Noezys

Privacy policy

  • Conforme RGPD · accessible
  • Rapide partout, même en 4G
  • Données et hébergement en Europe
Tableau de bord tout-en-unMultilingue dès le départVous parlez à votre siteVous possédez votre codeSites uniques · pas de templatesIA sur mesureDonnées en EuropeSupport humain réactif

This policy explains how NOEZYS LTD collects, uses, and protects personal data of users of its website and services, in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Maltese Data Protection Act (Cap. 586).

Data controller

NOEZYS LTD, registered in Malta under company number C 115556, with registered office at 170, Pater House, Level 1, Suite A369, Birkirkara BKR 9077, Malta, is the controller of your personal data. For any privacy-related question, please use the form on the Contact page and mention "Personal data" in the subject.

Data we collect

Depending on how you interact with the site, we collect:

  • Contact data: name, email address, phone number (optional), and message when you use the contact form or send us a commercial enquiry.

  • Connection data: IP address, browser type, operating system, date and time of visit, referring page — kept in server logs for security and abuse prevention.

  • Audience-measurement data: pages visited, time spent, traffic source — only if you consent to analytics cookies through the Axeptio banner.

  • Contract data (clients only): company name, VAT number, billing address, contractual exchanges and invoices issued.

Purposes and legal bases

  • Reply to your enquiries — pre-contractual measures at your request (Art. 6.1.b GDPR).

  • Site security and fraud prevention — legitimate interest of the controller (Art. 6.1.f GDPR).

  • Anonymised audience measurement — consent (Art. 6.1.a GDPR), revocable at any time via the cookie banner.

  • Performance of the client contract — contract performance (Art. 6.1.b GDPR).

  • Accounting and tax obligations — legal obligation (Art. 6.1.c GDPR).

Retention periods

  • Contact-form data: 3 years from the last exchange, then deletion.

  • Technical logs (IP, user agent): 12 months maximum.

  • Contract data and invoices: 10 years from the end of the relationship, in accordance with accounting obligations.

  • Analytics data: 13 months maximum (EDPB recommendation).

Recipients and processors

We never sell your data. It may be shared with processors acting on our instructions and bound by an agreement compliant with Article 28 GDPR:

  • Application hosting: Render Services, Inc. — data hosted in the Frankfurt region (EU).

  • Object and media storage: Cloudflare, Inc. — Cloudflare R2 bucket in EU jurisdiction.

  • Transactional email: Resend, Inc. — for notifications related to the contact form.

  • Anti-bot protection on the form: Cloudflare Turnstile.

  • Cookie consent banner: Axeptio SAS (France).

  • Generative AI models (on selected features): Anthropic, PBC — data processed under Standard Contractual Clauses (SCCs).

Transfers outside the European Union

Primary hosting and databases are located in the European Union. Where a processor is established outside the EU, the transfer is governed by the Standard Contractual Clauses adopted by the European Commission (Decision 2021/914), with additional safeguards where required (encryption, pseudonymisation).

Your rights

Under Articles 15 to 22 GDPR, you have the following rights:

  • Right of access, rectification, and erasure of your data.

  • Right to restriction of, and objection to, processing.

  • Right to data portability.

  • Right to withdraw consent at any time, without retroactive effect.

  • Right to define directives concerning your data after your death.

To exercise these rights, please use the form on the Contact page and describe your request. We will respond within one month (extendable by two months for complex requests, in accordance with Article 12.3 GDPR).

Lodging a complaint

If you believe that the processing of your data does not comply with applicable law, you may lodge a complaint with the IDPC — Information and Data Protection Commissioner of Malta (idpc.org.mt) — or with the supervisory authority of your member state of residence.

Security

We implement appropriate technical and organisational measures: end-to-end TLS encryption, restricted database access, access logging, encrypted backups, EU-based hosting, and regular review of our processors.

Cookies

The cookies used on the site are described in detail in our Cookies policy, accessible from the footer. No non-essential cookie is set before your consent.

Changes to this policy

This policy may evolve to reflect legal or operational changes. Any substantial change will be flagged on this page with a new update date.

Last updated

Last updated: April 28, 2026.