LetzSecure logo LetzSecure
Log in

PRIVACY POLICY

Last Updated: December 26, 2025

1. INTRODUCTION

Connektik SARL-S ("LetzSecure", "we", "us") respects your privacy. This Privacy Policy explains how we collect, use, and protect personal data when you visit our website (letzsecure.com) or use our platform as an Administrator.

Data Controller: Connektik SARL-S 21, rue Charles Rausch, L-7247 Helmsange, Luxembourg Email: [email protected]

2. DATA WE COLLECT

We collect data depending on how you interact with us:

A. When you visit our Website

  • Usage Data: IP address, browser type, pages visited, and time spent on the site.
  • Cookies: As described in our Cookie Policy.

B. When you Sign Up (Account Administrators)

  • Identity Data: Name, email address, job title, and company name.
  • Billing Data: VAT number, billing address, and payment history. (Note: We do not store raw credit card numbers; these are handled securely by Stripe).
  • Technical Data: Login logs, API usage logs, and account preferences.

C. When you use the Service (Customer Data)

If you upload lists of employees for phishing simulations, we process that data strictly as a Data Processor on your behalf. This activity is governed by our Terms and Conditions and the associated Data Processing Agreement (DPA), not this Privacy Policy.

3. HOW WE USE YOUR DATA

We process your personal data for the following purposes and legal bases:

Purpose Legal Basis (GDPR)
Service Delivery: To create your account, provide access to the dashboard, and send transactional emails. Performance of Contract
Billing: To manage subscriptions and invoicing. Performance of Contract / Legal Obligation
Security: To detect fraud, abuse, and secure our platform (e.g., verifying domains). Legitimate Interest
Support: To respond to your inquiries via email or Featurebase. Legitimate Interest
Marketing: To send you updates about our product (only if you opted in). Consent

4. DATA SHARING (SUB-PROCESSORS)

We do not sell your data. We share data only with trusted third-party service providers required to operate our business:

  • Hosting: Servers in Finland & Germany (for data storage).
  • Mailgun (EU): For sending account notifications and magic links.
  • Stripe (USA/Global): For payment processing.
  • Featurebase (EU): For collecting feedback and managing the changelog.

For a detailed list of cookies and trackers, please refer to our Cookie Policy.

5. INTERNATIONAL TRANSFERS

We prioritize storing data within the European Union (EU). Where we use providers outside the EEA (specifically Stripe for payments), we ensure valid transfer mechanisms are in place, such as the EU-US Data Privacy Framework (DPF) or Standard Contractual Clauses (SCCs).

6. DATA RETENTION

  • Account Data: We keep your account data as long as your account is active. If you delete your account, we delete your data within 30 days, unless tax laws require us to keep billing records (usually 10 years in Luxembourg).
  • Marketing Data: We keep your email until you unsubscribe.

7. YOUR RIGHTS

Under the GDPR, you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your account and associated data ("Right to be Forgotten").
  • Object to processing (e.g., unsubscribe from marketing).
  • Export your data in a portable format.

To exercise these rights, simply email us at [email protected].

8. SECURITY

We use industry-standard encryption (TLS for transit, AES-256 for storage) and strict access controls to protect your data. However, no internet transmission is 100% secure.

9. CONTACT

If you have questions about this policy or our privacy practices, please contact: Email: [email protected] Post: Connektik SARL-S, 21, rue Charles Rausch, L-7247 Helmsange, Luxembourg.

If something feels unclear, email us at [email protected].