Privacy Policy
Last updated: 2026-01-06
Introduction
LETO SPACE GmbH ("we", "us", or "our") operates the Spacegraph platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform. For privacy-related inquiries, contact us at privacy@leto.space.
Data We Collect
We collect information that you provide directly to us, including: registration information (name, email, password), profile data (company, job title, industry), device and browser information (IP address, operating system, browser type), usage data (pages visited, clicks, timestamps), payment information (processed via third-party payment providers), communications and support inquiries, and cookies and tracking technologies data.
Purpose of Collection
We use your information to: provide and manage our services and your account, facilitate connections between users and Solution Providers, operate and improve the platform, provide customer support, send marketing communications (with your consent or opt-out option), process payments, comply with legal obligations, and enforce our rights under these terms.
Third-Party Sharing
We do not sell your personal data. We may share your information with: service providers who assist in operating our platform (hosting, email, analytics, payment processors), Solution Providers upon your request when you initiate a connection, aggregated or anonymized data with institutional partners, legal authorities when required by law, and parties in business transfer scenarios (merger, acquisition).
International Data Transfers
Your data may be transferred to and processed in countries outside your country of residence. When we transfer data outside the European Economic Area (EEA), we use Standard Contractual Clauses (SCCs) approved by the European Commission. We also rely on adequacy decisions where applicable. We ensure all transfers comply with applicable data protection laws.
Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected. Active accounts: data retained while account is active. Deleted accounts: data removed within 30 days (backups may persist briefly). Transaction records: retained per tax requirements (e.g., 7 years in Austria). Analytics data: typically 14 months in identifiable form. Marketing opt-outs: retained indefinitely to prevent re-contact.
Your Rights (GDPR)
Under the General Data Protection Regulation (GDPR), you have the following rights: Right to Access - obtain confirmation of processing and a copy of your data; Right to Rectification - correct inaccurate or incomplete data; Right to Erasure - request deletion of your data ("right to be forgotten"); Right to Restriction - limit how we process your data; Right to Data Portability - receive your data in a structured, machine-readable format; Right to Object - object to processing based on legitimate interests or for direct marketing. You may also withdraw consent at any time and lodge complaints with your supervisory authority. Requests are processed within 45 days (extendable by 45 additional days for complex requests). To exercise these rights, contact us at privacy@leto.space.
California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA): Right to Know - what personal information we collect, use, and share; Right to Delete - request deletion of your personal information; Right to Correct - correct inaccurate personal information. We do not sell or share your personal information for cross-context behavioral advertising. Opt-out is available via our privacy settings. Sensitive personal data is handled only for service provision. We require verification for all requests. Responses are provided within 45 days of receiving a verifiable request.
Additional Jurisdiction Notices
United Kingdom: UK GDPR applies; the UK Information Commissioner's Office is the supervisory authority. European Economic Area (EEA): GDPR applies; contact your local Data Protection Authority for complaints. Australia: The Australian Privacy Principles under the Privacy Act 1988 apply. Brazil: The Lei Geral de Proteção de Dados (LGPD) applies; you have rights similar to GDPR. Canada: The Personal Information Protection and Electronic Documents Act (PIPEDA) may apply to your data.
Security Measures
We implement appropriate technical and organizational security measures to protect your data, including: encryption in transit using HTTPS/TLS; access controls limiting data access to authorized personnel; firewalls and network security monitoring; regular security assessments; staff training on data protection. Our third-party providers maintain relevant certifications including ISO 27001, SOC 2, and PCI DSS where applicable.
Children and Sensitive Data
Spacegraph is not directed at individuals under 16 years of age. We do not knowingly collect personal information from children. We do not intentionally collect special categories of personal data (health, religion, political opinions, etc.) unless specifically provided by you for platform purposes.
Contact Us
For privacy-related inquiries, please contact our Data Protection team at privacy@leto.space. You may also contact us by mail at LETO SPACE GmbH, Stremayrgasse 16, 8010 Graz, Austria.
Policy Updates
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date. Material changes will be communicated via email or prominent notice on our platform.