Privacy
Policy

Your privacy is important to us. This policy explains how we collect, use, and protect information about visitors, customers, and community members who interact with Siebly.io, our SDKs, and related services.

Last updated: 25 November 2025

1. Scope

This Policy explains how we collect, use, and share personal data when you visit Siebly.io, use our SDKs, interact with support, or join our mailing lists. It applies to processing we perform as a controller. If we process customer end-user data as a processor, see Section 15.

2. Information We Collect

  • Account & contact details. Name, email, and similar details when you contact us or request support. Newsletter subscriptions are collected by Substack, see §10 for more details.
  • Support & correspondence records. Messages you send to our support channels, notes about issues raised, and attachments you choose to share.
  • Usage and diagnostics data. Server and application logs, device identifiers, IP addresses, browser type, pages visited, and timestamps generated when you access Siebly.io or consume hosted documentation.
  • Community or programme participation. Details submitted for beta programmes, partner onboarding, rebates, or affiliate tracking, as well as responses to optional surveys.

We do not intentionally collect sensitive personal data (e.g., health, biometric, or payment card details) and ask that you do not submit it through our channels.

3. How We Use Information

  • Provide, maintain, and improve our SDKs, websites, and support experiences.
  • Diagnose service issues, monitor performance, and protect against abuse.
  • Respond to enquiries, fulfil support requests, and deliver contractual services.
  • Send transactional messages (e.g., release notices, security updates) and communications you opt into, such as newsletters or product announcements.
  • Conduct analytics to understand usage trends and prioritise roadmap decisions.
  • Comply with legal obligations and enforce our agreements.

4. Legal Bases for Processing

Where required by law (e.g., UK/EU GDPR), we rely on the following legal bases:

  • Contract. When processing is necessary to deliver SDKs, support, or commercial obligations.
  • Legitimate interests. To secure infrastructure, prevent abuse, understand service usage, and communicate relevant updates to existing users. We balance these interests against any impact on your rights.
  • Consent. For marketing emails, optional telemetry, and analytics cookies where consent is legally required. You may withdraw consent at any time.
  • Legal obligation. When we must retain data to comply with law or respond to lawful requests.

5. How We Share Information

We do not sell personal information. We disclose data only to:

  • Service providers. Cloud hosting, email delivery, analytics, and customer support platforms that process data on our behalf under written agreements.
  • Professional advisers. Lawyers, auditors, and accountants bound by confidentiality obligations.
  • Authorities. Regulators or law enforcement when required to comply with applicable law, enforce our terms, or protect rights, safety, or property.
  • Business transfers. Potential acquirers or successors in the event of a merger, sale, or restructuring, subject to this Policy or equivalent safeguards.

Processors are contractually required to handle data according to our instructions and implement appropriate security measures.

6. International Transfers

We transfer data internationally using recognised safeguards:

  • Standard Contractual Clauses (SCCs) and, where UK GDPR applies, the UK Addendum or IDTA.
  • For EEA visitors: transfers to certified US recipients may rely on the EU-US Data Privacy Framework.

See our sub-processor list for recipient categories and countries: Sub-processors.

We also use SCCs or other lawful tools for recipients in countries without adequacy decisions.

7. Data Retention

We keep personal information only for as long as necessary to fulfil the purposes outlined in this Policy, comply with legal obligations, resolve disputes, and enforce agreements.

  • Support tickets and correspondence: retained up to 24 months unless longer required.
  • Newsletter subscriber data: retained while you remain subscribed or until deleted at your request.
  • Telemetry and analytics logs: aggregated or anonymised within 12 months wherever feasible.

8. Security

We implement administrative, technical, and physical safeguards, including access controls, encryption in transit, and secure development practices, to protect data. However, no internet service is completely secure; please use strong credentials, rotate API keys regularly, and contact us immediately if you suspect misuse.

9. Cookies & Analytics

We use cookies and similar technologies to operate the site, remember preferences, and analyse engagement. Essential cookies are required to deliver the Services. Optional analytics cookies (e.g., Google Analytics) are only enabled after you provide consent (where required by law) and can be managed via your browser settings or the Cookie Settings link in the footer.

Analytics providers collect pseudonymous identifiers, device information, and usage metrics to help us understand aggregate behaviour. We do not permit them to use the data for independent profiling.

The banner presents Accept all and Reject all with equal prominence. Non-essential cookies are set only after you consent, and you can revisit choices anytime via Cookie Settings.

siebly-cookie-consent

Provider
Siebly
Purpose
Stores your consent preferences (essential vs analytics) so we honour your choices.
Duration
Persistent until cleared
Type
Essential (local storage)

No non-essential cookies are set by default.

10. Marketing & Newsletter Communications

Newsletter. Subscriptions are provided by Substack. When you subscribe on Substack, Substack collects and processes your email (and any optional name) to deliver updates. We may access subscriber information to manage the publication. You can unsubscribe at any time using the link in each email or via Substack. See Substack's privacy information on their site.

11. Your Rights

Depending on your location, you may have rights to access, rectify, erase, restrict, and port your personal data, and to object where we rely on legitimate interests.

Direct marketing: you have an absolute right to object at any time. We will stop marketing if you object.

To exercise rights, email privacy@siebly.io. We will verify your request and respond within applicable legal timeframes.

12. Children

The Services are not directed to children and we do not knowingly collect personal data from individuals who are legally considered children in their jurisdiction. If you believe a child has provided us with personal information, please contact us so we can delete it.

13. Changes to This Policy

We may update this Policy to reflect operational or legal changes. When we make material updates, we will revise the “Last updated” date and, where appropriate, provide additional notice (such as a banner on the site or email notification).

14. Contact & Complaints

For privacy questions or requests, email privacy@siebly.io.

Supervisory authorities:

  • EEA: You may complain to your local data protection authority.

15. When we act as a processor

For certain services where customers send us end-user data, we act as a processor and process only on written instructions, under customer-specific processing terms and with approved sub-processors. We update this list before onboarding any new sub-processor.

  • Customer-specific processing terms are handled directly with paid service customers.
  • Current sub-processor roster: see table below.
None currently. This list will update before any processor-mode service goes live.

Independent providers for the public website

  • Substack – newsletter subscriptions and delivery.
  • Cloudflare – site hosting and delivery.
  • No analytics vendors currently active.