Privacy Policy

Draft pending legal review. This text is not yet final: structure and content are being validated with a legal advisor before go-live. The data controller and company details are shown as placeholders until the billing entity is decided.

We handle your data the way we'd want ours handled: only what's necessary, transparently, and genuinely protected. Here it is, in plain language.

Data controller

Controller: [Company name: placeholder] · Registered office: [address: placeholder] · VAT no.: [to be defined]. Privacy contact: privacy@bastionsec.io (or info@bastionsec.io).

What data we collect

Contact form data: name, work email, company, role.
Details you provide voluntarily: company size, whether you have a technical contact, and the message describing your need.
Browsing data (only after consent) and UTM/gclid campaign parameters (attribution, only after consent).

Purposes and legal bases

Responding to your requests: performance of pre-contractual measures / legitimate interest.
Marketing and analytics: only with your consent.
Legal obligations.

Retention

We keep data for as long as necessary for the purposes above, according to periods defined per category [to be detailed in the final version].

Recipients and sub-processors

The up-to-date list of providers (hosting, email, post-consent analytics) is available in our Trust Center. Any transfers outside the EU take place with appropriate safeguards (e.g. standard contractual clauses).

Your rights

You can exercise your GDPR rights: access, rectification, erasure, objection, portability, and lodging a complaint with the supervisory authority.

Language of processing

We reply in the language you choose, among those we serve. For requests about your data, write to us in your language.

Cookies

For cookies, see our Cookie Policy.