Privacy Policy

1.1 Information you provide.

• Contact data: name, email, company, role, country, and any additional information you include in forms, emails, or meetings.
• Contractual data: information needed to execute a Proposal, including legal name, tax ID, billing details, and bank accounts.
• Project data: credentials, documentation, infrastructure data, test datasets, and other information the Client shares for the performance of the Service.

1.2 Information collected automatically.

• IP address, browser type, operating system, language, referrer, and pages visited on the Site.
• Cookies and local storage required for the Site’s operation and, subject to consent, for aggregated analytics.

We do not knowingly collect special categories of personal data (health, racial origin, religion, etc.) and ask Clients not to share such data unless strictly necessary and covered by a specific agreement.

We use the information to:

• Respond to inquiries and proposal requests.
• Perform the contracted Services and meet our contractual obligations.
• Issue invoices and manage collections.
• Improve the Site and Services through aggregated and anonymized usage analytics.
• Comply with applicable legal, tax, and accounting obligations under the State of Florida.
• Send relevant commercial communications, only under a valid legal basis (consent or legitimate interest within an active business relationship), with an opt-out option in each message.

We process information under the following legal bases:

• Performance of a contract or pre-contractual measures requested by the data subject.
• Legal obligation, in particular regarding tax, accounting, and record-keeping obligations.
• Legitimate interest in operating, protecting, and improving our business, respecting the rights of data subjects.
• Consent, when required by applicable law (e.g. analytics cookies in GDPR jurisdictions).

We do not sell personal information. We share information with the following categories of recipients, under contractual confidentiality and security commitments:

• Technical sub-processors: infrastructure and essential service vendors such as Vercel (hosting), Cloudflare (CDN and security), Resend or other transactional email providers, Google Workspace (internal collaboration), and web analytics providers with anonymized IPs.
• Professional advisors: accountants, attorneys, and auditors when necessary.
• Competent authorities, when required by law, a judicial order, or for the defense of our rights.

During the provision of Services, the Client may ask us to process personal data under their control. In such cases, the Client acts as Data Controller and SMTM Lab acts as Data Processor.

The Client is solely responsible for obtaining the legal bases, consents, and authorizations needed to share such data. Upon request, we execute Data Processing Agreements (DPAs) when required by applicable regulations (GDPR, CCPA, or others).

We retain personal information for the following periods:

• Contact data: up to twenty-four (24) months from the last active contact, or until deletion is requested by the data subject.
• Contractual and financial data: six (6) years from termination of the relationship, in compliance with tax and accounting obligations under the State of Florida.
• Project data: as agreed in the Proposal; in the absence of agreement, up to ninety (90) days after termination of the Service, after which it will be deleted or returned to the Client.

Information is processed primarily in the United States. For data subjects covered by GDPR, international transfers are supported by the Standard Contractual Clauses (SCCs) of the European Commission and additional technical and organizational measures when applicable.

Depending on the applicable jurisdiction, you may exercise the following rights over your personal data:

• Access to the information we hold about you.
• Rectification of inaccurate or incomplete data.
• Erasure when no longer necessary for the original purposes.
• Objection to processing based on legitimate interest.
• Portability in a structured and commonly used format.
• Withdrawal of consent when it is the legal basis.
• Lodge a complaint with the competent data protection authority in your jurisdiction.

To exercise these rights, send your request to info@smtmlab.com. We will respond within thirty (30) calendar days, extendable for justified reasons.

We apply reasonable technical and organizational measures to protect the information, including TLS encryption in transit, encryption at rest for sensitive data, role-based access control, secrets management, security monitoring, and periodic assessments. No system is absolutely secure; we operate under industry standards and will follow applicable incident notification protocols under Florida Statute 501.171.

The Site uses the following categories of cookies:

• Essential: required for the Site’s operation (language preference, session, security).
• Analytics (optional): aggregated usage metrics to improve the Site; activated only with your consent in jurisdictions that require it.

We do not use advertising cookies or share identifiers with third-party ad networks.

The Site and Services are intended exclusively for adults. We do not knowingly collect personal information from minors under 18. If we become aware that we have received data from a minor without the corresponding consent, we will promptly delete it.

We may update this Policy when necessary. We will notify material changes through a visible notice on the Site or by email to affected data subjects, indicating the new effective date. Continued use of the Site or the Services after the effective date shall constitute acceptance of the updated version.