Development — not production
Legal · Privacy policy

Privacy policy

Last updated · March 2026

Data controller

Secyda Labs, S.L. — CIF: B88750724, registered address Campoamor 90, 46022 Valencia, Spain (hereinafter "Secyda").

Contact email: legal@secyda.eu

Data Protection Officer

Pablo Bottero, Data Protection Officer. Contact: legal@secyda.eu

Data we collect

  • Identity data: name, email address, telephone (if provided).
  • Professional data: organisation, role.
  • Browsing data: IP address, browser type, pages visited, cookies (see Cookie Policy).

We collect personal data through the following channels: contact form, waiting list, job applications and investor portal.

We do not process special category data or sensitive personal data.

Purposes of processing

  • Handling contact requests received through the website.
  • Managing the early access waiting list.
  • Processing applications received through the careers page.
  • Sending communications related to Secyda services, where the user has given explicit consent.
  • Managing access to the investor portal (investors.secyda.eu) and the dataroom.

Legal basis for processing

  • Consent of the data subject (Art. 6(1)(a) GDPR): contact forms, waiting list and commercial communications.
  • Legitimate interest (Art. 6(1)(f) GDPR): website usage analysis to improve the service and security measures.
  • Pre-contractual measures (Art. 6(1)(b) GDPR) handling applications and investor relations.

Recipients and data processors

Data is not shared with third parties except where required by law. Secyda uses the following service providers acting as data processors:

  • OVH SAS (Germany) · infrastructure hosting. Data stored in EU datacentres.
  • ProtonMail AG (Geneva, Switzerland) · email. Subject to European Commission adequacy decision.
  • OpnForm (self-hosted at forms.agora.secyda.eu, OVH Germany) · form management. Data stored on our own servers in the EU. No third-party transfers.
  • PostHog (self-hosted at lux.agora.secyda.eu, OVH Germany) · behavioural analytics, heatmaps and session recordings (on secyda.eu only, never in the dataroom). Data stored on our own servers in the EU. No third-party transfers.
  • Payload CMS (self-hosted, EU) · headless CMS. Data stored on our own servers in the EU. No third-party transfers.

Data retention

  • Contact requests: until the enquiry is resolved, plus the applicable legal limitation period.
  • Waiting list: until the user requests removal or until the product launches.
  • Applications: 24 months from receipt.
  • Investor data: for the duration of the relationship and subsequent legal retention periods.

Data subject rights

You have the right to access, rectify, erase, restrict processing, port your data and object to processing.

To exercise your rights, write to legal@secyda.eu stating your name and the right you wish to exercise.

You may also lodge a complaint with the Spanish Data Protection Agency (www.aepd.es).

Security measures

Secyda applies appropriate technical and organisational measures to protect personal data, including: HTTPS/TLS encryption on all communications, hosting on servers located in the European Union, role-based access control, regular backups and continuous infrastructure monitoring.

International transfers

Secyda does not transfer data outside the European Economic Area. All data infrastructure operates on servers located within European Union territory.