Privacy

Privacy Policy

Last updated: June 22, 2026

Data Controller: HYBRID IN. | Powered by HYBRID IN. x GRN.cloud

GDPR Compliant • EU Data Sovereignty

Your Privacy Matters

At BitBeam, we take your privacy seriously. This Privacy Policy explains how HYBRID IN. (as data controller) collects, uses, and protects your personal data when you use our services.

We comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws. Your data is stored in the EU with GRN.cloud infrastructure, ensuring data sovereignty.

Your GDPR Rights

Right to Access

Request a copy of your personal data

Right to Rectification

Correct inaccurate or incomplete data

Right to Erasure

Request deletion of your data (Right to be Forgotten)

Right to Restrict Processing

Limit how we process your data

Right to Data Portability

Receive your data in a machine-readable format

Right to Object

Object to processing based on legitimate interests

Table of Contents

  • 1. Data Controller Information
  • 2. Personal Data We Collect
  • 3. How We Use Your Data
  • 4. Legal Basis for Processing (GDPR Art. 6)
  • 5. Data Retention
  • 6. Your Rights under GDPR
  • 7. Data Security
  • 8. International Data Transfers
  • 9. Third-Party Services
  • 10. Cookies & Tracking
  • 11. Children's Privacy
  • 12. Changes to This Policy
  • 13. Contact Us

1. Data Controller Information

Data Controller: HYBRID IN.

Contact Email: legal@hybridin.io

Data Protection Officer (DPO): dpo@hybridin.io

Infrastructure Partner: GRN.cloud (EU data sovereignty)

HYBRID IN. is responsible for deciding the purposes and means of processing personal data through {BRAND.name} services.

2. Personal Data We Collect

We collect the following types of personal data:

  • Account Information: Name, email address, company name
  • Usage Data: Website URLs scanned, audit reports, API usage, dashboard metrics
  • Payment Data: Billing address, payment method (processed securely)
  • Communications: Support tickets, feedback, inquiries
  • Authentication Data: Keycloak session tokens, login history

We only collect data necessary to provide our services and improve user experience.

3. How We Use Your Data

We use your personal data for the following purposes:

  • Service delivery and account management
  • Billing and subscription processing
  • Customer support and technical assistance
  • Security monitoring and fraud prevention
  • Analytics and service improvement (with consent)
  • Marketing communications (with consent)

4. Legal Basis for Processing (GDPR Art. 6)

We process your data based on the following legal bases:

  • Contract Performance (Art. 6(1)(b)): To deliver services under our agreement
  • Legitimate Interests (Art. 6(1)(f)): For security, fraud prevention, and service improvement
  • Consent (Art. 6(1)(a)): For analytics and marketing (you can withdraw consent anytime)
  • Legal Obligation (Art. 6(1)(c)): For financial compliance and record-keeping

5. Data Retention

We retain your personal data for the following periods:

  • Account Data: Duration of your account + 3 years after deletion
  • Transaction Data: 7 years (financial regulatory requirements)
  • Analytics Data: 2 years (or until consent withdrawal)
  • Marketing Data: Until you opt-out or 2 years of inactivity
  • Support Tickets: 2 years after resolution

Data is securely deleted after retention periods expire.

6. Your Rights under GDPR

Under GDPR, you have the following rights:

  • Right to Access (Art. 15): Request a copy of your personal data
  • Right to Rectification (Art. 16): Correct inaccurate data
  • Right to Erasure (Art. 17): Request deletion ("Right to be Forgotten")
  • Right to Restrict Processing (Art. 18): Limit processing activities
  • Right to Data Portability (Art. 20): Receive data in machine-readable format
  • Right to Object (Art. 21): Object to processing based on legitimate interests
  • Rights regarding Automated Decision-Making (Art. 22): Not applicable to our services

To exercise these rights, contact our DPO at dpo@hybridin.io.

7. Data Security

We implement industry-standard security measures:

  • Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
  • Authentication: OAuth 2.0 via Keycloak with SSO
  • Access Controls: Role-based access control (RBAC)
  • Regular Audits: Security assessments and penetration testing
  • Infrastructure: GRN.cloud OpenShift with EU data sovereignty
  • Compliance: SOC 2 Type II certification (target)

8. International Data Transfers

Your data is primarily stored in the EU. For international transfers, we use:

  • EU-US Data Privacy Framework: For transfers to the United States
  • Standard Contractual Clauses (SCCs): GDPR-approved data transfer agreements
  • Adequacy Decisions: For transfers to countries with EU adequacy decisions

All third-party processors are vetted and have Data Processing Agreements (DPAs) in place.

9. Third-Party Services

We use the following third-party services:

  • GRN.cloud: Infrastructure hosting (EU) - DPA in place
  • Cloudflare: CDN and DNS - DPA in place
  • Keycloak: Authentication - Self-hosted, no data leaves EU
  • Payment Processors: Stripe/PayPal - PCI DSS compliant

All subprocessors are bound by Data Processing Agreements ensuring GDPR compliance.

10. Cookies & Tracking

We use cookies and tracking technologies:

  • Essential Cookies: Required for authentication and session management (always enabled)
  • Analytics Cookies: Help us improve our website (opt-in via cookie banner)
  • Marketing Cookies: Personalized content and ads (opt-in via cookie banner)

You can manage cookie preferences via our cookie consent banner. See our Cookie Policy for details.

11. Children's Privacy

Our services are not intended for children under 16 years of age.

We do not knowingly collect personal data from children under 16. If we become aware that we have collected such data, we will take immediate steps to delete it.

Parents or guardians can contact us at legal@hybridin.io regarding data collection from minors.

12. Changes to This Policy

We may update this Privacy Policy from time to time.

Material changes will be communicated via:

  • Email notification to registered users
  • Notice on our website at least 30 days before effective date
  • Updated "Last Updated" date at the top of this page

Continued use of our services after changes constitutes acceptance of the updated policy.

13. Contact Us

For privacy-related inquiries, please contact:

General Inquiries: legal@hybridin.io

Data Protection Officer (DPO): dpo@hybridin.io

Supervisory Authority: If you believe our processing of your personal data infringes GDPR, you have the right to lodge a complaint with a supervisory authority in your country of residence.

We will respond to your inquiry within 30 days of receipt.

GDPR Compliant

This Privacy Policy is designed to comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws. Your data is stored in the EU with full data sovereignty guaranteed by GRN.cloud infrastructure.

Powered by HYBRID IN. x GRN.cloud | © 2026 BitBeam