Privacy Policy
Last updated: June 2026
This policy explains what personal data abyssLabs collects when you use this website, why we collect it, and the rights you have under the EU General Data Protection Regulation (GDPR). The website is operated by abyssLabs, s.r.o., a company registered in Czechia (Czech Republic), which acts as the data controller. For any question about your data, write to us at hello@abysslabs.io.
Who we are
abyssLabs, s.r.o., a company registered in Czechia (Czech Republic), is the controller that operates this marketing website and decides how and why your personal data is processed. We are a small, remote-first team. You can reach our data contact at hello@abysslabs.io, and we aim to respond to any privacy request within thirty days.
Lawful bases for processing
We process personal data under three GDPR lawful bases. We rely on your consent for analytics and any optional session replay, which only run after you accept cookies. We rely on legitimate interests to keep the site secure and to prevent abuse, for example IP-based rate-limiting of the contact form. And we rely on the necessity to take steps at your request when you send us a message through the contact form so that we can reply to you.
Data we collect
When you use the contact form we collect the name, email address, and message you choose to provide. When analytics is enabled, our analytics provider records pageviews and product events, an approximate location and device type, and, only if you opt in, an anonymised session replay of your visit. To protect the contact form we briefly process your IP address for rate-limiting. We do not ask for, and do not knowingly collect, any special-category data.
How we use your data
We use the information you send through the contact form solely to read and respond to your enquiry. We use analytics data in aggregate to understand which pages and features are useful and to improve the site. We use rate-limiting data only to detect and block automated abuse. We do not sell your data and we do not use it for automated decision-making or profiling that produces legal effects.
Analytics only runs after consent
No analytics, cookies, or session replay are loaded until you make a choice in the cookie banner. If you decline, or simply ignore the banner, no analytics tooling is initialised and no analytics cookies are set. You can change your decision at any time, and withdrawing consent stops further analytics collection going forward.
Processors we use
We share data only with carefully chosen processors who act on our instructions under data processing agreements. PostHog (EU region) provides product analytics and optional session replay; Resend delivers the emails generated by the contact form; Vercel hosts the website and processes standard server logs; and Upstash provides the store we use for contact-form rate-limiting. Each processes data on our behalf and is contractually bound to protect it.
How long we keep data
We keep contact-form messages only for as long as needed to handle your enquiry and any reasonable follow-up, and then delete them. Analytics data is retained for a limited period in line with our provider's configured retention and is held in aggregate where possible. Rate-limiting records are short-lived and expire automatically. We do not keep personal data longer than necessary for the purposes described here.
International transfers
We aim to keep personal data within the European Economic Area, and our analytics provider is configured to use its EU region. Where a processor needs to transfer data outside the EEA, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses, so that your data continues to receive an equivalent level of protection.
Your rights
Under the GDPR you have the right to access the personal data we hold about you, to have inaccurate data rectified, to request erasure, to receive your data in a portable format, and to object to or restrict certain processing. You can also withdraw consent for analytics at any time. To exercise any of these rights, email hello@abysslabs.io; you also have the right to lodge a complaint with a supervisory authority, in our case the Czech data protection authority, Úřad pro ochranu osobních údajů (ÚOOÚ), or the authority in your own country of residence.
Contact
If you have any question about this policy or about how we handle your personal data, please contact us at hello@abysslabs.io. The controller is abyssLabs, s.r.o., registered in Czechia (Czech Republic), and the competent supervisory authority is the Czech data protection authority, Úřad pro ochranu osobních údajů (ÚOOÚ), based in Prague.