Privacy Policy

Effective Date: 06/08/2025

This Privacy Policy explains how Abstract Machines SAS ("we," "us," or "our") collects, uses, and protects your personal data when you use the Magistrala SaaS platform ("Platform").

We are committed to complying with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

1. WHO WE ARE

Abstract Machines SAS is a French company with its registered office at 141 Quai de Valmy, 75010 Paris, France. As the data controller under the General Data Protection Regulation (GDPR) and French Data Protection Act (Loi Informatique et Libertés), we determine the purposes and means of processing your personal data in connection with our Magistrala IoT platform and related services.

2. WHAT DATA WE COLLECT

We collect and process the following categories of personal data:

2.1 Account and Identity Data
  • Full name
  • Email address
  • Company name and business information
  • Phone number (if provided)
  • Profile picture (if uploaded)
  • Account preferences and settings
2.2 Authentication and Security Data
  • Username and encrypted passwords
  • API keys and access tokens
  • Login timestamps and session data
2.3 Technical and Usage Data
  • IP addresses and geolocation data
  • Device information (browser type, operating system, device ID)
  • Platform usage statistics and analytics
  • API calls, requests, and response times
  • Error logs and debugging information
  • Feature usage patterns and user interactions
2.4 Commercial and Billing Data
  • Subscription plans and billing history
  • Invoicing details and tax information
  • Purchase history and transaction records
2.5 Communication Data
  • Support tickets and correspondence
  • Email communications and responses
  • Chat logs and support interactions
  • Feedback, surveys, and testimonials
  • Marketing communication preferences

3. HOW WE USE YOUR DATA

We process your personal data for the following purposes:

3.1 Service Provision and Platform Operations
  • Create and manage user accounts
  • Authenticate users and maintain security
  • Provide access to the Magistrala IoT platform
  • Process and route IoT device data
  • Maintain platform infrastructure and databases
  • Monitor system performance and availability
  • Backup and disaster recovery operations
3.2 Customer Support and Communication
  • Respond to support requests and technical issues
  • Provide customer service and assistance
  • Send service-related notifications and updates
  • Communicate about account changes or security issues
  • Conduct user training and onboarding
3.3 Billing and Financial Management
  • Manage subscription plans and billing cycles
  • Generate invoices and billing statements
  • Maintain financial records for accounting purposes
  • Comply with tax and regulatory requirements
3.4 Platform Improvement and Analytics
  • Analyze usage patterns and user behavior
  • Improve platform features and functionality
  • Conduct performance optimization
  • Develop new services and capabilities
  • Generate anonymized statistics and reports
3.5 Security and Fraud Prevention
  • Detect and prevent unauthorized access
  • Monitor for suspicious activities
  • Investigate security incidents
  • Implement access controls and authentication
  • Maintain audit logs and compliance records
3.6 Legal Compliance and Regulatory Requirements
  • Comply with applicable laws and regulations
  • Respond to legal requests and court orders
  • Maintain records for regulatory audits
  • Report incidents as required by law
  • Protect our legal rights and interests
3.7 Marketing and Business Development (with consent)
  • Send promotional materials and newsletters
  • Conduct market research and surveys
  • Organize events and webinars
  • Develop case studies and testimonials

4. LEGAL BASES FOR PROCESSING

Under GDPR Article 6, we process your personal data based on the following legal grounds:

4.1 Contractual Necessity (Article 6(1)(b))

Processing is necessary for the performance of our contract with you, including:

  • Account creation and management
  • Platform access and service delivery
  • Payment processing and billing
  • Customer support and technical assistance
  • Service-related communications
4.2 Legitimate Interests (Article 6(1)(f))

Processing is necessary for our legitimate business interests, which include:

  • Platform security and fraud prevention
  • Service improvement and optimization
  • Business analytics and reporting
  • Network and information security
  • Internal administration and record-keeping
  • Protecting our legal rights and interests

We have conducted a legitimate interest assessment (LIA) to ensure our interests do not override your fundamental rights and freedoms.

4.3 Legal Obligation (Article 6(1)(c))

Processing is necessary to comply with legal obligations, including:

  • Tax and accounting requirements
  • Regulatory compliance (financial services, data protection)
  • Court orders and legal proceedings
  • Anti-money laundering (AML) and know-your-customer (KYC) requirements
  • Data breach notification obligations
4.4 Consent (Article 6(1)(a))

Where we have obtained your explicit consent for:

  • Marketing communications and newsletters
  • Non-essential cookies (PostHog, Google Analytics)
  • Testimonials and case studies
  • Market research and surveys

You may withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

5. COOKIES AND SIMILAR TECHNOLOGIES

We use cookies and similar technologies to enhance your experience:

5.1 Essential Cookies (No consent required)
  • Session cookies for authentication and security
  • Login state management
  • Security tokens and CSRF protection
5.2 Analytics Cookies (Consent required)
  • PostHog for website usage analytics, user behavior analytics and product insights.
  • Performance monitoring and optimization

Cookie Management: You can manage your cookie preferences through your browser settings or our cookie consent banner.

6. DATA SHARING AND RECIPIENTS

We do not sell your personal data. We may share data with the following categories of recipients:

6.1 Service Providers and Processors
  • Payment processing
  • Analytics
  • Email services
6.2 Legal and Regulatory Requirements
  • Law enforcement agencies when required by law
  • Regulatory bodies for compliance purposes
  • Tax authorities for reporting obligations
  • Data protection authorities in case of investigations
6.3 Data Processing Agreements

All third-party processors are bound by GDPR-compliant data processing agreements with strict security and confidentiality requirements.

7. DATA TRANSFERS OUTSIDE THE EU

We ensure protection through:

  • European Commission adequacy decisions
  • Standard Contractual Clauses (SCCs)
  • Additional safeguards

8. DATA RETENTION

We retain your personal data for as long as your account is active and for a limited period thereafter to comply with legal and operational obligations. Data may be anonymized for analytics.

9. CUSTOMER RIGHTS UNDER GDPR

You have rights to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion
  • Restrict processing
  • Data portability
  • Object to processing
  • Withdraw consent
  • Lodge complaints with CNIL (www.cnil.fr)

Contact: privacy@absmach.eu

10. SECURITY

We implement appropriate technical and organizational measures to protect your data, including encryption, access control, and regular security reviews.

11. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. We will notify you via email or through the Platform when significant changes occur.

12. CONTACT US

Email: privacy@absmach.eu

Address:
Abstract Machines SAS
141 Quai de Valmy
75010 Paris, France

French Data Protection Authority (CNIL):
www.cnil.fr | +33 1 53 73 22 22