Privacy Policy

GDPR PRIVACY POLICY

Last Updated: January 2nd, 2025

This GDPR Privacy Policy (“Policy”) outlines how Egregore Labs (“Company,” “we,” “us,” or “our”) collects, processes, uses, and protects personal data under the requirements of the General Data Protection Regulation (GDPR). This Policy applies to all personal data collected or processed by the Company in relation to the operation of our website and services.

1. Data Controller

1.1. Identity of the Controller

The Company is the Data Controller for all personal data processed in connection with our website and services.

1.2. Contact Information

2. Legal Basis for Processing

2.1. Consent

We may process personal data based on the explicit consent provided by the data subject.

2.2. Contractual Necessity

We may process personal data when it is necessary for the performance of a contract with the data subject or to take steps prior to entering into a contract.

2.3. Legal Obligations

We may process personal data to comply with our legal obligations.

2.4. Legitimate Interests

We may process personal data where necessary for our legitimate interests, provided that such interests are not overridden by the rights and freedoms of the data subject.

3. Categories of Personal Data Collected

3.1. Contact Information

Name, email address, telephone number, and similar identifiers.

3.2. Usage Data

Internet Protocol (IP) addresses, browser types, operating systems, referring URLs, pages viewed, and other technical or usage-related information.

3.3. Transaction Data

Billing addresses, payment method details, and related transactional data for the provision of goods or services.

4. Purpose of Data Processing

4.1. Provision of Services

We process personal data to deliver and maintain our services, including hosting, support, and other related functionalities.

4.2. Communication

We process personal data to respond to inquiries and communicate with data subjects regarding updates, services, or administrative matters.

4.3. Analytics and Improvement

We use personal data to analyze how our website and services are used, in order to improve functionality, performance, and user experience.

4.4. Compliance and Legal

We may process personal data to comply with applicable laws, regulations, or judicial requests, and to protect our legal rights or fulfill our legal obligations.

5. Sub-Processors (Data Processors)

We engage third-party service providers to process personal data on our behalf. Each of these providers is subject to separate data processing agreements that reflect the requirements of the GDPR.

5.1. Google

  • Services Used: Google Analytics, Google Cloud Platform, or related Google services.
  • Purpose of Processing: Analytics, cloud storage, hosting, performance monitoring, and marketing-related functionalities.
  • Data Processing Terms: Google Cloud GDPR Resource Center

5.2. Cloudflare

  • Services Used: Content Delivery Network (CDN), DNS, and DDoS protection.
  • Purpose of Processing: Improving site security, speed, and reliability.
  • Data Processing Terms: Cloudflare GDPR Compliance

5.3. DigitalOcean

  • Services Used: Website hosting, database hosting, or server infrastructure.
  • Purpose of Processing: Hosting applications, storing data, and maintaining server infrastructure.
  • Data Processing Terms: DigitalOcean Data Processing Addendum

6. International Data Transfers

6.1. Locations

Personal data may be transferred to, and processed in, countries outside the European Economic Area (EEA).

6.2. Mechanisms

We implement Standard Contractual Clauses (SCCs) or rely on adequacy decisions for these transfers to ensure the level of data protection is consistent with GDPR requirements.

7. Data Retention

We retain personal data only for as long as it is necessary to fulfill the purposes for which it was collected, or as required under applicable law. Upon expiration of the retention period, personal data will be securely deleted or anonymized.

8. Data Subject Rights

Under the GDPR, data subjects have the following rights in relation to their personal data, subject to certain limitations:

  1. Right of Access: To obtain confirmation as to whether personal data is being processed and to receive information about such processing.
  2. Right to Rectification: To request corrections of inaccurate personal data.
  3. Right to Erasure (Right to be Forgotten): To request the deletion of personal data, subject to certain exceptions.
  4. Right to Restriction of Processing: To request the limitation of personal data processing.
  5. Right to Data Portability: To receive personal data in a structured, commonly used, and machine-readable format, and to transmit such data to another controller.
  6. Right to Object: To object to processing based on legitimate interests or direct marketing.
  7. Right to Withdraw Consent: To withdraw consent at any time, without affecting the lawfulness of processing based on consent prior to withdrawal.

Requests to exercise these rights should be directed to our contact details provided in Section 1.2.

9. Security Measures

We employ appropriate technical and organizational security measures to protect personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. These measures may include encryption, secure servers, firewalls, access controls, and regular security assessments.

10. Cookies

We use cookies and similar technologies to enhance user experience and analyze website usage. Details regarding the types of cookies used, their purposes, and how to manage or disable cookies are provided in our Cookie Policy, available on https://www.egregorelabs.ai.

11. Updates to This Policy

We may update this Policy from time to time to reflect changes in our data processing practices, legal obligations, or service offerings. Any changes will be posted on our website, and where required by applicable law, we will provide additional notification.

12. Contact Information

For inquiries regarding this Policy, data protection matters, or to exercise any rights mentioned in Section 8, please contact our Data Protection Officer (if applicable) or our general contact:

Data subjects may also lodge a complaint with a supervisory authority in their country of residence within the European Union if they believe that the Company’s processing of personal data infringes applicable law.