Irisyo
Products Services Pricing Explore About Us Contact
EN | RO
Become a Partner
Go to App

Privacy Policy

How we collect, process, and protect your personal data in accordance with GDPR

Last Updated: December 2024

1. Introduction

This Privacy Policy explains how Irisyo Labs ("the Provider") collects, processes, and protects personal data in connection with its cloud-based eye-tracking analytics services.

2. Data Controller and Contact

Irisyo Labs acts as Data Processor for uploaded Data and Data Controller for account and billing information.

Contact: office@irisyo.com
Address: Bucharest, Romania

3. Categories of Data Processed

  • Account data (name, email, credentials)
  • Uploaded Data (videos, gaze files, metadata)
  • Derived analytics (heatmaps, graphs)
  • Technical information (IP, session logs)

3A. Automated Anonymization Feature

When Customers enable the optional anonymization tool, the system applies machine-learning models to obscure identifiable elements (e.g., facial regions). Processing occurs automatically on secure servers within the EEA. The Provider collects only aggregated, non-personal performance data for quality-assurance purposes and does not store or manually review original personal data. Customers remain fully responsible for lawful anonymization and compliance.

4. Purposes and Legal Bases

Purpose Legal Basis
Account setup and billing Contract
Data analysis Contract
Security and platform maintenance Legitimate interest
Optional anonymization / research Consent

5. Data Sharing and Transfers

All Data are stored within the EEA. If international transfers occur, they rely on Standard Contractual Clauses. The Provider does not sell personal data.

6. Retention and Deletion

Data are retained for 12 months from the last processing activity unless extended (up to 5 years). Deleted Data are purged from backups within 60 days.

7. Security

Encryption, access control, and monitoring are applied. Employees are trained and bound by confidentiality.

8. Data Subject Rights

Requests for access, rectification, or deletion regarding uploaded content should be directed to the Customer who uploaded it. The Provider will assist as technically feasible.

9. Cookies

Only essential cookies are used for authentication and session management.

10. Consent and Opt-In

Customers may grant explicit consent to use de-identified Data for internal research or model-training. Consent may be withdrawn anytime.

11. Complaints

Complaints can be lodged with the ANSPDCP (Romanian data-protection authority) or the local supervisory authority.

12. Updates

This policy may be updated periodically, with notice provided within the Platform.

Questions About Privacy?

We're committed to protecting your data. Contact us if you have any questions about our privacy practices.

Contact Us