Effective Date: May 2026
Data Controller: Studio Cygnus SRL (CUI: 50611230)
Represented by: Murad Madi
Registered Office: Str. Ioan Rusu Sirianu 3, Et. 1, Ap. 9, Cod 310035, Arad, Romania
Operational Base: Madrid, Spain
Contact Email: [email protected]
This Privacy Policy outlines how your personal data is collected, processed, and protected when you visit this website or interact with our communication forms. As a specialized engineering practice, we prioritize "Privacy by Design," utilizing clean infrastructure and server-side data routing to minimize third-party data exposure.
We collect data strictly for the purposes of facilitating communication and auditing our technical architecture.
When you use the "Let's Talk" form or contact us via email, we collect:
If you consent to our analytical cookies, we collect:
Under the GDPR, we must have a valid legal basis to process your information.
The Process: Form submissions are securely routed through a self-hosted automation pipeline (n8n). This prevents third-party middleware from intercepting or reading your business inquiries.
Legal Basis: Processing is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract (Article 6(1)(b) GDPR).
The Process: We deploy a PostHog Cloud (EU) instance to analyze behavioral data. Additionally, we use Google Analytics 4 (GA4). To ensure data integrity and privacy, GA4 requests are routed through a self-hosted Server-Side Google Tag Manager (sGTM) container. This server-side environment automatically strips Personally Identifiable Information (PII) and obfuscates your IP address before any data is dispatched to Google.
Legal Basis: Explicit Consent (Article 6(1)(a) GDPR) granted via our Cookie Consent banner.
The Process: We monitor server logs and network requests to detect malicious activity, prevent DDoS attacks, and ensure the uptime of our infrastructure.
Legal Basis: Legitimate Interest (Article 6(1)(f) GDPR) to protect the integrity of our network and digital assets.
Because we utilize a highly independent tech stack, data sharing is kept to an absolute minimum. We do not sell, rent, or trade your personal data to advertising networks.
Data is only shared with:
While our primary infrastructure is hosted in Europe, some data processed by Google Analytics may be transferred to servers located in the United States. These transfers are safeguarded by the EU-US Data Privacy Framework and Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring your data retains GDPR-equivalent protection.
We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy.
Under the GDPR and LOPDGDD, you possess absolute control over your personal data. You have the right to:
To exercise any of these rights, contact us directly at [email protected]. We will respond to all legitimate requests within 30 days.
If you feel your data rights have been violated, you have the right to lodge a formal complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos - AEPD) via their website: www.aepd.es.