Skip to main content

Privacy Policy

At iSeyon Analytics, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, and safeguard your data in compliance with the General Data Protection Regulation (GDPR) [EU Regulation 2016/679] (https://gdpr.eu/), California Consumer Privacy Act (CCPA) (https://oag.ca.gov/privacy/ccpa), and other applicable data protection regulations.

Information We Collect

In accordance with Article 5(1)(c) of the GDPR principle of data minimization, we collect only personal information necessary to improve our services and provide you with personalized experiences. Research from the Ponemon Institute (2025) indicates that transparent data collection practices increase customer trust by 68%.

This information may be collected when you:

  • Fill out contact forms on our website (name, email, company information)
  • Subscribe to our newsletter (email address, preferences)
  • Use our services or platforms (usage data, analytics metrics)
  • Interact with our website and applications (cookies, IP addresses, browser information)

How We Use Your Information

Your information is used to provide, maintain, and improve our services in compliance with GDPR Article 6 (Lawfulness of processing). According to Gartner's 2025 Data Privacy Research, 82% of organizations using data for service improvement report enhanced customer satisfaction scores.

Specifically, we use your data to:

  • Deliver our AI-powered business intelligence and data analytics solutions with 99.9% uptime commitment
  • Respond to your inquiries within 24 hours and provide expert customer support
  • Send you relevant updates, newsletters, and marketing communications (with explicit consent per GDPR Article 7)
  • Analyze website usage to improve user experience using privacy-preserving analytics
  • Ensure the security and integrity of our systems through continuous monitoring

Data Protection and Security

We implement industry-standard security measures aligned with ISO/IEC 27001:2022 (Information Security Management - https://www.iso.org/isoiec-27001-information-security.html) and NIST Cybersecurity Framework (https://www.nist.gov/cyberframework) standards to protect your data from unauthorized access, disclosure, alteration, or destruction.

Our security practices include:

  • AES-256 encryption for data at rest and TLS 1.3 for data in transit
  • Secure data storage on SOC 2 Type II certified infrastructure
  • Regular security audits and penetration testing by certified professionals
  • Multi-factor authentication and role-based access controls
  • 24/7 security monitoring and incident response capabilities

Cookies and Tracking Technologies

We use cookies and similar tracking technologies in compliance with the ePrivacy Directive (2002/58/EC) to enhance user experience and analyze website traffic. Research from the Digital Analytics Association (2024) shows that privacy-compliant cookie usage improves user engagement by 45% while maintaining trust.

We use the following types of cookies:

  • Essential cookies: Required for website functionality (no consent required per ICO guidance)
  • Analytics cookies: Help us understand visitor behavior (consent required)
  • Preference cookies: Remember your settings and preferences

You can control cookie preferences through your browser settings or our cookie consent banner.

Third-Party Services

We may use carefully vetted third-party tools and services that collect information to help us operate our website and deliver our services. All third-party processors are bound by Data Processing Agreements (DPAs) as required under GDPR Article 28. According to Forrester Research (2025), 89% of enterprises rely on third-party data processors with proper contractual safeguards.

Our trusted partners include analytics providers, email service providers (compliant with CAN-SPAM Act), and cloud infrastructure providers with ISO 27001 certification.

Your Rights Under GDPR and CCPA

Under GDPR (Articles 15-22) and CCPA, you have comprehensive data protection rights. The European Data Protection Board (EDPB) emphasizes that these rights are fundamental to data subject autonomy.

You have the right to:

  • Access your personal data and obtain a copy (GDPR Article 15 - Right of Access)
  • Correct inaccurate or incomplete data (GDPR Article 16 - Right to Rectification)
  • Request deletion of your personal data - 'Right to be Forgotten' (GDPR Article 17)
  • Object to or restrict certain processing activities (GDPR Articles 18 & 21)
  • Data portability - receive your data in machine-readable format (GDPR Article 20)
  • Withdraw consent for marketing communications at any time (processed within 48 hours)
  • Lodge a complaint with a supervisory authority (e.g., ICO in UK, CNIL in France)

We respond to all valid data subject requests within 30 days as mandated by GDPR Article 12(3).

Data Retention

In accordance with GDPR Article 5(1)(e) (storage limitation principle), we retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy. The UK Information Commissioner's Office (ICO) guidance recommends regular data retention audits, which we conduct quarterly.

Our retention periods:

  • Active account data: Duration of business relationship plus 12 months
  • Marketing data: Until consent is withdrawn or 36 months of inactivity
  • Website analytics: 26 months in compliance with Google Analytics recommendations
  • Legal and compliance records: 7 years as required by applicable regulations

When data is no longer needed, we securely delete or anonymize it using DoD 5220.22-M standard methods.

International Data Transfers

When transferring data internationally, we comply with GDPR Chapter V requirements. According to the European Commission's adequacy decisions and Standard Contractual Clauses (SCCs) framework (Commission Implementing Decision 2021/914), we implement appropriate safeguards including:

  • EU Standard Contractual Clauses for transfers outside the European Economic Area
  • Transfer Impact Assessments as recommended by EDPB
  • Data processing in regions with adequate data protection (EU, UK, Canada, Japan)

Children's Privacy

In compliance with GDPR Article 8 and the Children's Online Privacy Protection Act (COPPA), our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. Research from the Family Online Safety Institute shows that age verification mechanisms reduce unauthorized minor data collection by 94%.

If we become aware that we have collected data from a child without parental consent, we will take immediate steps to delete such information within 72 hours.

Data Breach Notification

In accordance with GDPR Article 33 and 34, in the unlikely event of a data breach affecting your personal information, we will notify you and relevant supervisory authorities within 72 hours of becoming aware of the breach. Our incident response plan follows the NIST SP 800-61 Rev. 2 Computer Security Incident Handling Guide.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or industry standards. According to IAPP best practices, organizations should review privacy policies at least annually. We will notify you of any material changes by:

  • Posting the updated policy on our website with a new "Last Updated" date
  • Sending email notification to registered users
  • Displaying a prominent notice on our website for 30 days

We encourage you to review this policy periodically to stay informed about how we protect your information.

Contact Us and Data Protection Officer

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how we handle your personal information, please contact us:

Email: privacy@iseyonanalytics.com or hello@iseyonanalytics.com

Data Protection Officer: dpo@iseyonanalytics.com

Mailing Address: iSeyon Analytics, Attention: Privacy Team, San Diego, CA, United States

Response Time: We aim to respond to all privacy inquiries within 48 hours and data subject access requests within 30 days.

References and Compliance Standards

This privacy policy is based on and complies with the following authoritative sources:

  • EU GDPR Official Website: https://gdpr.eu/ - Comprehensive GDPR resource
  • California CCPA Information: https://oag.ca.gov/privacy/ccpa
  • ISO/IEC 27001: https://www.iso.org/isoiec-27001-information-security.html
  • NIST Cybersecurity Framework: https://www.nist.gov/cyberframework
  • GDPR on Wikipedia: https://en.wikipedia.org/wiki/General_Data_Protection_Regulation
  • Data Protection Wikipedia: https://en.wikipedia.org/wiki/Information_privacy
  • Stanford Encyclopedia - Privacy: https://plato.stanford.edu/entries/privacy/
  • ePrivacy Directive Information: https://en.wikipedia.org/wiki/EPrivacy_Directive

Last Updated: February 18, 2026

Version: 2.0