Privacy Policy

Privacy Policy

May 8, 2025

1. Who We Are

Redoya LLC (“Redoya,” “we,” “us” or “our”) is a Delaware-registered limited-liability company that provides software-development and related digital-services.
Registered office (for legal correspondence only):

Redoya LLC
2055 Limestone Rd STE 200-C Wilmington, DE 19808 United States

For the purposes of the EU General Data Protection Regulation (“GDPR”) and UK GDPR, Redoya LLC is the data controller for personal data collected through our public websites, landing pages, and online services (collectively, the “Site”).

If you are located in the EEA or UK, you may also contact our appointed EU/UK representative at contact@redoya.com or the postal address above (please mark your letter “FAO: Data Protection Representative”).

2. Scope of This Policy

This Privacy Policy explains:

  1. What personal data we collect

  2. How and why we use it

  3. Our legal bases under the GDPR

  4. Cookies & similar technologies

  5. How we share data

  6. International transfers

  7. How long we keep data

  8. Security measures

  9. Your privacy rights

  10. Children’s data

  11. Changes to this Policy

  12. How to contact us

3. Data We Collect

CategoryTypical Data ElementsSourceIdentity & Contact name, company, email, phone, postal addressDirectly from you (forms, e-mail, phone)Account & Contract login credentials, contract details, invoicesDirectly from you; generated during servicesTechnicalIP address, device type, browser, OS, referring URLCollected automatically via cookies & logs Usage page views, clicks, session duration, feature useAnalytics tools, server logs Marketing Preferences newsletter opt-in/opt-out, event RSVPsDirectly from you Support chat transcripts, tickets, attachmentsDirectly from you; our helpdesk platform

We do not intentionally collect special categories of data (e.g., health, biometric, or political opinions). Please do not submit such information through the Site.

4. How & Why We Use Your Data

PurposeGDPR Legal BasisTo operate, maintain, and secure the Site Legitimate Interests (IT security, service provision)To respond to enquiries, schedule demos, or provide proposalsConsent (where required) / Legitimate InterestsTo perform a contract with you or the organisation you representContract PerformanceTo send service, billing, or account notificationsContract Performance; Legitimate InterestsTo send marketing communications you have opted intoConsentTo analyse Site usage and improve our productsLegitimate InterestsTo comply with legal obligations (tax, bookkeeping, sanctions screening)Legal Obligation

Where we rely on Legitimate Interests, we balance our interests with your rights and reasonable expectations.

5. Cookies & Similar Technologies

We use first-party and third-party cookies, pixels, and local-storage to:

  • remember your preferences

  • enable analytics (e.g., Google Analytics)

  • provide chat or customer-support widgets

  • measure marketing campaign performance

Managing cookies: You can refuse or delete non-essential cookies at any time via our cookie banner or your browser settings. Essential cookies required for Site functionality cannot be disabled.

6. How We Share Data

We share personal data only as necessary with:

  1. Service providers (hosting, analytics, CRM, email, payment processors) under written data-processing agreements.

  2. Professional advisers (lawyers, accountants, auditors) bound by confidentiality.

  3. Affiliates & subsidiaries within the Redoya corporate group.

  4. Authorities or third parties where required by law, court order, or to protect rights, property, or safety.

  5. Business transferees if we merge, sell, or reorganise part or all of our business (your data will remain protected under this Policy or a policy materially similar).

We do not sell or rent your personal data.

7. International Transfers

Because we are located in the United States and use global cloud providers, your data may be processed outside your home jurisdiction.

  • For EEA/UK transfers to the US or other non-adequate countries, we rely on:

    • Standard Contractual Clauses (SCCs) approved by the European Commission/UK Information Commissioner’s Office; and

    • supplementary technical & organisational measures (encryption in transit/at rest, access controls).

8. Data Retention

We keep personal data only for as long as necessary:

Data CategoryTypical RetentionMarketing leadsUntil you withdraw consent or 24 months of inactivityContract & billing records7 years (statutory accounting period)Support tickets3 years after ticket closureTechnical logs12 months, unless incident requires longer

After the retention period, data are securely deleted or anonymised.

9. Security

We follow industry-standard safeguards to protect personal data, including:

  • TLS encryption for data in transit

  • AES-256 encryption at rest (where supported by our providers)

  • Role-based access controls and MFA for internal systems

  • Annual penetration tests and vulnerability scans

  • Vendor due-diligence and written data-processing agreements

However, no online transmission or storage is 100 % secure; you use the Site at your own risk.

10. Your Rights

If you are in the EEA, UK, or another jurisdiction with comparable rights, you may:

  • Access your personal data

  • Correct inaccurate or incomplete data

  • Erase data (“right to be forgotten”)

  • Restrict or object to processing

  • Data portability (receive data in machine-readable form)

  • Withdraw consent at any time (without affecting prior processing)

  • Complain to your local supervisory authority (e.g., your EU nation’s DPA or the UK ICO)

To exercise any right, email contact@redoya.com. We may need to verify your identity before acting on your request.

California residents: We do not “sell” personal information as defined by the California Consumer Privacy Act (“CCPA”). You have the rights of access, deletion, and non-discrimination under the CCPA; please contact us as above.

11. Children’s Privacy

Our Site and services are not directed to children under 16. We do not knowingly collect data from children. If you believe a child has provided us personal data, please contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy to reflect legal, technical, or business changes. When we do, we will:

  1. Post the revised policy with a new “Last updated” date, and

  2. Where required by law, obtain your consent (e.g., via banner or email).

13. Contact Us

For any privacy-related questions, or to exercise your rights, please contact:

Data Protection Officer
Redoya LLC
Email: contact@redoya.com
Postal: 2055 Limestone Rd STE 200-C Wilmington, DE 19808 United States