EyeOTeaBack to Registration

Privacy Policy

Last updated: December 6, 2025

1. Introduction

Sylvanity B.V. ("Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our IoT device management platform ("Service").

We process personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

Sylvanity B.V. is the data controller responsible for your personal data. For questions about this policy or to exercise your rights, contact us at:

Sylvanity B.V.
Email: [email protected]

3. Information We Collect

3.1 Account Information

When you register for an account, we collect:

  • Email address
  • Password (stored in encrypted form via Firebase Authentication)
  • Organization membership and role
  • Account creation and login timestamps

3.2 Device Information

When you register IoT devices, we collect:

  • Device identifiers (DevEUI, serial numbers)
  • Device names and descriptions
  • Device configuration and profile information
  • Network credentials (encrypted)

3.3 Telemetry Data

We collect data transmitted by your IoT devices, including:

  • Sensor readings (temperature, humidity, location, etc.)
  • Device status information
  • Transmission timestamps
  • Network metadata (signal strength, gateway information)

3.4 Usage Information

We automatically collect:

  • IP addresses and browser information
  • Pages visited and features used
  • Timestamps of Service access
  • Error logs and performance data

4. Legal Basis for Processing (GDPR)

We process your personal data based on:

  • Contract Performance: Processing necessary to provide the Service you requested
  • Legitimate Interests: Service improvement, security, and fraud prevention
  • Legal Obligation: Compliance with applicable laws and regulations
  • Consent: Where you have given explicit consent for specific processing activities

5. How We Use Your Information

We use the collected information to:

  • Provide, maintain, and improve the Service
  • Authenticate users and manage access permissions
  • Store and display device telemetry data
  • Send service-related communications
  • Monitor and analyze usage patterns
  • Detect and prevent security threats and fraud
  • Comply with legal obligations

6. Data Sharing and Disclosure

We may share your information with:

6.1 Service Providers

  • Google Cloud Platform: Cloud infrastructure and database hosting
  • Firebase: Authentication services
  • ChirpStack: LoRaWAN network server for device connectivity
  • Magistrala: IoT platform for data messaging

6.2 Within Your Organization

Other members of your organization may access your information based on their role and permissions.

6.3 Legal Requirements

We may disclose information when required by law, court order, or to protect our rights and safety.

7. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions where applicable
  • Data processing agreements with all service providers

8. Data Retention

We retain your data for:

  • Account data: Duration of your account plus 30 days after deletion
  • Device data: Duration of device registration plus 90 days
  • Telemetry data: 12 months from collection, unless otherwise configured
  • Audit logs: 24 months for security and compliance purposes

You may request earlier deletion subject to legal retention requirements.

9. Your Rights Under GDPR

You have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Request limitation of processing
  • Portability: Receive your data in a machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent at any time where processing is based on consent
  • Lodge a Complaint: File a complaint with a supervisory authority

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

10. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption in transit (TLS/HTTPS) and at rest
  • Secure authentication via Firebase
  • Role-based access control
  • Regular security audits and monitoring
  • Employee training on data protection

Despite our efforts, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

11. Cookies and Tracking

We use essential cookies for authentication and session management. We do not use advertising or third-party tracking cookies.

Essential cookies cannot be disabled as they are necessary for the Service to function.

12. Children's Privacy

The Service is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or through the Service. Your continued use after such notification constitutes acceptance of the updated policy.

14. Contact Us

For questions, concerns, or to exercise your rights, please contact:

Sylvanity B.V.
Email: [email protected]
Website: https://eyeotea.com

You may also lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.

Return to Registration