CREANODE legal document
Security
This security statement describes the organisational and technical measures used by CREANODE sp. z o.o. to protect creanode.com, CREANODE OS access flows and communication with clients. Contact: contact@creanode.com.
Company identity and document status
The publisher and, where applicable, controller is CREANODE sp. z o.o., entered in the Polish KRS register under number 0001246748, NIP 5372697081, REGON 544966129, with registered office at Sokule, gmina Drelów, Polska. Electronic contact: contact@creanode.com. Website: https://creanode.com.
This security statement describes the organisational and technical measures used by CREANODE sp. z o.o. to protect creanode.com, CREANODE OS access flows and communication with clients. Contact: contact@creanode.com.
- Document version: 2026-06-13.
Legal basis and operational scope
Security controls are selected for the Website module, authentication paths, contact flow, SMTP delivery and protected panels.
- HTTPS, secure cookies, HttpOnly session cookies and SameSite controls.
- CSRF protection for forms and protected actions.
- Content Security Policy, security headers and removal of public development endpoints.
- Audit logs, failed email jobs, controlled SMTP delivery and no direct PHP mail function dependency.
- Least privilege for administrative access and separation between Website, Shared and other modules.
Data, tools and processing categories
Authentication uses controlled sessions, secure cookies when HTTPS is active, server-side checks and logout mechanisms.
- PWA starts at the panel entry and relies on server-side authentication.
- Protected pages are not cached by the service worker as stale authenticated content.
User rights, choices and retention
Contact email uses SMTP transport, logging and failed_email_jobs. A retry worker can process failed jobs without exposing SMTP secrets.
- Mail logs avoid storing raw message contents or passwords.
- Runtime SMTP tests mask secrets and can be run on the hosting environment.
Security, processors and responsibility
Security reports should be sent to contact@creanode.com with enough detail to reproduce the issue. Testing must not disrupt service, access data or bypass authorisation.
- CREANODE may restrict access when abuse, scanning or attack behaviour is detected.
CREANODE may update this document when the website, services, tools, legal duties, security measures or company data change. The current version is published on the website and is identified by the effective date.
Questions about personal data, cookies, security, accessibility or service rules should be sent to contact@creanode.com. A data subject may lodge a complaint with Prezes Urzędu Ochrony Danych Osobowych when they believe processing infringes data protection rules.
CREANODE may update this document when the website, services, tools, legal duties, security measures or company data change. The current version is published on the website and is identified by the effective date.
