Your privacy is important to us. This policy explains how Cybesis Studios collects, uses, and protects your personal information.
Last updated: January 22, 2025
WHEREAS, Cybesis Studios (hereinafter referred to as "the Company", "we", "us", or "our") operates as a professional web development and digital design agency established under French law;
WHEREAS, the Company provides digital services through its online platform and maintains business operations that necessitate the collection, processing, and storage of personal data;
WHEREAS, the Company is committed to protecting the privacy rights of all individuals whose personal data it processes, in accordance with applicable data protection legislation;
NOW THEREFORE, this Privacy Policy (hereinafter "the Policy") sets forth the comprehensive framework governing the collection, use, disclosure, and protection of personal information by Cybesis Studios.
Legal Entity: Cybesis Studios
Business Classification: Web Development and Digital Design Agency
Principal Place of Business: Montpellier, France
Electronic Correspondence: studio@cybesis.com
Telephonic Contact: (+33) 9-67-28-88-21
The Company operates under the jurisdiction of French law and maintains compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the French Data Protection Act (Loi n° 78-17 du 6 janvier 1978 relative à l'informatique, aux fichiers et aux libertés, as amended), and all applicable international data protection statutes.
For the purposes of this Policy, the following terms shall have the meanings ascribed to them herein, unless the context clearly indicates otherwise:
"Personal Data" means any information relating to an identified or identifiable natural person, as defined under Article 4(1) of the GDPR, including but not limited to names, identification numbers, location data, online identifiers, and factors specific to physical, physiological, genetic, mental, economic, cultural, or social identity.
"Data Subject" means any identified or identifiable natural person whose Personal Data is processed by the Company, including but not limited to clients, prospective clients, website visitors, and platform users.
"Processing" means any operation or set of operations performed on Personal Data, whether by automated means or otherwise, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, restriction, erasure, or destruction.
"Services" means all digital services, platforms, websites, applications, and related offerings provided by the Company, including but not limited to web development, design services, client portals, and authentication systems.
In the course of providing authentication services through our Supabase-powered infrastructure, the Company collects and processes various categories of Personal Data necessary for account creation, maintenance, and security purposes. Such data collection occurs pursuant to the legitimate interests of the Company in providing secure access to its Services and, where applicable, with the explicit consent of the Data Subject.
The authentication data encompasses, but is not limited to: electronic mail addresses and cryptographically secured passwords for direct authentication protocols; OAuth provider credentials and associated profile information obtained through third-party authentication services including Google LLC, GitHub Inc., and Discord Inc.; unique user identification tokens and session management data required for platform functionality; temporal data regarding account creation and most recent authentication events; and role-based access control assignments (including administrative and team member designations) necessary for proper authorization and service delivery.
The Company collects professional and contact information to facilitate business communications and service delivery. This category of Personal Data includes, without limitation: full legal names and professional titles or designations; corporate or organizational affiliations and business entity names; primary and secondary contact information including electronic mail addresses and telephonic contact numbers; and photographic representations or avatars, whether provided directly through OAuth authentication services or uploaded voluntarily by the Data Subject. The collection of such information is predicated upon the necessity for contract performance and the legitimate business interests of the Company.
In furtherance of its business operations and service delivery obligations, the Company processes project-related and communication data submitted by Data Subjects. Such data encompasses: formal quotation requests and detailed project specifications provided through the Company's digital platforms; all forms of electronic communications, correspondence, and messaging conducted through the Company's communication channels; digital files, documents, multimedia content, and other materials voluntarily shared by Data Subjects in connection with project development; and testimonials, feedback, reviews, and evaluative content provided regarding the Company's Services. The processing of such data is essential for contract performance and ongoing business relationship management.
The Company automatically collects certain technical and behavioral data through its digital infrastructure to ensure optimal service delivery, security, and user experience. This category includes: Internet Protocol (IP) addresses and associated geolocation data derived therefrom; comprehensive browser and device information including user agent strings, operating system details, screen resolution, and hardware specifications; behavioral analytics data encompassing usage patterns, navigation pathways, interaction frequencies, and session duration metrics; and data collected through cookies, web beacons, and similar tracking technologies as detailed in Section 9 hereof. Such data collection is conducted pursuant to the Company's legitimate interests in maintaining service quality, security, and operational efficiency.
The Company processes Personal Data primarily for the purpose of delivering its core Services and maintaining platform functionality. Such processing activities include, but are not limited to: the authentication and verification of user identities through secure protocols and multi-factor authentication systems; the provision of role-based access controls and dashboard functionalities tailored to administrative and team member privileges; the processing and management of quotation requests, project specifications, and related commercial communications; and the delivery of comprehensive web development, design, and digital consulting services as contracted. This processing is conducted pursuant to Article 6(1)(b) of the GDPR, being necessary for the performance of contracts to which the Data Subject is party or for taking steps at the request of the Data Subject prior to entering into a contract.
The Company utilizes Personal Data to maintain effective communication channels and foster ongoing customer relationships. This encompasses: responding to inquiries, support requests, and technical assistance requirements in a timely and professional manner; transmitting project updates, milestone notifications, and other communications essential to service delivery; and, where explicit consent has been obtained pursuant to Article 6(1)(a) of the GDPR, sharing industry insights, company updates, and promotional materials that may be of legitimate interest to the Data Subject. All marketing communications are conducted in strict compliance with applicable direct marketing regulations and provide clear mechanisms for consent withdrawal.
The Company's processing activities are conducted in accordance with the legal bases established under Article 6 of the GDPR, as follows:
Article 6(1)(b) - Contract Performance: Processing necessary for the performance of contracts with Data Subjects, including service delivery, account management, project execution, and all activities directly related to the fulfillment of contractual obligations.
