Encryption
Back to home

Legal

Privacy Policy

Effective from 1 January 2026 — last updated 23 May 2026

This Privacy Policy explains how SIA Encryption (registered in Latvia, Reģ. Nr. forthcoming, Rīga, Latvia) collects, uses and protects personal data when you interact with our website encryption.agency and our advertising and web-development services. We process data under the EU General Data Protection Regulation (2016/679) and the Latvian Personal Data Processing Law.

  1. 01

    Data we collect

    We collect only the minimum personal data needed to respond to enquiries and deliver our services. Specifically:
    • Contact data you submit through forms or email — name, email address, company, phone number and any free-text message.
    • Service data you share during engagements — ad-account access, analytics access, CRM exports and content briefs you provide to us.
    • Technical data automatically collected when you visit the site — IP address, browser type and language, device type, pages viewed and referrer. Used only in aggregate.
    • Cookies and similar storage — see the dedicated section below.

  2. 02

    Why we process it (legal basis)

    We rely on one of three GDPR legal bases for each processing activity:
    • Contract (Art. 6(1)(b)) — to deliver services you have hired us for, send invoices and manage your account.
    • Legitimate interest (Art. 6(1)(f)) — to answer enquiries, improve our site, prevent abuse and keep records of past projects.
    • Consent (Art. 6(1)(a)) — for analytics and advertising cookies, marketing emails, and any optional processing. You may withdraw consent at any time without affecting prior processing.

  3. 03

    Cookies and tracking

    We use a consent-mode setup: until you accept analytics cookies, we receive only anonymous, aggregated signals. The categories we may set, once consent is granted, are:
    • Strictly necessary — session, language preference, security. Cannot be turned off; the site does not work without them.
    • Analytics — Google Analytics 4 / Looker Studio in EU region. Helps us understand traffic flow.
    • Advertising — Meta Pixel and Google Ads tags, only on campaign landing pages and only with consent. Used to measure ad performance and serve retargeting.

  4. 04

    Sharing with third parties

    We do not sell personal data. We share it only with processors that help us deliver the service:
    • Google Ireland Ltd (Google Ads, Analytics, Looker Studio, Workspace) — EU data region where available.
    • Meta Platforms Ireland Ltd (Facebook / Instagram Ads) — Standard Contractual Clauses in place.
    • Hosting and infrastructure — Vercel, Cloudflare, and our own VPS providers operating in the EU/EEA where possible.
    • Billing and accounting — Latvian accounting partners under strict confidentiality and DPA.

  5. 05

    International transfers

    Where data leaves the EU/EEA (for example, when a US-based ad platform is involved), we rely on EU Commission–approved Standard Contractual Clauses and additional safeguards such as encryption in transit and at rest. We will list current transfer mechanisms in any signed Data Processing Agreement.

  6. 06

    How long we keep your data

    Retention periods are tied to the purpose:
    • Enquiry messages and unsolicited contact: up to 12 months, then deleted.
    • Active client records: for the duration of the engagement plus 5 years for legal and accounting purposes (Latvian Accounting Law).
    • Analytics: aggregated indefinitely, identifiable signals up to 14 months.
    • Marketing email list: until you unsubscribe, plus 30 days for record-keeping.

  7. 07

    Your rights

    Under GDPR you have the right to:
    • Access — request a copy of your personal data we hold.
    • Rectification — correct inaccurate or incomplete data.
    • Erasure — ask us to delete your data ("right to be forgotten").
    • Restriction — pause processing while a dispute is resolved.
    • Portability — receive your data in a structured, machine-readable format.
    • Objection — object to legitimate-interest or direct-marketing processing.
    • Withdraw consent — for anything we process on consent basis.
    • Lodge a complaint with the Latvian Data State Inspectorate (Datu valsts inspekcija).

  8. 08

    Security

    We protect personal data with TLS in transit, encrypted storage, role-based access controls and regular vulnerability scanning. Only staff who need access to data for a specific task have it, and access is revoked promptly when a role ends.

  9. 09

    Changes to this policy

    We may update this policy to reflect changes in law, technology or how we operate. Material changes will be announced on the home page at least 14 days before they take effect. The "last updated" date at the top always reflects the current version.
To exercise any of the rights above or ask a question, write to [email protected] with the subject line GDPR request. We aim to respond within 14 days and never charge a fee for legitimate requests.