Privacy Policy

Last updated: 6 June 2026 · Dekimu Labs S.L. · CIF B55431357

Our approach

Dekimu Hub collects the least amount of data needed to run the service. No tracking, no advertising cookies, no profiling, no data sold or shared for marketing.

What we collect

Business profile fields (name, sector, currency), preferences, and cross-app aggregation reads.

Cookies

One authentication cookie (dekimuhub_access). No tracking cookies.

Data processing

We process your data as described in our Data Processing Agreement (DPA), available at dekimu.com/dpa. The DPA sets out sub-processor commitments, retention periods, and the legal bases for each processing activity.

Sub-processors

  • Upstash, Inc.Redis database (application and identity data storage). United States — EU SCCs in place.
  • Vercel, Inc.Application hosting and serverless compute. United States — EU SCCs in place.
  • Resend, Inc.Transactional email delivery. United States — EU SCCs in place.
  • Anthropic, PBCAI language model API (used by AI-assisted Hub features such as site copy generation and smart replies). United States — EU SCCs in place.

Cryptographic receipts

If you use features that issue anchored receipts (APR, ACR, or any other Anchored Receipts protocol-family member), we process salted cryptographic commitments derived from identifiers and event metadata. Commitments are designed to be resistant to direct re-identification but remain personal data under GDPR Article 4. We process them on the legal basis of legitimate interest (Article 6(1)(f)) in providing tamper-evident audit trails, with the retention period stated above. Anchored daily roots are non-retroactive by design: an erasure request received after a receipt has been anchored is honoured by ceasing to serve the receipt body, but the historical signature record cannot be withdrawn from the anchored root. This is disclosed before any receipt is minted.

Your rights (GDPR)

Under the GDPR you have the following rights regarding your personal data:

  • Right of access (Art. 15) — obtain a copy of the data we hold about you.
  • Right to rectification (Art. 16) — correct inaccurate or incomplete data.
  • Right to erasure (Art. 17) — request deletion of your data.
  • Right to data portability (Art. 20) — receive your data in a machine-readable format.
  • Right to restriction of processing (Art. 18) — limit how we use your data.
  • Right to object (Art. 21) — object to processing based on legitimate interest.

To exercise any of these rights, use the Contact options in Dekimu ID at id.dekimu.com. You may also lodge a complaint with a supervisory authority, including the Agencia Española de Protección de Datos (AEPD).

Contact

Dekimu Labs S.L. (CIF B55431357) · legal@dekimu.com. For privacy-related requests, use the Contact options available in Dekimu ID at id.dekimu.com.

Governing law

This policy is governed by the laws of Spain. You may lodge a complaint with the Agencia Española de Protección de Datos (AEPD) or the supervisory authority of your habitual residence.