C E S I O M EEst. MMXXVI

Privacy Policy

Last updated · July 10, 2026

This Privacy Policy explains how CESIOME handles personal data when creating personalized digital certificates for life's moments, including love, weddings, and gifts. Tributes and memorials are planned. CESIOME stores as little as possible: there are no accounts, no tracking, no analytics or advertising cookies, and no user profiles.

This policy should be read together with the Terms of Service. The names, messages, dedications, and other certificate details users enter remain their responsibility. The service's cookie-free approach is described in the Cookie Policy.

I.

Controller Identity

CESIOME is run by the operator of the CESIOME service. The controller for personal data processed through cesiome.com, cesiome.net, and related subdomains is the operator of the CESIOME service, reachable at cesiome@pm.me. The operator remains the controller for purposes of this policy unless and until the controller details are updated here.

CESIOME has not appointed a Data Protection Officer. The service does not conduct large-scale systematic monitoring or build behavioral profiles. Privacy requests, security notices, and data-subject requests should be sent directly to cesiome@pm.me.

II.

Scope

This Privacy Policy applies to the CESIOME service available at cesiome.com, cesiome.net, and subdomains controlled by CESIOME. It covers live certificate personalization and preview, content screening, payment redirection, PDF and PNG delivery, private return links, Reserved Entity review, abuse prevention, revocation checks, and related operational communications.

The service is governed by the EU General Data Protection Regulation, Regulation (EU) 2016/679, Romanian Law 190/2018 on processing of personal data (Legea 190/2018 privind masuri de punere in aplicare a Regulamentului GDPR), and applicable Romanian consumer protection rules under OG 21/1992 (Government Ordinance 21/1992 on consumer protection) and Legea 363/2007 (Law 363/2007 transposing EU Directive 2011/83/EU on consumer rights). Where users are located outside the European Union, CESIOME still applies the data-minimizing practices described here for the service as a whole, while mandatory local rules may also apply. Contractual and consumer-facing rules are described in the Terms of Service.

III.

Data Handled in the Standard Flow

To personalize a certificate, you choose an occasion and style and enter certificate details such as names and a short message. CESIOME uses those details to show the live preview, screen the content, generate the paid certificate, provide PDF and PNG downloads, and make the certificate available through its private link. CESIOME does not use the details for advertising, analytics, profiling, or training a user profile.

Certificate details are held only transiently. When they must pass through the server for screening, payment confirmation, generation, or delivery, they are keyed to an opaque token rather than an account or public identity. They are kept briefly for the sole purpose of delivering the certificate after payment and then expire automatically. The private link contains or refers to that opaque token. Anyone who receives the link may be able to access the certificate during the available delivery period.

CESIOME does not require an account, password, profile, date of birth, postal address, or telephone number. If an email address is requested for delivery or support, it is used only for that transaction or request and is not added to a marketing profile. CESIOME does not sell or rent certificate details and does not use them to track activity across visits or services. When tributes and memorials become available, names, dates, and images entered to commemorate another person will receive the same transient treatment. The user remains responsible for that content and affirms the right to create the tribute.

Payment information is entered directly with a third-party payment processor and is handled under that processor's terms and privacy policy. CESIOME never sees or stores full card numbers, security codes, bank credentials, or wallet keys. CESIOME may receive a limited order identifier, payment status, and transaction information needed to confirm delivery, address refunds, prevent fraud, and meet legal record-keeping duties.

IV.

Data Handled in Reserved Entity Review

Certificates naming certain protected or reserved entities, including major brands, public figures, institutions, or entities of significant public interest, may require additional review. If a certificate is routed to this safeguard, CESIOME may ask for the entity name, the requester's relationship to it, contact information, an explanation, and only the supporting material reasonably needed to assess authority or context.

Reserved Entity review is a narrow anti-impersonation safeguard, not a standard part of buying a certificate. CESIOME will not request an identity or authority document unless the review reasonably requires it. Any such material is used only to decide whether the certificate may proceed, address a complaint, or comply with law. Users should redact unrelated information where possible.

Reserved review material is separated from the standard accountless certificate flow, access is limited, and sensitive files are encrypted in transit and at rest where stored. Rejected material is deleted promptly. Approved material is kept only for the limited period needed to document the decision or handle a related complaint, subject to any mandatory legal retention requirement.

V.

