Privacy Policy

Last updated: 28 May 2026

1. Introduction

Stream Foundry Limited ("we", "us", or "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect personal data when you visit our website at streamfoundry.io (the "Website").

We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the Cyprus Law 125(I)/2018 on the Protection of Natural Persons with Regard to the Processing of Personal Data and the Free Movement of Such Data, as well as any other applicable data protection legislation.

By accessing the Website, you acknowledge that you have read and understood this Privacy Policy. We encourage you to read it carefully before providing any personal data.

2. Data Controller Information

The data controller responsible for your personal data is:

• Stream Foundry Limited
• Registration number: HE 492838
• Registered address: Thessalonikis, Nicolaou Pentadromos Centre, 10th floor, Flat/Office 1002, 3025 Limassol, Cyprus
• Data Protection Officer contact: legal@streamfoundry.io

If you have any questions or concerns regarding the processing of your personal data, or if you wish to exercise any of your rights under GDPR, please contact our Data Protection Officer at the email address above.

3. Data We Collect

When you visit the Website, we may collect the following categories of personal data:

a) Server Log Data (collected automatically)

• IP address (which may be anonymised)
• Browser type and version
• Operating system
• Referring URL
• Pages visited and time spent on each page
• Date and time of access (timestamps)

b) Cookie and Analytics Data

• Device identifiers and browser fingerprint data
• Session duration, page views, and navigation paths
• Approximate geographic location derived from IP address

c) Contact and Inquiry Data (if applicable)

• Name, email address, and any other information you voluntarily provide when contacting us through the Website or via email

4. Legal Basis for Processing

We process your personal data only when we have a valid legal basis to do so under Article 6(1) of the GDPR. The legal bases we rely on are:

• Legitimate interest (Article 6(1)(f)): We process server log data and strictly necessary cookies for the purposes of website security, fraud prevention, system administration, and aggregated analytics to understand how visitors use the Website. We have assessed that these processing activities are necessary for our legitimate interests and do not override your fundamental rights and freedoms.
• Consent (Article 6(1)(a)): We obtain your prior, informed consent before placing non-essential cookies (such as analytics cookies) on your device. You may withdraw your consent at any time through the cookie settings on the Website or by adjusting your browser preferences.
• Contractual necessity or pre-contractual steps (Article 6(1)(b)): Where you contact us with an inquiry, we process your data to respond to and manage your request.

5. How We Use Your Data

We use the personal data we collect for the following purposes:

• Website operation and maintenance: Ensuring the Website functions correctly, diagnosing technical issues, and optimising performance.
• Analytics: Understanding how visitors interact with the Website to improve its content, design, and user experience. Analytics data is processed in aggregated and, where possible, anonymised form.
• Responding to inquiries: Processing and responding to questions, feedback, or requests you submit to us.
• Security: Detecting, preventing, and responding to security threats, fraud, abuse, or other harmful activity directed at the Website or its infrastructure.
• Legal compliance: Meeting our obligations under applicable laws, regulations, and legal processes.

6. Cookies & Tracking Technologies

The Website uses cookies and similar tracking technologies. Cookies are small text files placed on your device when you visit the Website.

a) Strictly Necessary Cookies

These cookies are essential for the Website to function and cannot be switched off. They are usually set in response to actions you take, such as setting your privacy preferences or maintaining session integrity. These cookies do not store any personally identifiable information beyond what is required for the Website to operate.

b) Analytics Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of the Website. They help us understand which pages are the most and least popular and how visitors navigate the site. All information collected by these cookies is aggregated. These cookies are only placed with your prior consent.

Managing Cookies

You can manage your cookie preferences at any time by adjusting your browser settings. Most browsers allow you to refuse cookies or delete cookies that have already been set. Please note that disabling strictly necessary cookies may affect the functionality of the Website. For more information on how to manage cookies in your browser, visit your browser's help documentation.

7. Data Sharing

We do not sell, rent, lease, or trade your personal data to any third party.

We may share your personal data only with the following categories of recipients, and only to the extent necessary for the purposes described in this Privacy Policy:

• Hosting providers: Third-party infrastructure and hosting services that store and serve the Website on our behalf.
• Analytics providers: Services that help us understand Website usage through aggregated data processing.
• Legal and regulatory authorities: Where we are required to disclose personal data to comply with a legal obligation, court order, or regulatory request.
• Professional advisors: Legal, accounting, or auditing professionals, subject to contractual confidentiality obligations.

