This document is a technical scaffold, not yet reviewed by counsel. It will be finalised by the legal team before commercial launch. In its current form it does not constitute a contractual offer.
Privacy Policy
1. Who we are
The data controller is SmartKeep Solutions SRL, registered company RO43273365, Arad, Romania. For questions about personal data: privacy@skryx.io.
2. What we collect
- Account data: name, email, password hash, company, locale.
- Usage data: request logs, queries typed in the Playground, click events, search events with timestamps and truncated IP.
- Billing data (when billing launches): tax address, VAT ID; the payment method is handled directly by Stripe — we never see card numbers.
- Catalog data: the products / documents you index. This is your customers' data; we process it strictly to provide the Service.
3. Why we use it (legal basis)
- Performance of contract (Art. 6(1)(b) GDPR) — running your account, indexing, searching, support.
- Legitimate interest (Art. 6(1)(f)) — security, fraud prevention, service improvement.
- Consent (Art. 6(1)(a)) — marketing communications, optional cookies.
- Legal obligation (Art. 6(1)(c)) — invoice retention under tax law.
4. Who we share with (sub-processors)
We use the providers below solely to deliver the Service. Full details: DPA.
| Sub-processor | Purpose | Location |
|---|---|---|
| Anthropic | AI query understanding & catalog analysis | USA |
| Voyage AI | Semantic search embeddings | USA |
| Contabo | Application + database hosting | Germany |
| Cloudflare | CDN, DDoS protection, DNS | USA |
| SendGrid (Twilio) | Transactional email delivery | USA |
| Stripe | Payment processing (when billing launches) | USA |
5. International transfers
Transfers to the USA rely on the EU Standard Contractual Clauses adopted by the European Commission (Decision 2021/914), plus supplementary security measures (in-transit encryption, access controls).
6. Retention
- Account data: lifetime of the contract + 12 months after cancellation (for recovery in case of error).
- Technical logs: 90 days, then anonymised.
- Search events: 90 days (configurable under Settings).
- Invoices: 10 years (tax obligation).
7. Your rights (GDPR)
You have the right of access, rectification, erasure, portability, restriction, objection, and to withdraw consent. Most of these are directly accessible in Settings → Privacy. For anything else, email privacy@skryx.io — we respond within 30 days.
You may also lodge a complaint with the Romanian DPA ANSPDCP: dataprotection.ro.
8. Cookies
See the Cookie Policy.
9. Children
The Service is not directed at people under 16. We do not knowingly collect data from minors.