Limited Technical Data

When a browser contacts CESIOME, the hosting and security infrastructure necessarily receives limited request information such as an IP address, request path, timestamp, and browser or device header. This information is used for routing, rate limiting, abuse prevention, security diagnostics, fraud resistance, and incident response. It is not used to recognize a returning user or build a browsing history.

Infrastructure providers may create short-lived operational logs as part of hosting, debugging, DDoS defense, bot detection, and network security. CESIOME configures and uses those services on a data-minimizing basis and does not combine request logs with certificate details for analytics, advertising, or profiling. CESIOME does not sell or rent technical data.

CESIOME does not set cookies, including analytics, advertising, marketing, or social-media cookies. It also does not use tracking pixels or browser fingerprinting. Further details are provided in the Cookie Policy. A third-party payment processor may use cookies on its own checkout pages under its own cookie and privacy policies.

VI.

Legal Bases Under Article 6 GDPR

CESIOME processes certificate details and limited order data under Article 6(1)(b) GDPR where processing is necessary to perform the contract requested by the user. This includes showing the live preview, screening the content, creating checkout, confirming payment, generating the personalized certificate, and providing PDF, PNG, and private-link delivery. The certificate details are retained only briefly for that delivery purpose and then expire.

CESIOME processes short-lived rate-limit data, content-screening results, revocation fingerprints, security logs, and similar minimal records under Article 6(1)(f) GDPR, legitimate interests. Those interests are preventing illegal or abusive content, reducing impersonation and defamation risk, protecting private links, resisting automated attacks, and preserving only the limited evidence needed to handle complaints. Payment credentials and Reserved Entity supporting files are not included in ordinary content screening.

CESIOME and its payment provider may process limited financial, tax, refund, chargeback, fraud, and consumer-law records under Article 6(1)(c) GDPR where a legal obligation applies. A payment provider may act as an independent controller for data it collects directly. Reserved Entity material is processed only when additional review is necessary and under the applicable legal basis, with strict minimization, restricted access, encryption where stored, and short retention.

VII.

Third-Party Processors

CESIOME uses service providers only where needed for payment, hosting, security, content screening, transient delivery, support, or operational integrity. Providers receive only the information needed for their role. CESIOME does not permit them to use certificate details for CESIOME advertising or user profiling.

Some providers act as independent controllers for part of their service, especially payment providers with tax, fraud, chargeback, accounting, and payment-network duties. Their own privacy and retention terms apply to information collected directly by them. When a provider processes information for CESIOME, CESIOME relies on its processing terms, security commitments, and transfer safeguards.

  • Stripe Inc., United States: payment processing for supported methods shown at checkout. Stripe collects payment and billing information directly under its own terms. CESIOME receives only limited order and payment-status information and never receives full card details. Where applicable, transfers rely on lawful safeguards such as Standard Contractual Clauses.
  • NOWPayments OE, Estonia, European Union: cryptocurrency payment processing when that option is offered. Wallet credentials and keys are entered with the provider, not CESIOME. The provider's own privacy and retention terms apply to information it collects.
  • OpenAI Inc, United States: content-screening provider when configured. It receives only the names and message needed to assess prohibited content or Reserved Entity references. It does not receive payment credentials or Reserved Entity supporting files for ordinary screening. Applicable transfer safeguards are used.
  • Upstash Inc, United States or European Union depending on the selected region: transient storage, rate limiting, and revocation infrastructure. Certificate details are keyed to opaque tokens with short expiry periods. Minimal rate-limit keys and non-reversible revocation fingerprints may be used for security and abuse handling. Applicable transfer safeguards are used where required.
  • Cloudflare Inc, global network with headquarters in the United States: content delivery, DDoS mitigation, bot defense, and edge security. CESIOME does not use Cloudflare for behavioral analytics or advertising and does not configure CESIOME tracking cookies. International transfers rely on applicable safeguards.
  • Vercel Inc, United States: application hosting, deployment, server-side execution, and short-lived operational logs. CESIOME does not use these logs to identify returning users or create behavioral profiles. Applicable transfer safeguards are used.
  • Resend Inc, United States: transactional email provider when email delivery or review notifications are configured. An email address is used only for the requested delivery or communication, not for a marketing profile. Applicable transfer safeguards are used where required.
VIII.

International Transfers

Some service providers are located in, or may provide support from, countries outside the European Economic Area. Where GDPR transfer rules apply, CESIOME uses an available lawful transfer mechanism, such as Standard Contractual Clauses under Article 46(2)(c) GDPR, together with relevant provider terms and security safeguards.