Article 6(1)(f) - Legitimate Interests: Processing necessary for the legitimate interests pursued by the Company, including business operations optimization, service improvement, security maintenance, fraud prevention, and operational efficiency enhancement, provided such interests do not override the fundamental rights and freedoms of Data Subjects.
Article 6(1)(a) - Consent: Processing based on freely given, specific, informed, and unambiguous consent for marketing communications, optional platform features, and any processing activities not covered by other legal bases.
Article 6(1)(c) - Legal Obligation: Processing necessary for compliance with legal obligations to which the Company is subject under French law, EU regulations, or other applicable jurisdictional requirements.
The Company engages carefully vetted third-party service providers to facilitate the delivery of its Services and maintain operational efficiency. All such arrangements are governed by comprehensive data processing agreements that ensure compliance with GDPR requirements, particularly Articles 28 and 32 regarding processor obligations and security measures. The Company's authorized processors include:
Supabase Inc.: Serves as the Company's primary backend-as-a-service provider, handling authentication infrastructure, database management, and secure data storage. All data processing is conducted under strict contractual obligations ensuring GDPR compliance and implementing appropriate technical and organizational measures.
OAuth Authentication Providers: Including Google LLC, GitHub Inc., and Discord Inc., which facilitate secure third-party authentication services. Data sharing with these entities is limited to authentication credentials and basic profile information as explicitly authorized by Data Subjects through the OAuth consent process.
Cloud Infrastructure Providers: Secure hosting and content delivery network services that maintain the technical infrastructure necessary for Service delivery, all operating under appropriate data processing agreements and security certifications.
Analytics Service Providers: Privacy-focused analytics platforms that process only anonymized and aggregated data for the purpose of service improvement and operational optimization, with no personally identifiable information transmitted.
Notwithstanding any other provision herein, the Company reserves the right and may be compelled to disclose Personal Data when such disclosure is required by applicable law, regulation, legal process, or governmental request. Such disclosures may occur pursuant to: valid court orders, subpoenas, or other judicial proceedings; lawful requests from law enforcement agencies or regulatory authorities; compliance with French legal obligations under the Code pénal or other applicable statutes; adherence to EU regulatory requirements or directives; or response to national security or public safety concerns as authorized by law. In all such instances, the Company will endeavor to provide advance notice to affected Data Subjects unless prohibited by law or court order.
In the event of a corporate reorganization, merger, acquisition, sale of assets, or other business transaction involving the Company, Personal Data may be transferred to the acquiring entity or successor organization as part of the transferred business assets. Any such transfer shall be conducted in accordance with applicable data protection laws and shall be subject to appropriate safeguards ensuring continued protection of Personal Data. Data Subjects will be notified of any such transfer and informed of their rights regarding the continued processing of their Personal Data by the successor entity. The acquiring entity shall be bound by the terms of this Policy or shall provide equivalent privacy protections.
Pursuant to the provisions of the GDPR and the French Data Protection Act, Data Subjects are endowed with comprehensive rights regarding their Personal Data. The Company hereby acknowledges and commits to facilitating the exercise of the following rights:
Right of Access (Article 15 GDPR): Data Subjects have the right to obtain confirmation as to whether Personal Data concerning them is being processed and, where applicable, access to such Personal Data along with comprehensive information regarding the processing activities, including purposes, categories of data, recipients, retention periods, and the existence of other rights.
Right to Rectification (Article 16 GDPR): Data Subjects may request the correction of inaccurate Personal Data and the completion of incomplete Personal Data, including through the provision of supplementary statements or documentation.
Right to Erasure (Article 17 GDPR): Under specific circumstances, Data Subjects may request the deletion of their Personal Data, including when the data is no longer necessary for the original purposes, consent is withdrawn, or processing is unlawful.
Right to Data Portability (Article 20 GDPR): Data Subjects have the right to receive their Personal Data in a structured, commonly used, and machine-readable format and to transmit such data to another controller without hindrance.
Right to Restriction of Processing (Article 18 GDPR): Data Subjects may request the limitation of processing activities under specific circumstances, including when accuracy is contested or processing is unlawful.
Right to Object (Article 21 GDPR): Data Subjects may object to processing based on legitimate interests or for direct marketing purposes, including automated decision-making and profiling.
Right to Withdraw Consent (Article 7(3) GDPR): Where processing is based on consent, Data Subjects have the right to withdraw such consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
To exercise any of the aforementioned rights, Data Subjects may submit requests to the Company's designated privacy contact at privacy@cybesis.com. The Company shall respond to such requests within one month of receipt, as mandated by Article 12(3) of the GDPR, and may extend this period by two additional months where necessary, taking into account the complexity and number of requests. All responses shall be provided free of charge unless requests are manifestly unfounded or excessive, in which case reasonable fees may be charged or requests may be refused in accordance with Article 12(5) of the GDPR.
Some of our service providers may be located outside the European Economic Area (EEA). When we transfer data internationally, we ensure adequate protection through:
We use cookies and similar technologies to enhance your experience:
You can manage cookie preferences through your browser settings. Note that disabling essential cookies may affect site functionality.
For privacy-related questions or to exercise your rights:
Email: privacy@cybesis.com
Address: Cybesis Studios, Montpellier, France
If you're not satisfied with our response, you can lodge a complaint with:
Commission Nationale de l'Informatique et des Libertés (CNIL)
Website: www.cnil.fr
We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of significant changes via email or prominent notice on our website. Continued use of our services after changes constitutes acceptance of the updated policy.