 6(1)(c))

3. Retention

Data retention is controlled by tenant settings and legal obligations. Security logs are retained only as long as necessary for security and compliance.

4. Data subject rights

You can request access, rectification, erasure, portability, restriction, or objection via the Data Subject Request form.

5. Contact

For privacy inquiries contact the DPO/security team at support@apowerflex.com.