CESIOME limits international transfers by minimizing the information sent to each provider. Certificate details are transmitted only where needed for screening, transient storage, generation, or delivery and then expire from CESIOME's delivery flow. Payment credentials stay with the payment processor. Reserved Entity files are separated from ordinary screening and encrypted where stored.

Where UK, Swiss, or other transfer rules apply, CESIOME will use the appropriate addendum or substantially equivalent safeguard. The service remains accountless and data-minimal even when international infrastructure is used for hosting, payment, security, screening, transient delivery, or support.

IX.

Retention Periods

CESIOME applies the storage-limitation principle in Article 5(1)(e) GDPR and defaults to expiry rather than long-term storage. Certificate details are kept only briefly to complete screening, payment confirmation, generation, and delivery. A longer period applies only where a specific legal, security, refund, chargeback, or complaint reason requires a limited record. The retention approach is:

Data categoryRetention
Certificate detailsHeld briefly under an opaque token solely for post-payment generation and delivery, then automatically expired.
Opaque delivery tokensAvailable only for the limited private-link delivery period, then automatically expired.
Rate-limit and abuse-prevention keysShort-lived for the minimum period needed to prevent automated abuse or protect the service.
Declined Reserved Entity reviewsDeleted promptly after the review is declined, unless a specific complaint or legal duty requires a limited record.
Approved Reserved Entity reviewsKept only for the short period needed to document the decision or address a related complaint.
Reserved Entity supporting filesDeleted promptly after rejection or after the limited approved-review retention period, subject to mandatory law.
Revocation fingerprint and statusKept as needed to show that a certificate is revoked; the fingerprint is not intended to reveal the expired certificate content.
Hosting and security logsThe shortest available configured or provider-controlled period consistent with security and incident response.
Email address when requestedUsed for the requested delivery or communication and removed when no longer needed for that purpose.
Support correspondenceKept until the request is resolved and only longer where needed for a legal claim, refund, or security issue.
Payment-processor dataRetained by the processor under its own legal obligations, privacy policy, and retention schedule.

A payment provider may have to retain payment, tax, fraud, chargeback, or accounting records longer than CESIOME retains certificate details. The provider's schedule controls the records it holds. CESIOME does not receive or store full card numbers, security codes, bank credentials, or wallet keys.

A dispute, security incident, lawful request, authority inquiry, or threatened claim may require preservation of a specific limited record. CESIOME preserves only what is reasonably needed for that purpose and does not extend retention across unrelated certificate details. When the reason ends, the preserved record is deleted unless another legal obligation applies.

X.

Cookies

CESIOME does not set cookies. It does not use analytics, advertising, marketing, profiling, affiliate, or social-media cookies, and it does not require an account or preference cookie. Security is handled without using cookies to recognize or profile returning users.

The cookie-free approach, browser controls, and the separate treatment of third-party payment pages are described in the Cookie Policy.

XI.

Data Subject Rights Under Articles 12-23 GDPR

Subject to the GDPR's limits and conditions, users may request access, rectification, erasure, restriction, portability, and objection to processing based on legitimate interests. Users may also object to direct marketing, although CESIOME does not create marketing lists from certificate details or use them for behavioral marketing. Where processing is based on consent, consent may be withdrawn without affecting earlier lawful processing.

CESIOME is intentionally accountless. After transient certificate details expire, CESIOME may no longer hold information that can be accessed, corrected, or deleted, and it will not recreate an identity link between separate records. To exercise a right while relevant data remains, send the private-link token, certificate serial number, order identifier, relevant URL, or Reserved Entity review ID to cesiome@pm.me. CESIOME may request only enough information to locate the record and verify the requester.

Article 22 rights relating to automated decision-making are discussed below. If certificate content is refused by automated screening, the user may request human review by email. CESIOME will respond within applicable GDPR time limits unless the request is manifestly unfounded, excessive, abusive, or impossible to verify.

CESIOME will normally respond to rights requests within one month of receipt. That period may be extended by two further months where a request is complex or multiple requests are submitted, in which case CESIOME will explain the extension. Requests are free of charge unless they are manifestly unfounded or excessive, in particular because of repetition. Where CESIOME cannot act on a request because it cannot identify the requester or no longer holds the relevant data, it will explain that limitation rather than create a link between unrelated records.

XII.

Complaint Right

Users have the right to lodge a complaint with a supervisory authority. For Romania, the competent authority is ANSPDCP (Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal), B-dul G-ral Gheorghe Magheru 28-30, Sector 1, 010336 Bucuresti, Romania, available at dataprotection.ro. Users located elsewhere in the European Union may also contact their national data protection authority.

