Usantis

Legal

Privacy Policy

Last updated 24 May 2026

Who we are

This policy explains how Usantis processes personal data when you visit our website, create an account, or interact with our service. The controller is Revis-1 LLC, trading as Usantis. Our full legal and contact details, including our EU representative under Article 27 GDPR, are in the imprint.

For any privacy matter or to exercise your rights, contact [email protected].

What data we process and why

We process personal data for a limited set of purposes:

  • Website visit — server logs (IP address, request data) to deliver and secure the site. Legal basis: legitimate interest (Art. 6(1)(f)).
  • Account & service — name, email, company details and mandate data to provide the EU-representative service. Legal basis: performance of a contract (Art. 6(1)(b)).
  • Identity & sanctions checks — verification data during onboarding. Legal basis: legal obligation and legitimate interest (Art. 6(1)(c), (f)).
  • Billing — payment and tax data to process subscriptions. Legal basis: contract and legal obligation.
  • Data subject requests — when an EU resident contacts us as a customer’s representative, we process their request data to receive, verify and forward it. Legal basis: legal obligation / legitimate interest.
  • Communication — emails you send us and transactional messages we send you.

Service providers we use

We use carefully selected processors, bound by data-processing agreements. The critical processing path is hosted in the EU:

  • Hetzner (hosting and backups, Germany / Finland — EU)
  • Stripe (payments and tax)
  • Sumsub (identity and sanctions verification)
  • Resend (transactional email)
  • PandaDoc (electronic signature of the power of attorney)
  • DeepL (translation of data subject requests)
  • Sentry (error monitoring, EU region)
  • Plausible (privacy-first, cookieless analytics, EU-hosted)

International transfers

We keep the critical processing of personal data within the EU. Where a provider involves a transfer outside the EU (for example certain payment or document services), that transfer is safeguarded by an adequacy decision or the EU Standard Contractual Clauses, with additional measures where appropriate.

How long we keep data

We keep personal data only as long as needed for the purpose it was collected for, then delete or anonymise it — subject to statutory retention obligations (for example tax and anti-money-laundering law) and our documented audit trail. Account data is removed after the applicable retention period once a mandate ends.

Your rights

Under the GDPR you have the right to:

  • Access your data and information about how it is processed (Art. 15)
  • Have inaccurate data corrected (Art. 16)
  • Have your data erased in defined circumstances (Art. 17)
  • Restrict processing (Art. 18)
  • Receive your data in a portable format (Art. 20)
  • Object to processing, including direct marketing (Art. 21)
  • Not be subject to solely automated decisions with legal effects (Art. 22)

To exercise any right, email [email protected]. You also have the right to lodge a complaint with your local data protection authority.

Cookies and analytics

We keep cookies to the minimum needed to run the service and use cookieless analytics. Details are in our cookie policy.

Security

We apply field-level encryption to personal data, maintain an append-only audit log with a cryptographic hash chain, host in the EU, and offer multi-factor authentication. Every requirement we ask of our customers, we apply to ourselves.

Changes to this policy

We may update this policy as our service evolves. We will post the updated version here and, for material changes affecting account holders, notify you by email.

← Back to homepage