Privacy Policy

Effective Date: 06/08/2025

This Privacy Policy explains how Abstract Machines SAS ("we," "us," or "our") collects, uses, and protects your personal data when you interact with our products, services, and websites (collectively, "Services").

We are committed to complying with the General Data Protection Regulation (GDPR), the French Data Protection Act (Loi Informatique et Libertés), and other applicable privacy laws.

1. WHO WE ARE

Abstract Machines is a French company specializing in IoT infrastructure and security solutions. We are registered in France with headquarters at 141 Quai de Valmy, 75010 Paris, France (SIRET: 95203303300012). We act as the data controller for your personal data when you use our Services, including our software products (Magistrala, SuperMQ, Propeller), hardware solutions (S0 and S1 Gateways), consulting services, and websites.

2. WHAT DATA WE COLLECT

Depending on how you interact with our Services, we may collect the following categories of personal data:

2.1 Information You Provide
  • Contact information (name, email address, phone number, company name, job title)
  • Account credentials and authentication data
  • Payment and billing information
  • Communications with our support team
  • Information submitted through forms, surveys, or feedback
2.2 Information We Collect Automatically
  • Technical data (IP address, browser type, device information, operating system)
  • Usage analytics (pages visited, features used, session duration)
  • Performance and diagnostic data
  • Cookies and similar tracking technologies
2.3 Product-Specific Data
  • Software Products: Configuration data, API usage metrics, system logs
  • Hardware Products: Device telemetry, performance metrics, maintenance logs
  • Consulting Services: Project requirements, technical specifications, deliverables

3. HOW WE USE YOUR DATA

We process your personal data for the following purposes:

3.1 Service Delivery
  • Provide, operate, and maintain our products and services
  • Process transactions and manage billing
  • Deliver customer support and technical assistance
  • Authenticate users and maintain account security
3.2 Communication
  • Send service-related notifications and updates
  • Respond to inquiries and support requests
  • Provide product announcements and security alerts
  • Send marketing communications (with your consent)
3.3 Business Operations
  • Analyze usage patterns to improve our Services
  • Conduct research and development
  • Ensure security and prevent fraud
  • Comply with legal and regulatory obligations
  • Protect our rights and interests

4. LEGAL BASIS FOR PROCESSING

Under GDPR, we process your personal data based on the following legal grounds:

  • Contract Performance (Article 6(1)(b)): Processing necessary to perform our contractual obligations to you
  • Legitimate Interests (Article 6(1)(f)): Processing for our legitimate business interests, such as improving our Services, security, and fraud prevention
  • Legal Obligation (Article 6(1)(c)): Processing required to comply with legal or regulatory requirements
  • Consent (Article 6(1)(a)): Processing based on your explicit consent, such as for marketing communications
  • Vital Interests (Article 6(1)(d)): Processing necessary to protect vital interests in emergency situations

5. DATA RETENTION

We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy:

  • Account Data: Retained while your account is active and up to 3 years after account closure
  • Transaction Records: Retained for 10 years as required by French accounting law
  • Support Communications: Retained for 3 years after case closure
  • Marketing Data: Retained until you withdraw consent or 3 years of inactivity
  • Technical Logs: Retained for 12 months for security and operational purposes

After the retention period, data is securely deleted or anonymized for statistical purposes.

6. DATA SHARING AND THIRD PARTIES

We do not sell, rent, or trade your personal data. We may share your data only in the following circumstances:

6.1 Service Providers

We work with trusted third-party service providers who assist us in delivering our Services:

  • Cloud infrastructure providers (hosting, storage, computing)
  • Payment processors and financial service providers
  • Email and communication service providers
  • Analytics and monitoring tools
  • Customer support platforms
6.2 Legal Requirements
  • To comply with applicable laws, regulations, or court orders
  • To respond to lawful requests from public authorities
  • To protect our rights, property, or safety, or that of our users
6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, personal data may be transferred as part of the transaction, subject to appropriate safeguards.

All third parties are bound by data processing agreements and must comply with GDPR requirements.

7. INTERNATIONAL DATA TRANSFERS

We primarily process data within the European Economic Area (EEA). When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place:

  • Adequacy Decisions: Transfers to countries with an adequacy decision from the European Commission
  • Standard Contractual Clauses (SCCs): EU-approved contractual terms for data transfers
  • Binding Corporate Rules: For transfers within multinational organizations
  • Certification Schemes: Such as Privacy Shield successors or equivalent frameworks

You may request information about specific safeguards by contacting us at [email protected].

8. YOUR PRIVACY RIGHTS

Under GDPR and French data protection law, you have the following rights:

8.1 Access and Information
  • Right of Access (Article 15): Request a copy of your personal data and information about how we process it
  • Right to Information: Receive clear information about our data processing activities
8.2 Correction and Deletion
  • Right to Rectification (Article 16): Correct inaccurate or incomplete personal data
  • Right to Erasure (Article 17): Request deletion of your personal data ("right to be forgotten")
8.3 Processing Control
  • Right to Restrict Processing (Article 18): Limit how we process your data in certain circumstances
  • Right to Object (Article 21): Object to processing based on legitimate interests or for direct marketing
  • Right to Data Portability (Article 20): Receive your data in a structured, machine-readable format
8.4 Consent and Complaints
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
  • Right to Lodge a Complaint: File a complaint with the CNIL (French data protection authority) or your local supervisory authority

How to Exercise Your Rights: Contact us at [email protected]. We will respond within one month of receiving your request.

9. DATA SECURITY

We implement comprehensive security measures to protect your personal data:

9.1 Technical Safeguards
  • Encryption of data in transit and at rest
  • Multi-factor authentication and access controls
  • Regular security assessments and penetration testing
  • Secure software development practices
  • Network security monitoring and intrusion detection
9.2 Organizational Measures
  • Employee training on data protection and security
  • Strict access controls and need-to-know principles
  • Regular security audits and compliance reviews
  • Incident response and breach notification procedures
  • Vendor security assessments and contractual obligations

While we strive to protect your data, no method of transmission or storage is 100% secure. We encourage you to use strong passwords and keep your account information confidential.

10. COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar technologies to enhance your experience with our Services:

10.1 Types of Cookies
  • Essential Cookies: Necessary for basic website functionality and security
  • Performance Cookies: Help us understand how visitors interact with our websites
  • Functional Cookies: Remember your preferences and settings
  • Marketing Cookies: Used to deliver relevant advertisements (with your consent)

You can manage cookie preferences through your browser settings or our cookie consent tool. Note that disabling certain cookies may affect website functionality.

11. CHANGES TO THIS POLICY

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will:

  • Post the updated policy on our website with a new effective date
  • Notify you via email for material changes that affect your rights
  • Provide notice through our Services for significant updates
  • Maintain previous versions for your reference

Your continued use of our Services after the effective date constitutes acceptance of the updated policy.

12. CONTACT INFORMATION

For questions, concerns, or requests related to this Privacy Policy or our data processing practices, please contact us:

Data Protection Officer

Email: [email protected]

Company Information

Abstract Machines SAS
141 Quai de Valmy
75010 Paris, France
Email: [email protected]