CESIOME encourages users to contact cesiome@pm.me first where practical, because many issues can be resolved quickly with a certificate serial number, order identifier, or Reserved Entity review ID. This does not limit the right to complain directly to a supervisory authority.

XIII.

Children

CESIOME is not intended for users under 16. This 16+ service rule is stated for the Romanian implementation of GDPR Article 8 and for CESIOME's operational risk controls. The service involves payment and user-entered names, messages, dedications, and personal references, so younger users should not personalize or purchase certificates.

If a parent, guardian, school, public authority, or affected person believes that a minor has personalized a certificate, contact cesiome@pm.me with the private link, certificate serial number, or relevant URL. CESIOME will review the request and may refuse, revoke, or remove the certificate where appropriate.

XIV.

Security Measures Under Article 32 GDPR

CESIOME's main security measure is data minimization. There are no user accounts or reusable account credentials. Certificate details needed for fulfillment are associated with an opaque token, kept only briefly, and automatically expired. Data in transit is protected by HTTPS, and administrative access is restricted and rate-limited.

Operational controls include short retention, limited internal access, separation of Reserved Entity review material from the standard certificate flow, provider selection based on security posture, and an incident-response process. Non-reversible fingerprints may be used to show a revoked status without keeping the expired certificate details in the ordinary revocation record.

CESIOME does not currently claim ISO 27001, SOC 2, or an equivalent external security certification. Security controls will be reviewed as the service, transaction volume, certificate formats, and Reserved Entity safeguards evolve.

No internet service can guarantee absolute security. Users should not enter sensitive information that is unnecessary for a certificate. Reserved Entity requesters should redact unrelated information from supporting material where practical. CESIOME's security model is based on collecting less, retaining it briefly, encrypting sensitive files where stored, and limiting access to the workflows that require review.

XV.

Breach Notification Under Articles 33-34 GDPR

If CESIOME becomes aware of a personal data breach that is likely to result in a risk to the rights and freedoms of natural persons, it will notify ANSPDCP without undue delay and, where feasible, within 72 hours of becoming aware of the breach. If notification is delayed, CESIOME will explain the reasons for delay as required by the GDPR.

If a breach is likely to result in a high risk to the rights and freedoms of affected users, CESIOME will also communicate the breach to those users without undue delay, unless an exception applies, such as effective encryption rendering the affected data unintelligible or subsequent measures eliminating the high risk. For accountless users, communication may occur through available email data, order channels, public notice, or provider-mediated notice depending on what contact data exists.

XVI.

Automated Decision-Making Under Article 22 GDPR

CESIOME uses automated screening to decide whether certificate content may proceed to purchase. This may include rule-based checks, Reserved Entity matching, and a screening provider where configured. Screening may refuse content before purchase, so it can affect the user's ability to obtain the requested certificate.

The screening logic uses rules and threshold-based classification. Content identified as illegal, hateful, harassing, defamatory, threatening, impersonating, abusive, sexually explicit involving minors, reserved without sufficient review, or otherwise likely to violate the Terms of Service may be refused or routed to Reserved Entity review. Screening does not decide legal truth or endorse content. It is a safety control for a personalized certificate service.

Users have the right to request human review of an automated rejection by contacting cesiome@pm.me. The request should include the content that was refused, the approximate time, and any relevant explanation. CESIOME may still refuse the content after human review if it violates the Terms, creates legal or safety risk, or requires Reserved Entity review.

XVII.

Changes

CESIOME may update this Privacy Policy as the service, provider list, payment channels, company structure, retention schedule, or legal obligations change. Material changes will be reflected by updating the Last updated date prominently at the top of this page. Where a change materially affects users whose contact information is available to CESIOME, direct notice may also be sent when practical.

Continued use of CESIOME after an updated policy is posted constitutes acceptance to the extent permitted by law. If a user does not agree with a material change, the user should stop using the service and may contact CESIOME about an existing certificate, Reserved Entity review record, or rights request.

XVIII.

Contact

For privacy inquiries, data-subject requests, screening-review requests, deletion requests, complaints, Reserved Entity review questions, or security notices, contact CESIOME at cesiome@pm.me. Include the private-link token, certificate serial number, order identifier, Reserved Entity review ID, or relevant URL where available so CESIOME can locate any remaining data without collecting unnecessary additional information.