Privacy Policy
Effective Date: February 1, 2026
Uraeus LLC ("Uraeus", "we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website uraeus.io and use our products ThreatZ and SentraX. This policy is provided in accordance with the EU General Data Protection Regulation (GDPR) Art. 13 and Art. 14 information obligations, the California Consumer Privacy Act (CCPA/CPRA), and other applicable data protection laws.
1. Data Controller
The data controller responsible for your personal data is:
Uraeus LLC
8 The Green, Suite B
Dover, DE 19901, USA
Email: info@uraeus.io
Website: https://uraeus.io
2. Data Protection Officer (DPO)
You can contact our Data Protection Officer for any questions regarding the processing of your personal data or to exercise your data subject rights:
Data Protection Officer
Email: dpo@uraeus.io
3. EU Representative (Art. 27 GDPR)
As Uraeus LLC is established outside the European Union, we have appointed an EU representative pursuant to Art. 27 GDPR:
VxLabs GmbH
Franz-Mayer-Str. 1
93053 Regensburg, Germany
Email: dpo@uraeus.io
4. Information We Collect
We collect the following categories of personal data:
4.1 Information you provide directly:
- Account & contact data: Name, email address, company name, job title, phone number — when you register for a trial, request a demo, subscribe to our newsletter, or contact us.
- Form submissions: Any information you enter into HubSpot-powered forms on our site (demo requests, one-pager downloads, service inquiries).
- Communication data: Content of emails and messages you send us.
4.2 Information collected automatically:
- Usage data: IP address, browser type and version, operating system, referring URL, pages visited, time spent on pages, click patterns.
- Device data: Screen resolution, device type, language preference.
- Cookie data: See Section 8 (Cookies) below for a detailed listing.
5. Legal Basis for Processing (Art. 6 GDPR)
We process your personal data based on the following legal grounds:
| Processing Activity | Legal Basis |
|---|---|
| Providing and maintaining our services (ThreatZ, SentraX) | Performance of a contract (Art. 6(1)(b)) |
| Account registration and management | Performance of a contract (Art. 6(1)(b)) |
| Responding to support requests and inquiries | Performance of a contract (Art. 6(1)(b)) / Legitimate interests (Art. 6(1)(f)) |
| Sending marketing communications and newsletters | Consent (Art. 6(1)(a)) |
| Website analytics and performance optimization | Consent (Art. 6(1)(a)) via cookie banner |
| Essential website functionality (session, theme preference) | Legitimate interests (Art. 6(1)(f)) |
| Fraud prevention and security monitoring | Legitimate interests (Art. 6(1)(f)) |
| Compliance with legal obligations (tax, regulatory) | Legal obligation (Art. 6(1)(c)) |
Where we rely on legitimate interests, our interests include operating and improving our services, ensuring network and information security, and preventing fraud. These interests are balanced against your fundamental rights and freedoms.
6. How We Use Your Information
We use collected information to:
- Provide and maintain our services, including ThreatZ and SentraX platforms
- Create and manage your account
- Communicate with you about your account, support requests, and service updates
- Send product updates and marketing communications (with your consent, which you can withdraw at any time)
- Improve our products, website, and user experience
- Analyze usage patterns and optimize performance
- Prevent fraud and ensure security
- Comply with legal obligations
7. Data Sharing and Third-Party Processors
We do not sell your personal data. We may share information with the following categories of recipients:
7.1 Sub-processors:
| Processor | Purpose | Location |
|---|---|---|
| HubSpot, Inc. | CRM, marketing automation, form handling, analytics, email campaigns | EU (eu1 region) / USA |
| Microsoft Azure | Cloud infrastructure hosting (ThreatZ and SentraX platform), data storage, compute | EU (West Europe) / USA |
| Google Fonts | Web font delivery (Inter, Outfit, Noto Sans SC) | Global CDN |
| VxLabs GmbH | European distribution, support, and EU representative | Germany (Regensburg) |
| Google LLC | Website analytics via Google Tag Manager (includes Google Analytics, conversion tracking) | USA / Global CDN |
7.2 Other disclosures:
- Business partners: Only with your explicit consent.
- Legal authorities: When required by law, court order, or to protect our legal rights.
- Business transfers: In connection with a merger, acquisition, or sale of assets (you will be notified).
8. Cookies and Tracking Technologies
We use cookies and similar technologies on our website. You can manage your cookie preferences through our cookie consent banner, which appears on your first visit. You can change your preferences at any time by clicking "Cookie Settings" in the footer.
