PRIVACY POLICY

1. Who we are

This site is operated by Labiux OÜ, a private limited company registered in Estonia under registry code 17523073. For privacy matters write to [email protected]. We are the data controller for any personal data you submit through labiux.com.

2. What we collect

We only collect data you actively give us:

• Contact form on /contact and the lead band (footer of every page): your name, email address, optional phone number, optional company name, selected interest tags, estimated budget range and the message you write.
• Server logs: standard request metadata (IP, user agent, timestamp, path requested) retained for up to 30 days for security and abuse prevention.

We do not use analytics, advertising, social tracking or marketing cookies. The site sets exactly one local storage entry (labiux:cookie-notice) to remember you have dismissed the notice banner; that entry never leaves your device.

3. Why we collect it

• To reply to your inquiry and arrange the discovery call.
• To prepare a proposal and, if you go ahead, deliver the work.
• To detect and respond to abuse of the site (server logs only).

4. Lawful basis

Under Article 6 of the GDPR our processing is based on:

• Your consent (Article 6(1)(a)) when you submit the contact form. By pressing the submit button you ask us to get back to you.
• Steps prior to a contract (Article 6(1)(b)) once you respond and we begin scoping work together.
• Our legitimate interest in protecting the site (Article 6(1)(f)) for short-lived server logs.

5. Who we share it with

We share the bare minimum needed to operate the site:

• Postmark (Wildbit, LLC, USA, GDPR-compliant sub-processor) delivers the transactional email that lands your submission in our inbox and sends our reply. They keep message metadata for up to 45 days.
• Our hosting provider serves the site and holds server logs on our behalf inside the EU.

We do not sell, rent or trade your data, and we do not send you marketing email unless you have separately and explicitly asked for it.

6. How long we keep it

• Contact form submissions: 12 months from the last interaction, unless you become a client (in which case retention follows the engagement contract).
• Server logs: 30 days.
• Email correspondence: as long as the project is active, plus 7 years for invoicing records required by Estonian tax law.

7. Your rights

Under GDPR you can ask us, at any time, to:

• Show you what we hold about you (Article 15).
• Correct anything that is wrong (Article 16).
• Delete it (Article 17).
• Restrict how we use it (Article 18).
• Send a copy to another provider (Article 20).
• Object to processing based on legitimate interest (Article 21).

Write to [email protected] with the subject line "Privacy request" and we will respond within one month. If you are unhappy with our response you can complain to the Estonian Data Protection Inspectorate (aki.ee).

8. International transfers

Postmark processes email outside the EU (USA). Transfers rely on Standard Contractual Clauses approved by the European Commission, plus Postmark's own supplementary safeguards. Everything else stays inside the EU.

9. Security

Traffic to labiux.com is encrypted with TLS. Our servers are firewalled and patched. Access to your data is restricted to the small team that needs it. We will report any personal-data breach to you and to the regulator within 72 hours of becoming aware of it, as required by Article 33 of the GDPR.

10. Changes

We may revise this policy as the site or the law evolves. The "Last updated" date at the top reflects the most recent revision. Material changes will be highlighted in the footer for at least 30 days after publication.