Privacy Policy
Last Updated: January 13, 2026
1. Data Controller
| Name | ANDREADAKIS DIMITRIOS SPYRIDON |
| Trade Name | Eyecaptain |
| Country | Greece (EU) |
| [email protected] | |
| Website | eyecaptain.io |
As Data Controller, we are responsible for the collection, processing, and protection of your personal data in accordance with the General Data Protection Regulation (GDPR) and Greek law.
2. Types of Data Collected
| Category | Data |
|---|---|
| Account Data | Full name, Email address, Company name, Password (encrypted) |
| Usage Data | Website URLs for analysis, Screenshots of analyzed pages, Analysis results and reports, Platform interactions |
| Technical Data | IP address, Browser and device type, Cookies and session identifiers |
| Payment Data | Processed through Stripe. We do not store full card details. |
3. Legal Basis for Processing
| Legal Basis | Description |
|---|---|
| Contract Performance Art. 6(1)(b) GDPR | To provide the service you requested |
| Legitimate Interest Art. 6(1)(f) GDPR | For service improvement and security |
| Consent Art. 6(1)(a) GDPR | For marketing communications and cookies |
| Legal Obligation Art. 6(1)(c) GDPR | For tax and accounting requirements |
4. Purpose of Data Processing
| Purpose |
|---|
| Account creation and management |
| Providing CRO/UX analysis services |
| Payment processing |
| Customer support |
| Service improvement and development |
| Security and fraud prevention |
| Compliance with legal obligations |
5. Data Retention Periods
| Data Type | Retention Period |
|---|---|
| Account data | Until account deletion + 30 days |
| Analyses & reports | Until deletion or 2 years of inactivity |
| Payment data | 7 years (tax requirements) |
| Security logs | 12 months |
| Cookies | Depending on type (see Cookie Policy) |
6. Your Rights (GDPR)
| Right | Description |
|---|---|
| Right of Access | To receive a copy of your data |
| Right to Rectification | To correct inaccurate data |
| Right to Erasure | To request deletion (under conditions) |
| Right to Portability | To receive data in machine-readable format |
| Right to Object | To object to processing |
| Right to Restriction | To restrict processing |
| Withdraw Consent | At any time |
To exercise your rights, contact us at [email protected]. We will respond within 30 days.
7. Automated Decision Making
Our service uses AI to analyze websites and generate CRO/UX recommendations. This does not constitute automated decision-making that legally or significantly affects you under Article 22 GDPR.
8. International Data Transfers
Your data may be transferred to and processed in countries outside the EEA. We ensure adequate protection through:
| Protection Mechanism |
|---|
| Standard Contractual Clauses (SCCs) |
| EU-US Data Privacy Framework |
| Commission adequacy decisions |
9. Data Security Measures
| Security Measure |
|---|
| Data encryption (TLS/SSL) |
| Secure password storage (hashing) |
| Access control and authentication |
| Regular backups |
| Security monitoring |
10. Third-Party Services
| Service | Purpose |
|---|---|
| Stripe | Payment processing |
| Google Analytics | Usage statistics (with IP anonymization) |
| Supabase | Data infrastructure (EU servers) |
| AI Providers | Analysis processing |
Each provider is bound by a Data Processing Agreement (DPA).
11. Cookie Policy
| Cookie Type | Description |
|---|---|
| Essential | For platform operation (session, authentication) |
| Functional | To store preferences |
| Analytics | For usage statistics (with consent) |
You can manage your cookie preferences through the consent banner or in your browser settings.
12. Children's Privacy
Our service is not intended for individuals under 18 years of age. We do not knowingly collect data from minors. If we learn that we have collected data from a minor, we will delete it immediately.
13. Changes to Privacy Policy
We may update this Policy periodically. We will notify you of material changes via email or platform notification. The "Last Updated" date at the top reflects the latest revision.
14. Supervisory Authority
You have the right to lodge a complaint with the supervisory authority:
| Authority | Hellenic Data Protection Authority (HDPA) |
| Address | Kifissias 1-3, 115 23 Athens, Greece |
| Website | www.dpa.gr |
| [email protected] |
15. Contact Us
For questions about this Policy or your data:
| Contact | Data Protection Officer |
| [email protected] | |
| Website | eyecaptain.io |