Privacy Policy

1. Data Controller

The controller of personal data collected through the stectus.comwebsite (the "Website") is:

This Privacy Policy describes how we collect, use, and protect the personal data of Website users.

2. Scope and Purpose of Processing

We collect and process only the minimum data necessary for the proper functioning of the Website and the provision of our services.

2.1. Automatically Collected Data

When you visit the Website, the following technical data is automatically processed:

• IP Address — used solely to determine approximate geographic location for the purpose of automatically selecting the Website language version (PL/EN). The IP address is neither stored nor logged.
• Server Logs — standard server logs (timestamp, requested URL, HTTP response code, browser type) collected by the hosting infrastructure for security and diagnostic purposes. These logs are automatically deleted after 30 days.
• Cookies — see Section 4.

Legal basis: Article 6(1)(f) GDPR — legitimate interest of the controller in ensuring the proper functioning and security of the Website.

2.2. Contact Form / SEO Audit Form Data

The Website allows users to submit inquiries through a contact form. The form may collect the following data:

• Email address
• Phone number

Providing this data is voluntary. This data is used solely to respond to the submitted inquiry or to establish contact regarding the provision of services.

Legal basis: Article 6(1)(a) GDPR — consent of the data subject (expressed by submitting the form), and Article 6(1)(b) GDPR — taking steps at the request of the data subject prior to entering into a contract.

2.3. Services Provided to Clients

In the course of providing our services (CRM systems, automations, advertising campaigns), we may process personal data provided to us by our clients on their behalf. In such cases, we act as a data processor and our client is the data controller. The details of processing are set forth in a Data Processing Agreement (DPA).

3. Legal Bases for Processing

The processing of personal data on the Website is based on the following legal frameworks:

3.1. General Data Protection Regulation (GDPR)

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the "GDPR"):

• Article 6(1)(a) — consent — processing of data from the contact form
• Article 6(1)(b) — performance of a contract or taking steps at the request of the data subject prior to entering into a contract — processing of data necessary for the provision of services
• Article 6(1)(f) — legitimate interest of the controller — ensuring Website security, technical diagnostics, prevention of misuse

3.2. ePrivacy Directive

In accordance with Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (the ePrivacy Directive), cookies are collected and used only with the prior consent of the user or to the extent strictly necessary for the provision of the electronic communications service.

3.3. California Consumer Privacy Act (CCPA)

In accordance with the California Consumer Privacy Act (Cal. Civ. Code §§ 1798.100–1798.199.100), California residents have the following rights:

• Right to Know — the right to be informed about the categories of personal data collected and the purposes of processing
• Right to Delete — the right to request the deletion of personal data
• Right to Opt-Out of Sale — STECTUS LLC does not sell personal data to third parties
• Right to Non-Discrimination — the right to equal treatment regardless of the exercise of rights under the CCPA

STECTUS LLC does not sell or share personal data for marketing purposes with third parties.

3.4. Wyoming Consumer Data Privacy Act (WYCDPA)

In accordance with the Wyoming Consumer Data Privacy Act (Wyo. Stat. §§ 40-22-101 through 40-22-114, effective July 1, 2025), Wyoming residents have the following rights:

• Right of Access — confirmation of whether data is being processed and access to such data
• Right to Correction — correction of inaccurate data
• Right to Deletion — deletion of personal data
• Right to Data Portability — obtaining data in a commonly used, portable format
• Right to Opt-Out of Profiling — opting out of data processing for profiling purposes
• Right to Opt-Out of Targeted Advertising

STECTUS LLC does not engage in profiling as defined by the WYCDPA.

3.5. Wyoming LLC Act (W.S. 17-29)

STECTUS LLC is a limited liability company formed under the laws of the State of Wyoming (Wyoming Limited Liability Company Act, W.S. 17-29). The company is in good standing (Standing: Active, Current) and is subject to state and federal laws of the United States regarding the protection of personal data.

3.6. Federal Trade Commission Act (FTC Act)

In accordance with Section 5 of the Federal Trade Commission Act (15 U.S.C. § 45), STECTUS LLC commits to not engaging in deceptive or unfair practices regarding privacy and data security.