8.1 Essential Cookies (always active, no consent required)
| Cookie / Storage Key | Purpose | Duration |
|---|---|---|
uraeus-theme |
Stores your light/dark theme preference | Persistent (localStorage) |
uraeus-lang |
Stores your language preference | Persistent (localStorage) |
uraeus-cookie-consent |
Records your cookie consent choice | Persistent (localStorage) |
8.2 Analytics / Marketing Cookies (require consent)
| Cookie Name | Provider | Purpose | Duration |
|---|---|---|---|
__hssc |
HubSpot | Session tracking — keeps track of sessions | 30 minutes |
__hssrc |
HubSpot | Determines if visitor has restarted their browser | Session |
__hstc |
HubSpot | Tracks visitors — contains domain, utk, initial timestamp, last visit timestamp, current timestamp, session number | 13 months |
hubspotutk |
HubSpot | Keeps track of a visitor's identity. Passed to HubSpot on form submission for de-duplication | 13 months |
__hs_opt_out |
HubSpot | Records cookie consent opt-out preference | 13 months |
_ga |
Google Analytics | Anonymous visitor tracking — distinguishes unique users | 2 years |
_gid |
Google Analytics | Session distinction — distinguishes unique sessions | 24 hours |
HubSpot cookies are only loaded when you accept analytics cookies via our consent banner. Google Analytics cookies are loaded via Google Tag Manager and are also gated by the same consent mechanism. If you choose "Essential Only," no HubSpot or Google Analytics scripts or cookies are loaded.
9. International Data Transfers
Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), specifically the United States. We ensure adequate protection for such transfers through the following mechanisms:
- EU-US Data Privacy Framework (DPF): Where applicable, our processors (including HubSpot and Microsoft) are certified under the EU-US Data Privacy Framework, providing an adequate level of data protection as recognized by the European Commission.
- Standard Contractual Clauses (SCCs): We have executed Standard Contractual Clauses approved by the European Commission with all processors that transfer data outside the EEA.
- Supplementary measures: We implement additional technical (encryption in transit and at rest) and organizational measures to ensure the security of transferred data.
10. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Specific retention periods are as follows:
| Data Category | Retention Period |
|---|---|
| Account data (active customers) | Duration of the contract + 30 days after account closure |
| Account data (inactive/trial accounts) | 12 months after last activity, then deleted |
| Marketing contact data (newsletter, form submissions) | Until consent is withdrawn or 24 months after last engagement |
| Website analytics data | 13 months (HubSpot cookie expiry) |
| Support and communication records | 24 months after ticket closure |
| Financial and tax records | As required by law (typically 7–10 years) |
You may request early deletion of your data at any time by contacting dpo@uraeus.io, subject to legal retention obligations.
11. Your Rights (GDPR)
Under the GDPR and applicable data protection laws, you have the following rights:
- Right of access (Art. 15): Obtain confirmation of whether we process your personal data and request a copy.
- Right to rectification (Art. 16): Request correction of inaccurate personal data.
- Right to erasure (Art. 17): Request deletion of your personal data ("right to be forgotten").
- Right to restriction (Art. 18): Request restriction of processing of your personal data.
- Right to data portability (Art. 20): Receive your personal data in a structured, commonly used, machine-readable format.
- Right to object (Art. 21): Object to processing based on legitimate interests, including profiling.
- Right to withdraw consent (Art. 7(3)): Withdraw consent at any time, without affecting the lawfulness of processing based on consent before withdrawal.
To exercise any of these rights, please contact our DPO at dpo@uraeus.io. We will respond within 30 days of receipt of your request.
12. Right to Lodge a Complaint
If you believe that our processing of your personal data violates applicable data protection law, you have the right to lodge a complaint with a supervisory authority. You may contact:
- The supervisory authority in your EU/EEA member state of habitual residence or place of work, or
- The Bayerisches Landesamt für Datenschutzaufsicht (BayLDA) — Bavarian Data Protection Authority (as VxLabs GmbH is located in Regensburg, Bavaria):
Promenade 18, 91522 Ansbach, Germany
Website: https://www.lda.bayern.de
Email: poststelle@lda.bayern.de
13. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):
- Right to Know: You have the right to know what personal information we collect, use, disclose, and sell (if applicable) about you.
- Right to Delete: You have the right to request deletion of personal information we have collected from you.
- Right to Correct: You have the right to request correction of inaccurate personal information.
- Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information as defined under the CCPA/CPRA.
- Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.
- Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information for purposes beyond what is necessary to provide our services.
Categories of personal information collected in the preceding 12 months:
- Identifiers (name, email, IP address)
- Commercial information (subscription records, purchase history)
- Internet or electronic network activity (browsing history, interaction with our website)
- Professional or employment-related information (company, job title)
To exercise your California privacy rights, contact us at privacy@uraeus.io or dpo@uraeus.io. We will verify your identity before processing your request. You may also designate an authorized agent to make a request on your behalf.
14. Children's Privacy
Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete that information promptly.
15. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the "Effective Date" at the top of this page and, where appropriate, by providing additional notice (such as a banner on our website or an email notification). We encourage you to review this policy periodically.
16. Contact
For any questions or concerns about this Privacy Policy or our data practices:
Uraeus LLC
8 The Green, Suite B
Dover, DE 19901, USA
General inquiries: info@uraeus.io
Privacy inquiries: privacy@uraeus.io
Data Protection Officer: dpo@uraeus.io
EU Representative:
VxLabs GmbH
Franz-Mayer-Str. 1
93053 Regensburg, Germany
Email: dpo@uraeus.io