All third-party service providers are required to process personal data in accordance with our instructions and applicable data protection laws. We enter into appropriate data processing agreements with all processors to ensure your data is adequately protected.

8. International Data Transfers

We endeavour to keep personal data within the European Economic Area ("EEA") wherever possible. Where a transfer of personal data to a country outside the EEA is necessary, we ensure that appropriate safeguards are in place in accordance with Chapter V of the GDPR, including but not limited to:

• Transfers to countries that have received an adequacy decision from the European Commission (Article 45 GDPR);
• Standard Contractual Clauses ("SCCs") adopted by the European Commission (Article 46(2)(c) GDPR);
• Any other legally recognised transfer mechanism under applicable data protection law.

You may request a copy of the safeguards in place for any international data transfer by contacting us at legal@streamfoundry.io.

9. Data Retention

We retain personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable law. Our specific retention periods are as follows:

• Server logs: Retained for a maximum of 90 days from the date of collection, after which they are automatically deleted or irreversibly anonymised.
• Analytics data: Aggregated analytics data, which does not identify individual users, may be retained indefinitely for trend analysis.
• Contact and inquiry data: Retained for as long as necessary to resolve your inquiry, and thereafter for a reasonable period to comply with legal obligations or to establish, exercise, or defend legal claims.

When personal data is no longer required, we securely delete or anonymise it in accordance with our data retention procedures.

10. Your Rights Under GDPR

As a data subject, you have the following rights under the GDPR. You may exercise any of these rights free of charge by contacting us at legal@streamfoundry.io:

• Right of access (Article 15): You have the right to obtain confirmation as to whether personal data concerning you is being processed, and to request access to that data along with supplementary information about the processing.
• Right to rectification (Article 16): You have the right to have inaccurate personal data corrected without undue delay, and to have incomplete personal data completed.
• Right to erasure (Article 17): You have the right to request the deletion of your personal data where there is no compelling reason for its continued processing, subject to applicable legal exceptions.
• Right to restriction of processing (Article 18): You have the right to request that we restrict the processing of your personal data in certain circumstances, for example where you contest the accuracy of the data or object to processing based on legitimate interest.
• Right to data portability (Article 20): Where processing is based on consent or contract and is carried out by automated means, you have the right to receive the personal data you provided to us in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
• Right to object (Article 21): You have the right to object to the processing of your personal data where we rely on legitimate interest as the legal basis, including profiling based on those provisions. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
• Right to withdraw consent: Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
• Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the GDPR. See Section 14 below for details of the relevant supervisory authority.

We will respond to your request within one month of receipt. In exceptional circumstances, where requests are complex or numerous, we may extend this period by a further two months, in which case we will inform you of the extension and the reasons for it within the initial one-month period.

11. Data Security

We implement appropriate technical and organisational measures in accordance with Article 32 of the GDPR to ensure a level of security appropriate to the risk, including but not limited to:

• Encryption of data in transit using TLS/SSL protocols;
• Access controls and authentication measures to restrict access to personal data to authorised personnel only;
• Regular security assessments and monitoring of our systems and infrastructure;
• Processes for regularly testing, assessing, and evaluating the effectiveness of technical and organisational measures.

While we take all reasonable steps to protect your personal data, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee absolute security of your data.

12. Children's Privacy

The Website is not directed at, and we do not knowingly collect personal data from, persons under the age of 16. If you are under 16, please do not provide any personal data through the Website. If we become aware that we have collected personal data from a child under 16 without valid parental consent, we will take steps to delete that information as promptly as possible. If you believe that a child under 16 has provided us with personal data, please contact us immediately at legal@streamfoundry.io.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational, legal, or regulatory reasons. Any changes will be effective immediately upon posting the revised Privacy Policy on the Website with an updated "Last updated" date.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your personal data. Your continued use of the Website after any changes to this Privacy Policy constitutes your acceptance of the revised policy.

14. Contact & Supervisory Authority

If you have any questions about this Privacy Policy, wish to exercise your data subject rights, or have concerns about how your personal data is processed, please contact us:

Stream Foundry Limited
Thessalonikis, Nicolaou Pentadromos Centre, 10th floor, Flat/Office 1002
3025 Limassol, Cyprus
Email: legal@streamfoundry.io

You also have the right to lodge a complaint with the relevant data protection supervisory authority. The supervisory authority for Cyprus is:

Commissioner for Personal Data Protection
1 Iasonos Street
1082 Nicosia, Cyprus
Website: www.dataprotection.gov.cy