Legal

Privacy Notice

Last updated: 16 June 2026

This notice explains how SkyPlexus.com processes personal data for SkyPlexus account registration, product access, support, billing administration, security, and communications.

Controller

SkyPlexus.com is the controller for website, account, billing, and support processing. Add the registered legal entity name, address, and privacy contact before launch.

Data we process

• Account data: name, email address, company or lab name, requested tier.
• Security data: authentication identifiers, MFA status, CAPTCHA outcome, audit events.
• Commercial data: selected tier, licensing option, invoice or payment status for paid tiers.
• Consent data: privacy notice version, terms version, optional marketing preference.
• Technical data: IP address, device/browser metadata, logs needed for security and reliability.

Legal bases

• Contract performance for account creation, service access, licensing, and support.
• Legal obligation for tax, accounting, and invoice records.
• Legitimate interests for security, fraud prevention, abuse prevention, and service reliability.
• Consent for optional marketing communications and non-essential cookies, where used.

Processors and transfers

SkyPlexus.com may use Supabase for authentication/database services, Vercel for hosting, Stripe for paid card payments, email providers for transactional messages, and support tooling. Put Data Processing Agreements in place and use EU regions or appropriate transfer safeguards before production processing.

Retention

Account records are kept while the account is active and then deleted or anonymized unless retention is required for legal, security, or accounting reasons. Billing records are kept for the statutory retention period. Security logs are retained only as long as needed for abuse prevention and incident response.

Your rights

Depending on your location, you may request access, rectification, erasure, restriction, portability, objection, and withdrawal of consent. You may also lodge a complaint with your supervisory authority.

Security

Registration uses CAPTCHA protection and requires MFA. Application data is protected with row-level security and MFA assurance checks. No system is perfectly secure; report suspected issues to the security contact listed before launch.

This page is a GDPR-oriented implementation draft, not legal advice. Have qualified EU counsel validate controller details, processor list, retention periods, and local consumer law requirements before launch.