Privacy Policy

1. Overview

This Privacy Policy describes how Basis Vector ("we", "us", "our") collects, uses, and protects personal data when you visit basis-vector.com (the "Website") or otherwise interact with us. We process personal data in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and applicable national data-protection law.

2. Data Controller

The data controller responsible for personal data processed in connection with the Website is Basis Vector. For privacy-related enquiries or to exercise your rights, write to [email protected].

3. Personal Data We Collect

We collect personal data that you provide to us directly through the contact form on the Website, and limited technical data automatically when you visit.

Information you provide

• First name and last name
• Organisation
• Email address
• Role / job title (optional)
• Type of request (e.g., datasheet, evaluation unit, partnership)
• Free-text message (optional)

Information collected automatically

• IP address — processed by our infrastructure provider to route requests and detect abuse
• Browser type and version, operating system
• Date and time of the request
• Referrer URL

We do not use tracking cookies and we do not run third-party analytics.

4. Lawful Bases for Processing

We process personal data on the following lawful bases under Article 6 GDPR:

• Article 6(1)(b) — performance of pre-contractual measures taken at your request, such as responding to your enquiry about our products.
• Article 6(1)(f) — our legitimate interests in maintaining a functional and secure Website and in operating our business, where such interests are not overridden by your rights and freedoms.

5. Purposes of Processing

• Responding to enquiries submitted through the Website;
• Evaluating the eligibility of an enquiry under applicable export-control and customer-vetting requirements;
• Communicating with you about our products, evaluations, and integration discussions;
• Operating, securing, and improving the Website.

6. Recipients and Third-Party Processors

We engage the following processors. Each is bound by contractual data-protection obligations consistent with Article 28 GDPR:

• Cloudflare, Inc. — Website hosting (Cloudflare Pages), content delivery, and edge security;
• Resend (Resend.com) — transactional email delivery for contact-form submissions.

We do not sell personal data and we do not disclose personal data to other recipients except where required by law.

7. International Transfers

Where personal data is transferred outside the European Economic Area, such transfers are made on the basis of an adequacy decision of the European Commission or appropriate safeguards under Articles 44–49 GDPR, including Standard Contractual Clauses.

8. Retention

Personal data submitted through the contact form is retained for as long as necessary to respond to your enquiry and for a reasonable period thereafter for legal record-keeping and business continuity. Technical request logs are retained for a short period (typically not more than 30 days) for security and diagnostic purposes.

9. Your Rights

Subject to the conditions set out in the GDPR, you have the right to:

• Access (Article 15) — obtain confirmation of whether we process your personal data and a copy of it;
• Rectification (Article 16) — request correction of inaccurate or incomplete data;
• Erasure (Article 17) — request deletion of your personal data;
• Restriction (Article 18) — request that we restrict processing in certain circumstances;
• Portability (Article 20) — receive your personal data in a structured, commonly used, machine-readable format;
• Objection (Article 21) — object to processing based on our legitimate interests;
• Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing.

To exercise any of these rights, write to [email protected]. We will respond within one month as required under Article 12(3) GDPR.

10. Complaints

You have the right to lodge a complaint with a data-protection supervisory authority in the EU/EEA member state of your habitual residence, place of work, or the place of the alleged infringement (Article 77 GDPR).

11. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction, including encryption in transit (TLS), access control, and operational security practices.

12. Cookies

The Website does not use tracking cookies and does not run third-party analytics. Strictly necessary cookies may be set by our infrastructure provider for security purposes (e.g., DDoS mitigation); these are exempt from the consent requirement under Article 5(3) of the ePrivacy Directive.

13. Changes to this Policy

We may update this Privacy Policy from time to time. The "last updated" date at the top of this page reflects the most recent revision. Material changes will be brought to your attention where required by law.

14. Contact

For privacy-related enquiries, write to [email protected].