Help center
Security & data
Data, security & GDPR
Where your data lives, who owns it, and how Comet protects it.
Data, security & GDPR
A plain-language summary of how Comet handles data. For the full posture, see the Security & Compliance page.
Who owns the data
- You are the data controller; Comet is the data processor. You own your shopper data.
- We can provide a Data Processing Agreement (DPA) on request.
Where data lives
Session and e-commerce event data (page views, add-to-cart, initiate checkout) is stored on EU servers. Comet reads your catalogue as a live view and never moves your customer or payment data.
Compliance
- GDPR compliant, with documented data-handling policies.
- SOC 1 attestation (2023).
- SSO available on Enterprise.
Payments
Comet never processes payments and never sees card details. Checkout stays native to your platform and runs on your existing processor (Stripe or Adyen), which handles card data under their own PCI compliance.
Your requests
- Delete data: see Data deletion.
- Report a vulnerability: email security@comet.rocks.
- Privacy questions: see our Privacy policy or contact support.
Last updated 2026-06-26
Didn't find your answer?
Email the team and we'll reply within one business day.