Privacy Policy
Last updated: 6 March 2026
We collect almost nothing. We don't sell data. We don't run retargeting. We don't profile visitors. This policy explains the small amount of data we do handle and exactly how we treat it.
Data controller
SEYPRO
Victoria, Mahé, Seychelles
Email: hello@sey.pro
Phone: +248 258 3584
Seypro acts as the data controller for personal data collected through sey.pro. For client project data, Seypro acts as a data processor under the terms of each client engagement agreement.
What we collect
We collect only data you actively provide or that is technically necessary to serve the website:
| Data type | What | Lawful basis | Retention |
|---|---|---|---|
| Contact form | Name, email, company, message | Legitimate interest (Art. 6(1)(f) GDPR) | 24 months |
| Newsletter | Email address | Consent (Art. 6(1)(a) GDPR) | Until unsubscribe |
| Analytics | Anonymised page views, device type, country | Legitimate interest | 14 months |
| Server logs | IP address (anonymised), request path, timestamp | Legitimate interest | 30 days |
We do not collect: payment information, biometric data, health data, political opinions, religious beliefs, trade union membership, genetic data, or any special category data under GDPR Article 9. We do not purchase data from brokers. We do not build advertising profiles.
How we use your data
- Respond to inquiries — we read your contact form submission and reply by email
- Send newsletters — only if you opted in, with a one-click unsubscribe in every email
- Improve the site — aggregate, anonymised analytics tell us which pages are useful
We do not use your data for automated decision-making, profiling, or scoring of any kind. We do not sell, rent, trade, or share your personal data with third parties for their marketing purposes.
Sub-processors
The following services process data on our behalf. Each operates under its own DPA (Data Processing Agreement):
| Service | Purpose | Data processed | Location |
|---|---|---|---|
| Vercel | Hosting and CDN | Server logs (anonymised IP) | US / EU edge |
| Resend | Email delivery | Email address, message content | US |
| Google Analytics | Anonymised site analytics | Anonymised page views, device category | US / EU |
We do not use advertising networks, social media tracking pixels, or third-party retargeting services.
International data transfers
Seypro operates from Seychelles, UAE, and South Africa. Some sub-processors are based in the United States. Where personal data is transferred outside the EEA, we rely on:
- EU-US Data Privacy Framework (for US-based processors certified under DPF)
- Standard Contractual Clauses (SCCs) adopted by the European Commission (Decision 2021/914)
Cookies
We use minimal cookies:
- Strictly necessary — session cookies for site functionality (no consent required under ePrivacy Directive)
- Analytics — Google Analytics cookies with IP anonymisation enabled. No cross-site tracking, no advertising identifiers
We do not use marketing cookies, social media cookies, or fingerprinting techniques. You can disable all cookies in your browser settings without affecting core site functionality.
Security measures
We protect your data with industry-standard technical and organisational measures:
- TLS 1.3 encryption for all data in transit
- AES-256 encryption at rest for stored data
- Access controls limited to authorised personnel on a need-to-know basis
- Regular security reviews of infrastructure and application code
- Secure development practices aligned with OWASP guidelines
Your rights
Depending on your jurisdiction, you have specific rights over your personal data:
GDPR (EU/EEA/UK)
- Right of access (Art. 15)
- Right to rectification (Art. 16)
- Right to erasure / "right to be forgotten" (Art. 17)
- Right to restrict processing (Art. 18)
- Right to data portability (Art. 20)
- Right to object to processing (Art. 21)
- Right to lodge a complaint with your supervisory authority
POPIA (South Africa)
- Right to access, correct, and delete personal information
- Right to object to processing of personal information
- Right to submit a complaint to the Information Regulator
UAE PDPL
- Right to access, correct, and erase personal data
- Right to restrict or object to processing
- Right to data portability
Seychelles Data Protection Act
- Right to access personal data held about you
- Right to request correction of inaccurate data
- Right to object to processing
To exercise any right, email hello@sey.pro. We respond within 30 days. No fee is charged for reasonable requests.
Data breach notification
In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach (per GDPR Article 33). If the breach poses a high risk to your rights and freedoms, we will notify affected individuals without undue delay (per GDPR Article 34).
Children's privacy
Our services are not directed at individuals under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it promptly.
Changes to this policy
We may update this policy as our services evolve. Material changes will be noted at the top of this page with a revised date. For significant changes affecting your rights, we will provide 30 days' notice via email to active contacts.
Contact
For any privacy-related questions or data subject requests:
hello@sey.pro
Seypro · Victoria, Mahé, Seychelles
See also: Data Retention Policy · Terms of Service