Managed integration platform · GDPR data processor1,653+ integrations · one engine
MEGZO IV
ENROHU
ContactGet started
MEGZO IV › Privacy Policy
Privacy Policy

Privacy Policy

Last updated: 2026-06-23 · Applies to: vortex.megzo.biz and the managed Vortex service

This Privacy Policy explains what personal data MEGZO Integrator Vortex processes, why, on whose behalf, and how it is protected and retained. It reflects the platform's actual technical controls as operated by ICS4BIZ & IT SRL (company reg. no. 40365405), the data processor.

Our role: data processor

MEGZO Integrator Vortex is integration middleware. We keep your ERP as the single source of truth and synchronise products, prices, stock and orders between it and your sales channels. In GDPR terms, you (our client / the merchant) are the data controller and MEGZO is a data processor acting on your documented instructions.

We do not generate, issue or submit fiscal or legal invoices, and we do not file with e-Factura / ANAF or any tax authority. Where an invoice flow is enabled, we only fetch a PDF your ERP or invoicing service already produced and attach it to the relevant channel order.

What personal data we process

Personal data reaches us only as part of order payloads that flow from a sales channel into your ERP. We practise data minimisation — a single canonical marketplace-customer model — and process only what an order needs to be created and fulfilled:

  • Buyer identifiers: name, and the channel's order / customer reference.
  • Contact details needed for fulfilment: email and/or phone where the channel provides them.
  • Delivery and (where applicable) billing address.
  • Order line content: products, quantities, prices, currency, and order/shipment status.

We do not seek out special-category data, and we do not store payment-card data — payment is handled by the channel and your payment providers, not by MEGZO.

Why we process it (purpose & legal basis)

We process order PII for one purpose: to perform the integration service you engaged us for — turning a channel order into a Sales Order in your ERP, syncing stock and prices, attaching the invoice PDF your ERP produced, and handing back tracking/AWB data. The legal basis is the controller-processor relationship: we act under your instructions and the data-processing terms agreed with you (see our Data Processing Agreement).

Sub-processors

We host the service on a small, fixed set of infrastructure sub-processors. We do not sell data and we do not share it with advertising or analytics third parties.

Sub-processorPurposeRegion
Cloudflare, Inc.Edge compute & storage (Workers, R2 blob, Queues, Durable Objects, Hyperdrive)Global (EU data localization available)
Neon, Inc.Managed PostgreSQL control-plane database (accessed via Cloudflare Hyperdrive)EU region

Your business data stays in your ERP; the control-plane database holds only configuration, links and operational metadata. Adding or changing a sub-processor is a change we will record and make available to controllers under the DPA.

Retention & deletion

We are a pass-through engine, not a data warehouse: order PII is processed to complete a sync and is not retained as a standalone archive. The one place a payload can persist is the dead-letter queue (DLQ), used to retry or inspect a failed sync — and that is automatically purged.

  • DLQ payload purge: failed-message payloads are deleted on a rolling schedule. The retention window is enforced in code (DLQ_RETENTION_DAYS), defaulting to 30 days; audit metadata (without the PII-bearing body) may be kept for traceability.
  • Logs: we never log request bodies, credentials, tokens or auth headers — only references and hashes — so logs do not become a secondary store of personal data.
  • On termination: on the end of the service, control-plane records tied to your tenant are deleted per the DPA's return-and-deletion terms.

How we protect it

Security is built into the platform, not bolted on:

  • Encryption at rest: credentials are sealed with AES-256-GCM; the master key lives in Worker Secrets and per-tenant ciphertext in the database. Secrets are decrypted only in-memory at the point of use, never logged, never persisted in plaintext, and never returned to the UI.
  • Encryption in transit: all traffic — to channels, to your ERP, and to our admin surface — runs over TLS.
  • Tenant isolation: the database enforces row-level security (RLS) keyed on tenant, so one client's data is not reachable from another's context.
  • Webhook authenticity: every inbound webhook is HMAC-verified at the boundary (Standard Webhooks — id/timestamp/signature with a replay window) before any processing; unauthenticated calls are rejected.
  • Least privilege & locked admin: the admin UI sits behind Cloudflare Access with a locked Content-Security-Policy; service credentials are scoped to only what each integration needs.

Data-subject rights

Because we are a processor, data subjects (the buyers behind orders) usually exercise their rights with the merchant who sold to them — the controller. When you, as controller, receive an access, rectification, erasure, restriction, portability or objection request, we will assist you in fulfilling it for any data we process on your behalf, including locating and deleting PII-bearing payloads. Contact office@megzo.biz to route such a request.

International transfers

Our infrastructure sub-processors operate globally, with EU regions used for the control-plane database. Where data is transferred outside the EEA, it is covered by the sub-processors' own transfer mechanisms (such as EU Standard Contractual Clauses). Specific transfer mechanisms and any client-requested data-localisation are confirmed in the per-client DPA.

Contact

Questions about this document or a data-subject / data-controller request: office@megzo.biz. We respond as described above and route requests to the responsible operator. Data controller and service operator: ICS4BIZ & IT SRL (operator of MEGZO Integrator Vortex, company reg. no. 40365405).

Last updated: 2026-06-23