Cyan

← Cyan

This page is being prepared and is not legal advice. Final wording must be reviewed by qualified counsel before launch. Items marked [TODO: …] are placeholders for facts the business owner still needs to provide.

Privacy Policy

Last updated: [TODO: effectiveDate] · Version 1.0.0

This Privacy Policy explains how Cyan processes personal data in line with the EU General Data Protection Regulation (GDPR/RGPD) and applicable Spanish data protection law.

1. Who we are / data controller

The data controller for the personal data processed via Cyan is [TODO: legalBusinessName], with registered address [TODO: registeredAddress].

2. Contact details

  • Privacy contact: [TODO: legalContactEmail]
  • Support contact: [TODO: supportEmail]
  • Data Protection Officer (if applicable): [TODO: dpoContactOrLeaveBlank]

3. What personal data we collect

We collect only what we need to run the Service, personalise it, charge for it, and comply with law.

4. How we collect data

  • Directly from you, for example when you take the quiz or create an account.
  • Automatically through your device when you use the Service (analytics, cookies).
  • From third parties such as authentication providers and the payment processor.

5. Why we use personal data

  • Provide and personalise the 28-day program.
  • Process payments and manage subscriptions.
  • Send transactional and (with consent) marketing communications.
  • Measure performance and improve the product.
  • Detect fraud, abuse, and keep the Service secure.
  • Meet legal and regulatory obligations.
  • Performance of contract — to deliver the subscription you bought.
  • Pre-contractual steps — to handle the quiz, pricing, and checkout flow at your request.
  • Consent — for non-essential cookies, marketing emails, and similar opt-ins.
  • Legitimate interests — for security, fraud prevention, product analytics, and direct B2B-style communications, balanced against your rights.
  • Legal obligation — to comply with tax, accounting, and consumer-protection law.

7. Categories of personal data

Depending on how you use Cyan, we may process:

  • Name and email.
  • Account credentials or authentication identifiers (e.g. Google sign-in IDs).
  • Quiz answers, learning goals, role / career interests.
  • Country, region, language, browser, and device data.
  • IP address (truncated or temporary where possible).
  • Payment status and subscription metadata (we do not store raw card numbers).
  • Lesson progress, saved prompts, workflows, and projects.
  • Certificate data once issued.
  • Support messages you send us.
  • Marketing preferences and unsubscribe state.
  • Analytics events and UTM / source attribution.

Card details are processed by our payment provider, [TODO: paymentProcessor]. Cyan does not store raw card numbers and only receives limited payment metadata.

8. AI-related data processing

Some lessons help you craft prompts and workflows for third-party AI tools. If you choose to send content to such tools, that content is processed by those providers under their own terms. Avoid entering sensitive personal data into prompts unless strictly necessary.

9. Service providers / processors

We rely on vetted processors to run the Service, including hosting ([TODO: hostingProvider]), the payment provider ([TODO: paymentProcessor]), email delivery, and analytics tooling. Each is bound by data-protection terms appropriate to their role.

10. International transfers

Where personal data is transferred outside the European Economic Area, we rely on appropriate safeguards such as European Commission adequacy decisions or Standard Contractual Clauses.

11. Data retention

We keep personal data only as long as needed for the purposes described above, to comply with legal obligations (such as tax records), and to defend legal claims. When no longer needed, data is deleted or anonymised.

12. Your rights under GDPR

  • Access your personal data.
  • Rectify inaccurate or incomplete data.
  • Erase your data (right to be forgotten) where applicable.
  • Restrict processing in certain situations.
  • Data portability for data you provided to us.
  • Object to processing based on legitimate interests or direct marketing.
  • Withdraw consent at any time, without affecting prior lawful processing.

13. How to exercise rights

Email us at [TODO: legalContactEmail]. We may ask for information to verify your identity before acting.

14. Right to complain to a supervisory authority

If you believe we have not handled your personal data properly, you can complain to the Agencia Española de Protección de Datos (AEPD) — www.aepd.es or your local data-protection authority.

15. Security

We apply technical and organisational measures appropriate to the risk, including encryption in transit, access controls, and least-privilege server keys.

16. Children's privacy

The Service is not directed to children. We do not knowingly process personal data of users under 18.

17. Changes to this policy

We may update this policy. The "Last updated" date at the top reflects the latest version. Material changes will be highlighted.

18. Contact

Privacy questions: [TODO: legalContactEmail].

Policy version 1.0.0. Cyan is a trade name of [TODO: legalBusinessName].