AstryxAstryx
Legal

Privacy Policy

Last updated: March 10, 2026

1. Introduction

Astryx ("we", "us", or "our") is committed to protecting the privacy and security of personal data. This Privacy Policy explains how we collect, use, share, and safeguard information when you visit our website or use our enterprise email security services.

This policy is compliant with the General Data Protection Regulation (GDPR) (EU) 2016/679 and applicable French data protection law.

2. Data Controller

Astryx acts as the data controller for personal data collected through our website and marketing activities. For data processed on behalf of enterprise customers within the platform, Astryx acts as a data processor, and the customer is the controller.

Contact: contact@astryx.systems

3. Data We Collect

We may collect the following categories of personal data:

  • Account data: name, professional email address, job title, and organization name provided during registration or demo requests.
  • Usage data: IP address, browser type, pages visited, session duration, and interaction data collected automatically via cookies and analytics.
  • Communication data: messages you send us via contact forms or email, including support requests.
  • Platform data (enterprise): email metadata and content processed by the Astryx engine on behalf of enterprise customers. This data is processed solely to deliver the security services and is subject to the Data Processing Agreement.

4. Legal Basis for Processing

We process personal data on the following legal bases:

  • Contract performance: to provide the Services you have subscribed to
  • Legitimate interests: to improve our services, prevent fraud, and ensure platform security
  • Legal obligation: to comply with applicable laws and regulations
  • Consent: where you have explicitly opted in, such as for marketing communications

5. How We Use Your Data

  • To create and manage your account and provide access to the platform
  • To process demo requests and respond to inquiries
  • To send service notifications, security alerts, and product updates
  • To analyze usage patterns and improve platform performance
  • To fulfill legal and compliance obligations
  • To detect and prevent abuse, fraud, or unauthorized access

6. Data Sharing

We do not sell personal data. We may share data with:

  • Service providers: trusted third parties that assist in operating our infrastructure (e.g., cloud hosting, analytics), bound by confidentiality and data processing agreements.
  • Legal authorities: where required by law, court order, or regulatory obligation.
  • Business transfers: in the event of a merger, acquisition, or sale of assets, subject to the same privacy protections.

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this policy, or as required by law. Account data is retained for the duration of the relationship and up to 3 years after termination. Platform data processed under customer instruction is handled according to the customer's retention settings and applicable DPA.

8. International Transfers

Astryx operates primarily within the European Economic Area (EEA). In cases where data is transferred outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) as approved by the European Commission.

9. Cookies

Our website uses cookies and similar technologies to provide core functionality, measure performance, and improve user experience. You may control cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of our site.

10. Your Rights

Under GDPR, you have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate or incomplete data
  • Erase your data ("right to be forgotten"), subject to legal obligations
  • Restrict or object to certain processing activities
  • Data portability — receive your data in a structured, machine-readable format
  • Withdraw consent at any time where processing is based on consent

To exercise these rights, contact us at contact@astryx.systems. We will respond within 30 days.

11. Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, or destruction. These include encryption in transit and at rest, access controls, and regular security assessments. However, no system is entirely immune to risk, and we cannot guarantee absolute security.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by posting a revised version with an updated date. We encourage you to review this policy periodically.

13. Contact & Complaints

For any privacy-related questions or concerns, contact our Data Protection Officer at contact@astryx.systems.

You also have the right to lodge a complaint with the relevant supervisory authority. In France, this is the Commission Nationale de l'Informatique et des Libertés (CNIL) — www.cnil.fr.