Last updated: 23/07/2025
This Privacy Policy ("Policy") describes how Abstract Machines ("Absmach", "we", "our", or "us") collects, uses, shares, and protects information from users ("you", "your") of our websites, products, and services. By using our services, you consent to the collection and use of your information as described in this Policy.
This Policy applies to all platforms, services, and products operated or maintained by Abstract Machines, including our software platforms (e.g., Magistrala, SuperMQ, Propeller) and associated hardware or documentation. It applies whether the services are accessed via browser, mobile application, API, or embedded integrations.
This Policy governs all data collected through Abstract Machines-operated digital properties, including our websites, SaaS platforms, APIs, cloud services, embedded firmware, and any other technologies made available under the Absmach brand. It applies to all users, customers, and visitors regardless of geographic location, unless explicitly stated otherwise by local legal obligations. Where required, separate regional or contractual terms may supplement this Policy.
The processing of personal data is based on various legal grounds, including the performance of a contract (Art. 6(1)(b) GDPR), compliance with legal obligations (Art. 6(1)(c)), and legitimate interests pursued by Abstract Machines (Art. 6(1)(f)). Where consent is required, we process personal data in accordance with Art. 6(1)(a) GDPR.
We collect the following types of information:
Abstract Machines acts as the Data Controller for the processing of personal data as described in this Policy. We do not use automated decision-making or profiling for marketing purposes without explicit consent. Where data is used for research, it is aggregated and anonymized to prevent identification of individuals or organizations.
We use collected information for the following purposes:
We do not sell your personal information. We may share information with third parties in the following situations:
Where third parties act as data processors (subcontractors), we ensure adequate data processing agreements (DPAs) are in place. Data may be shared across Abstract Machines’ affiliated entities to fulfill service obligations. We retain audit rights over any vendor processing personal data on our behalf to ensure compliance with applicable privacy standards.
We retain personal data only as long as necessary to fulfill the purposes outlined in this Policy, including legal, security, and business continuity requirements. Device telemetry and platform metadata may be retained longer in anonymized or aggregated form for research and operational analytics.
Retention periods vary depending on the nature of the data and legal requirements. For example, billing-related data may be retained for up to 10 years under financial regulations, while support-related logs may be retained for 12 months. Where contractual retention or deletion terms exist, we honor them accordingly.
Depending on your location, you may have certain rights under applicable data protection laws, including:
To exercise your rights, please submit a written request to privacy@abstractmachines.fr. We may request additional information to verify your identity. Requests will be processed within 30 days, unless legally extended due to complexity. We will not discriminate against users who exercise their data rights.
Our servers and infrastructure may be located in the European Union and other jurisdictions. Where data is transferred across borders, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.
International transfers are safeguarded using Standard Contractual Clauses approved by the European Commission or by relying on adequacy decisions for certain countries. For transfers to the U.S. or other jurisdictions without adequacy, supplemental technical and contractual measures are applied.
We may also use data centers in the European Union to ensure compliance with GDPR and other applicable privacy regulations. If you are located outside the EU, please be aware that your data may be transferred to, stored, and processed in the EU or other countries where we operate. By using our services, you consent to such transfers. If you do not agree with this arrangement, please do not use our services.
Abstract Machines implements administrative, technical, and physical safeguards to protect your data. This includes encryption, access controls, network segmentation, and continuous monitoring. While no system is 100% secure, we adhere to industry best practices and respond promptly to security incidents.
Security measures include TLS encryption, role-based access control, DDoS mitigation, vulnerability scanning, and multi-factor authentication. In the event of a confirmed breach, we will notify affected parties and regulators in accordance with applicable breach notification laws, including within 72 hours under the GDPR if required.
We also conduct regular security audits and penetration testing to identify and mitigate potential vulnerabilities. Our employees and contractors are trained on data protection and security best practices. We maintain an incident response plan to address any potential data breaches or security incidents.
Our services are not directed at children under the age of 16, and we do not knowingly collect personal data from minors. If we discover such data has been collected, we will delete it promptly.
If we become aware that personal data has been submitted by a person under 16 without parental consent, we will take immediate steps to delete the data and terminate the account where applicable. Our services are not marketed or designed for individuals under the age of 16.
We may update this Privacy Policy from time to time to reflect operational, legal, or regulatory changes. We will notify users of material changes via our website or direct communication channels. Continued use of our services after such notice constitutes acceptance of the revised policy.
This Privacy Policy may be amended from time to time. All changes will be posted with a revised "Last Updated" date at the top of this document. Major updates may be communicated via email or within the platform UI.
We encourage you to periodically review this Policy to stay informed about how we are protecting your information. If you do not agree with the changes, you may choose to stop using our services or request deletion of your data as described in Section 6.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data handling practices, please contact us at:
Mailing Address: Abstract Machines, 141 Quai de Valmy, 75010 Paris, France
Data Protection Officer (DPO): Please direct GDPR or regulatory inquiries to: privacy@abstractmachines.fr
We use "cookies" and similar technologies on our websites and web applications to enhance functionality, improve performance, and better understand how users interact with our services. A cookie is a small text file that is sent to your browser and stored on your device when you visit a website or use an application. These files allow us to recognize your device during subsequent visits—even if we do not know your identity.
We may use the following types of cookies:
Most browsers are configured to accept cookies by default, but you may modify your settings to block or delete cookies at any time. Please note that disabling cookies may affect your experience and limit access to certain features (e.g., login sessions, form persistence, etc.).
By continuing to use our websites and applications, or by subscribing to our communications (such as newsletters), you consent to the use of cookies and related tracking technologies. If you do not wish to accept cookies, you are responsible for configuring your browser accordingly.
We use Google Analytics, a web analytics service provided by Google LLC (U.S.), to analyze usage trends and improve our services. Google Analytics sets cookies to collect anonymized information such as pages visited, browser type, time spent on pages, and referring domains. We do not transmit personally identifiable information to Google.
Google may process this data on servers outside your jurisdiction and may associate it with activity on other websites. For more details, please refer to Google’s own Privacy Policy. You can opt out of Google Analytics by installing the Google Analytics Opt-Out Browser Add-on.
Aside from Google Analytics, Abstract Machines does not currently use behavioral tracking or recording services like Hotjar or FullStory. If we integrate additional analytics or third-party tools in the future, this Policy will be updated accordingly with full transparency.
You can manage, block, or delete cookies at any time via your browser settings. Refer to your browser’s help section for instructions. Below are links to common browsers' cookie management guides:
If you disable cookies, some features of our services may not function as intended. By using Abstract Machines' websites and services, you accept this Cookie Policy and our broader Privacy Policy.