3.7. Other Applicable Laws

• Polish Act on Personal Data Protection of May 10, 2018 (Journal of Laws 2018, item 1000 as amended) — supplementary to the GDPR
• Polish Civil Code (Journal of Laws 1964, No. 16, item 93 as amended) — protection of personal rights
• Polish Act on Electronic Services of July 18, 2002 (Journal of Laws 2002, No. 144, item 1204 as amended) — conditions for providing electronic services

4. Cookies

The Website uses cookies only to the minimum extent necessary for its proper functioning. For detailed information about cookies, please refer to our Cookie Policy.

The Website uses only strictly necessary cookies that do not require user consent, as they are essential for the provision of the electronic communications service.

5. Data Recipients

Personal data may be disclosed to the following recipients:

• OVHcloud (OVH SAS, 2 Rue Kellermann, 59100 Roubaix, France) — hosting services provider, servers located in Poland and Europe
• Scaleway (Online SAS, 8 rue de la Ville-l'Evêque, 75008 Paris, France) — cloud services and infrastructure provider

All data processors acting on our behalf operate under Data Processing Agreements guaranteeing an adequate level of data protection in accordance with the GDPR.

• OVHcloud (OVH SAS, 2 Rue Kellermann, 59100 Roubaix, France) — hosting services provider, servers located in Poland and Europe
• Scaleway (Online SAS, 8 rue de la Ville-l'Evêque, 75008 Paris, France) — cloud services and infrastructure provider
• Vercel Inc. (340 S Lemon Ave #4133, Walnut, CA 91789, USA) — front-end hosting services provider. Vercel is certified under the EU-US Data Privacy Framework.
• Netlify, Inc. (44 Montgomery Street, Suite 300, San Francisco, CA 91784, USA) — alternative hosting services provider. Netlify is certified under the EU-US Data Privacy Framework.

All data processors acting on our behalf operate under Data Processing Agreements guaranteeing an adequate level of data protection in accordance with the GDPR.

6. Data Retention Period

The retention period for personal data depends on the purpose of processing:

7. Rights of Data Subjects

In connection with the processing of your personal data, you have the following rights:

7.1. Rights under the GDPR

• Right of Access (Art. 15) — the right to obtain information about the data being processed and a copy of such data
• Right to Rectification (Art. 16) — the right to correct inaccurate data and complete incomplete data
• Right to Erasure ("Right to be Forgotten") (Art. 17) — the right to request the deletion of personal data
• Right to Restriction of Processing (Art. 18) — the right to request restriction of processing in specific cases
• Right to Data Portability (Art. 20) — the right to receive data in a structured, commonly used, and machine-readable format
• Right to Object (Art. 21) — the right to object to processing based on the legitimate interest of the controller
• Right to Withdraw Consent (Art. 7(3)) — the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal

7.2. Rights under the CCPA

If you are a California resident, you have additional rights as specified in Section 3.3 of this Privacy Policy.

7.3. Rights under the WYCDPA

If you are a Wyoming resident, you have additional rights as specified in Section 3.4 of this Privacy Policy.

7.4. Exercising Your Rights

To exercise your rights, please contact us using the contact details provided in Section 11. We will respond to your request within 30 days of receipt (GDPR) or 45 days (CCPA/WYCDPA). In justified cases, this period may be extended by an additional 60 days (GDPR) with notification of the reasons for the delay.

8. Data Security

STECTUS LLC implements appropriate technical and organizational measures to protect personal data, including:

• Encryption of data at rest and in transit using TLS/SSL
• Role-based access control (RBAC)
• Multi-factor authentication (MFA) for administrative systems
• Isolated infrastructure for client systems
• Advanced firewall and DDoS protection
• Continuous security monitoring
• Regular risk assessments and security audits

9. Children's Data Protection

The Website is not directed at individuals under the age of 16 and does not intentionally collect personal data from children. If we learn that we have collected personal data from a child without the required parental/guardian consent, we will promptly delete such data.

10. Changes to this Privacy Policy

We reserve the right to make changes to this Privacy Policy. Any material changes will be communicated by posting the updated version on the Website with the date of the last update. Continued use of the Website after changes are made constitutes acceptance of the updated Privacy Policy.

11. Contact

If you have any questions regarding this Privacy Policy or the processing of personal data, please contact us:

Document last updated: June 10, 2026