Privacy Policy
Last updated: March 30, 2026
Cyberium.io (« we », « us », or « our ») is operated by a company registered in France. We are committed to protecting and respecting your privacy in accordance with the General Data Protection Regulation (EU) 2016/679 (« GDPR ») and applicable French data protection laws. This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website https://cyberium.io (the « Website »).
By using our Website, you acknowledge that you have read and understood this Privacy Policy.
1. Data Controller
The data controller responsible for processing your personal data is:
CYBERIUM
CAMPUS CYBER REGION SUD – TOUR MIR
4 QUAI D’ARENC 13002 Marseille, FRANCE
Email: [email protected]
2. Personal Data We Collect
We may collect and process the following categories of personal data:
2.1 Data collected automatically
- Analytics data (via Matomo): IP address (anonymized), browser type and version, operating system, referral source, pages visited, time and duration of visit, and other usage statistics. Matomo is self-hosted on our servers, meaning your analytics data is not shared with any third party.
- Cookie consent preferences (via Axeptio): Your consent choices regarding cookies and trackers on our Website.
- Bot detection data (via Google reCAPTCHA v3): Hardware and software information (such as device and application data), interaction data (such as mouse movements, keystrokes, and browsing behavior on the page), and IP address. This data is used to assess whether the visitor is a human or a bot and to protect our forms from spam and abuse.
2.2 Data you provide voluntarily
- Contact forms: Name, email address, company name, phone number, and any other information you choose to include in your message.
- Live chat (via Crisp): Name, email address, and the content of your chat conversations with our team.
- Newsletter subscription (via Brevo): Email address and, where provided, your first and last name. Subscription is collected via the opt-in checkbox on our contact form and managed through our newsletter platform Brevo (formerly Sendinblue).
3. Purpose and Legal Basis for Processing
We process your personal data for the following purposes and legal bases under Article 6 of the GDPR:
| Purpose | Legal Basis |
|---|---|
| Website analytics and performance monitoring (Matomo) | Legitimate interest (Art. 6(1)(f)) — Matomo is configured to anonymize IP addresses and respect Do Not Track signals |
| Managing cookie consent (Axeptio) | Legal obligation (Art. 6(1)(c)) — compliance with the ePrivacy Directive and GDPR |
| Responding to your inquiries (contact forms, Crisp chat) | Legitimate interest (Art. 6(1)(f)) or performance of a contract (Art. 6(1)(b)) |
| Sending product and service update newsletters (Brevo) | Consent (Art. 6(1)(a)) — you freely give your consent by checking the opt-in checkbox on our contact form |
| Displaying our office locations (Google Maps) | Consent (Art. 6(1)(a)) — Google Maps is loaded only after you give consent via Axeptio |
| Website functionality and design (Elementor) | Legitimate interest (Art. 6(1)(f)) — necessary for the proper functioning of the Website |
| Spam and bot protection on forms (Google reCAPTCHA v3) | Legitimate interest (Art. 6(1)(f)) — necessary to protect the Website against automated abuse and spam submissions |
4. Newsletter — Subscription, Content, and Opt-Out
4.1 How we collect your subscription
When you complete our contact form, you may choose to subscribe to our newsletter by checking the opt-in checkbox labelled: « I agree to receive occasional product updates and marketing communications from Cyberium. I can unsubscribe at any time. » Checking this box constitutes your free, informed, and unambiguous consent as required by the GDPR (Art. 6(1)(a) and Recital 32).
4.2 What we send
We send newsletters exclusively for the purpose of informing you about Cyberium’s products and services, including new features, updates, use cases, and relevant announcements. We do not use the newsletter list for any other marketing purpose. Emails are sent infrequently and with moderation — we aim to contact subscribers only when we have meaningful and relevant information to share.
4.3 Newsletter platform — Brevo
We use Brevo (formerly Sendinblue), a marketing platform operated by Sendinblue SAS, 55 rue d’Amsterdam, 75008 Paris, France, to manage our newsletter list and send communications. Brevo acts as a data processor on our behalf. Your email address and, where applicable, your name are transferred to and stored on Brevo’s servers within the European Union. Brevo is GDPR-compliant and processes your data solely in accordance with our instructions and their Data Processing Agreement. For more information, please refer to Brevo’s Privacy Policy.
4.4 Your right to unsubscribe
You may withdraw your consent and unsubscribe from our newsletter at any time, without any consequences, by:
- Clicking the unsubscribe link included in every newsletter email we send; or
- Sending an email to [email protected] with the subject « Unsubscribe ».
Your request will be processed promptly. Withdrawal of consent does not affect the lawfulness of any processing carried out prior to your withdrawal.
