AureonSystems · EST. 2026 Start a project
Home / Privacy Policy

Privacy
Policy.

How Aureon Systems SIA collects, uses, stores and protects your personal data — written in plain English, lawyer-checked.

Effective from 1 June 2026 · Last updated 3 June 2026

Aureon Systems SIA ("Aureon Systems", "we", "us" or "our") is committed to protecting your personal data. This Privacy Policy explains what we collect, why we collect it, how long we keep it, who we share it with, and the rights you have under the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and the Latvian Personal Data Processing Law.

1. Who we are

The data controller responsible for your personal data is:

For all privacy-related matters please contact us at the email address above. We will respond within 30 days, as required by Article 12(3) GDPR.

2. What personal data we collect

We only collect personal data that we need in order to provide our services, communicate with you, fulfil our legal obligations and run our business.

2.1 Data you provide to us

  • Identity & contact data: name, business name, email address, phone number, postal address, job title.
  • Project data: the brief, files, screenshots, brand assets and any other content you share with us in order for us to deliver the project.
  • Billing data: billing address, VAT number (where applicable), payment reference. We do not store payment card data — card payments are processed directly by Stripe and never reach our servers.
  • Correspondence: the content of your emails, contact-form submissions, calls and meeting notes.

2.2 Data we collect automatically

  • Server logs: IP address, browser type, operating system, referrer, request URL, response code and timestamp. We retain these for 30 days for security and abuse prevention.
  • Analytics: anonymous, aggregated usage data via privacy-friendly analytics (Plausible by default — cookie-less, no personal identifiers). If you consent to GA4, we collect additional behavioural data — see our Cookies Policy.

2.3 Data we do not collect

  • We do not knowingly collect data from children under 16.
  • We do not collect special category data (Article 9 GDPR) unless you voluntarily provide it in project content.
  • We do not sell or rent your personal data to third parties. Ever.

3. Why we process your data (legal bases)

Performance of a contract (Art. 6(1)(b))Delivering the services you ordered, project communication, invoicing.
Legal obligation (Art. 6(1)(c))Issuing invoices, retaining accounting records (Latvian Accounting Law — minimum 5 years), responding to lawful requests.
Legitimate interest (Art. 6(1)(f))Replying to inbound enquiries, IT security, fraud prevention, improving our website. We balance these interests against your rights.
Consent (Art. 6(1)(a))Non-essential cookies, marketing emails. You can withdraw consent at any time.

4. How long we keep your data

  • Project files & correspondence: for the duration of the engagement and up to 24 months after delivery, for support and reference.
  • Accounting records (invoices, contracts): 5 years from the end of the financial year, as required by Latvian law.
  • Server logs: 30 days.
  • Contact-form submissions that do not become projects: 12 months from last contact, then deleted.
  • Marketing-email subscribers: until you unsubscribe, plus 30 days for the unsubscribe record.

5. Who we share your data with

We share personal data only with carefully selected processors who provide infrastructure essential to running our business. All of them are bound by Data Processing Agreements (DPAs) that meet GDPR Article 28 requirements.

  • Hosting & CDN: Cloudflare, Inc. (EU servers preferred); Vercel Inc.; Hetzner Online GmbH (Germany).
  • Email: Microsoft 365 (EU data residency) for inbound and outbound mail.
  • Analytics: Plausible Analytics (EU-hosted) by default. GA4 only with consent.
  • Payments & invoicing: Stripe Payments Europe Ltd. (Ireland); Wise Europe SA (Belgium); your bank.
  • Accounting: our external accountant (Latvian-based, bound by professional secrecy).
  • Authorities: tax authorities, courts, law-enforcement bodies — only where legally required.

Where a processor is located outside the EEA, we rely on EU Standard Contractual Clauses and (where applicable) the EU–US Data Privacy Framework.

6. Your rights

Under the GDPR you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate or incomplete data.
  • Erasure ("right to be forgotten") — ask us to delete your data, subject to legal retention.
  • Restriction — ask us to limit how we use your data.
  • Data portability — receive a copy in a machine-readable format.
  • Objection — object to processing based on legitimate interests, including direct marketing.
  • Withdraw consent — at any time, where processing is based on consent.
  • Complain — lodge a complaint with the Latvian Data State Inspectorate (dvi.gov.lv) or the supervisory authority in your country of residence.

To exercise any of these rights, email Office@aureonsystems.eu. We will respond within 30 calendar days and we will not charge a fee for reasonable requests.

7. Security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure or destruction. These include:

  • TLS 1.3 encryption in transit on every page of this website.
  • At-rest encryption on all production servers and laptops (FileVault / BitLocker / LUKS).
  • Two-factor authentication on every account that touches client data.
  • Principle of least privilege — staff access only the data they need to do their job.
  • Regular software updates and quarterly security reviews.
  • Documented incident-response procedure; breaches affecting personal data are reported to the supervisory authority within 72 hours where required.

8. International transfers

Most of your data stays in the EEA. Where transfers to third countries are unavoidable (e.g. certain Stripe or Cloudflare infrastructure), we rely on the safeguards listed in Section 5.

9. Automated decision-making

We do not make decisions about you based solely on automated processing, including profiling, that produce legal or similarly significant effects.

10. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in law, our services or our processors. We will post the new version on this page and update the "Last updated" date at the top. For material changes we will notify active clients by email.

11. Contact

If you have any question about this Privacy Policy or how we handle your data, please email us at Office@aureonsystems.eu or write to Aureon Systems SIA, Taisnā iela 1, Tukums, LV-3104, Latvia.

This Privacy Policy is governed by the laws of the Republic of Latvia and the EU GDPR.