5. Cookies and Tracking Technologies
Our Website uses cookies and similar technologies. We use Axeptio as our Consent Management Platform (CMP) to obtain and manage your consent before placing non-essential cookies on your device. For a full description of all cookies used on our Website, their purpose, duration, legal basis, and how to manage your preferences, please refer to our dedicated Cookie Policy. You can manage your cookie preferences at any time by clicking the Axeptio cookie widget available on our Website, or by adjusting your browser settings.
6. Third-Party Services
We use the following third-party services that may process personal data:
| Service | Provider | Purpose | Data Processed | Data Location |
|---|---|---|---|---|
| Matomo Analytics | Matomo (self-hosted) | Website analytics | Anonymized IP, browsing behavior | Our own servers (France/EU) |
| Axeptio | Axeptio (France) | Cookie consent management | Consent preferences, cookie identifiers | EU |
| Crisp | Crisp IM SAS (France) | Live chat support | Name, email, chat content, IP address | EU |
| Brevo (formerly Sendinblue) | Sendinblue SAS (France) | Newsletter management and delivery | Email address, first and last name (if provided) | EU |
| Google Maps | Google LLC (USA) | Display office locations | IP address, usage data | USA (with consent) |
| Elementor | Elementor Ltd. | Website page builder | Minimal technical data (fonts, assets) | CDN (global) |
| Google reCAPTCHA v3 | Google LLC (USA) | Spam and bot protection | IP address, interaction data (mouse movements, keystrokes), device and browser information | USA (with appropriate safeguards) |
Where data is transferred outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or the service provider’s participation in an adequacy framework.
7. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy:
- Analytics data (Matomo): Retained for a maximum of 26 months, after which it is automatically deleted or anonymized.
- Contact form submissions: Retained for the duration of our business relationship and up to 3 years after the last contact for follow-up purposes.
- Live chat conversations (Crisp): Retained in accordance with Crisp’s data retention policy and for the duration necessary to handle your inquiry.
- Cookie consent records (Axeptio): Retained for the duration required by applicable law (typically up to 13 months for consent proof).
- Newsletter subscription data (Brevo): Retained for the duration of your subscription. Upon unsubscription, your data is removed from our active mailing list. We may retain a record of your unsubscription for up to 3 years as proof of your consent withdrawal, in accordance with applicable law.
- reCAPTCHA data (Google): Interaction and device data collected by Google reCAPTCHA v3 is processed by Google in accordance with its data retention policies. We do not store reCAPTCHA assessment data on our servers beyond the immediate form submission verification.
8. Your Rights Under the GDPR
As a data subject, you have the following rights under the GDPR:
- Right of access (Art. 15) — You have the right to obtain confirmation of whether we process your personal data and to request a copy of that data.
- Right to rectification (Art. 16) — You have the right to request the correction of inaccurate personal data.
- Right to erasure (Art. 17) — You have the right to request the deletion of your personal data (« right to be forgotten »), subject to legal obligations.
- Right to restriction of processing (Art. 18) — You have the right to request the restriction of processing in certain circumstances.
- Right to data portability (Art. 20) — You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
- Right to object (Art. 21) — You have the right to object to processing based on legitimate interest, including profiling.
- Right to withdraw consent (Art. 7(3)) — Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing carried out before the withdrawal. For newsletter subscriptions specifically, you may unsubscribe at any time via the link in each email or by contacting us directly.
To exercise any of these rights, please contact us at: [email protected]
We will respond to your request within one month, as required by the GDPR. If your request is complex or we receive a large number of requests, we may extend this period by up to two additional months, in which case we will inform you.
9. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include, but are not limited to:
- SSL/TLS encryption for all data transmitted between your browser and our Website
- Secure hosting infrastructure
- Regular security audits and updates
- Access controls limiting data access to authorized personnel only
10. International Data Transfers
Our Website is accessible worldwide. If you access our Website from outside the European Economic Area (EEA), please be aware that your data may be transferred to and processed in France (within the EEA), where our servers are located. For the use of Google Maps and Google reCAPTCHA v3, data may be transferred to servers operated by Google LLC in the United States. Such transfers are carried out in accordance with appropriate safeguards, including Google’s compliance with applicable data protection frameworks and Standard Contractual Clauses (SCCs).
11. Children’s Privacy
Our Website is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you are a parent or guardian and believe that your child has provided us with personal data, please contact us so that we can take appropriate action.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. Any changes will be posted on this page with an updated « Last updated » date. We encourage you to review this Privacy Policy periodically.
13. Right to Lodge a Complaint
If you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority. In France, the competent authority is:
CNIL (Commission Nationale de l’Informatique et des Libertés)
3 Place de Fontenoy, TSA 80715
75334 Paris Cedex 07, France
Website: https://www.cnil.fr
14. Contact Us
If you have any questions or concerns about this Privacy Policy or our data processing practices, please contact us at:
CYBERIUM
CAMPUS CYBER REGION SUD – TOUR MIR
4 QUAI D’ARENC 13002 Marseille, FRANCE
Email: [email protected]
