Privacy Policy

Last Updated: 9 April, 2026

1. Introduction

This Privacy Policy explains how Plytix S.L., Plytix.com Inc., and Plytix.com ApS (collectively "Plytix", "we", "us", or "our") collect, use, and protect your personal data. It applies to everyone who interacts with us, including visitors to our websites and subdomains, users of the Plytix platform and its associated tools and services, marketing contacts and leads, job applicants, partners, and anyone else who engages with us online or offline.

Plytix operates globally. Depending on your location, different data protection laws may apply to how we process your personal data.

We encourage you to read this policy in full. You should also review our Cookie Policy, Terms and Conditions, and Legal Notice, which together form our complete privacy and legal framework.

2. Who is the Data Controller?

Plytix S.L. is the primary data controller responsible for the processing described in this policy and serves as the main point of contact for all data protection matters. Plytix also operates through Plytix.com ApS and Plytix.com Inc., which may be involved in processing activities in connection with services provided in their respective jurisdictions.

Plytix has appointed an internal Data Protection Officer (DPO) to oversee compliance with applicable data protection laws. All entities apply the same data protection standards and you may direct any privacy-related request to the DPO at gdpr@plytix.com.

Plytix S.L. (The primary data controller) Address: Alameda Principal, 24, 2ª, 29005, Málaga, Spain
Tax ID (CIF): B93414043
Email: gdpr@plytix.com
Registration Data in the Commercial Registry: Volume: 5417, Book: 4324, Folio: 34, Section: 8, Registration Sheet: MA-129110, 4th Registration of the Commercial Registry of Malaga.
Plytix.com ApS Address: Gammeldam 39, 6430, Nordborg, Denmark
Tax ID: DK35858180
Email: gdpr@plytix.com
Plytix.com Inc. Address: 8 The Green, Suite B, Dover, Delaware, 19901, United States
Tax ID: 37-2054700
Email: gdpr@plytix.com

3. Why We Process Your Personal Data, What We Collect, and Our Legal Basis

The table below sets out all the purposes for which Plytix processes personal data, the categories of data involved, and the legal basis we rely on under GDPR and applicable laws. Where we rely on legitimate interest, you have the right to object at any time by contacting gdpr@plytix.com.

Some of the processing activities described below may involve international data transfers. For further details, please refer to the section on international data transfers in this Privacy Policy.

Purpose Categories of Personal Data Legal Basis
Providing access to the Plytix platform, onboarding, training, and ongoing account management Full name, work email, job title, credentials (hashed password, OAuth/SAML), role permissions, onboarding and training activity, support requests, communication history, and user activity logs, AI-generated transcripts where AI-assisted channels are used Performance of a contract (Article 6(1)(b) GDPR)
Service improvement and product development Usage data, interaction data, feature usage metrics, and service performance data Legitimate interest (Article 6(1)(f) GDPR) in improving and developing our services, subject to your right to object
Billing, contract management, and payment processing Billing contact name and details, payment metadata, invoice records, tax documentation containing personal identifiers, digital signature metadata including IP address, timestamp, device identifier, and contract lifecycle logs Performance of a contract (Article 6(1)(b) GDPR); Legal obligation (Article 6(1)(c) GDPR)
Handling demo requests, trial evaluations, and general inquiries Full name, work email address, job title, company name, phone number, form or communication content (including emails and chat messages), colleague referral information, AI-generated transcripts, and interaction logs where AI-assisted channels are used Performance of a contract (Article 6(1)(b) GDPR) – processing required to handle your demo request or trial evaluation
Legitimate interest (Article 6(1)(f) GDPR) – responding to inquiries and maintaining communication records, subject to your right to object
CRM, lead management, B2B segmentation, and marketing communications Names, work emails, job title, company, engagement data, lead status and source, enrichment data (inferred role, company size, industry), communication history, call/email transcripts, interaction metrics, LinkedIn Insight Tag, Google Ads/Meta IDs Legitimate interest (Article 6(1)(f) GDPR) for B2B outreach, opportunity tracking, and non‑intrusive company‑level segmentation, subject to the right to object; Consent (Article 6(1)(a) GDPR) for marketing communications where required under applicable ePrivacy laws.
Website visitor identification (B2B, company-level) IP address, company-level firmographic data inferred from IP resolution or similar technologies, date and time of visit, browser and device data Consent (Article 6(1)(a) GDPR) where cookies or similar tracking technologies are used to identify or track visitors.
Legitimate interest (Article 6(1)(f) GDPR) applies only where processing is limited to non-intrusive, company-level identification that does not involve tracking or profiling of individual users
Website and platform operations, security, and fraud prevention IP address, session data, device info, failed login IPs, device fingerprints, security event logs Legitimate interest (Article 6(1)(f) GDPR) for security, fraud prevention, platform stability, and non-intrusive analytics; Legal obligation (Article 6(1)(c) GDPR) for ensuring security and auditing
Web and product analytics Page interaction data, feature usage, heatmaps, scroll and click behaviour, session recordings (where enabled), device and browser data Consent (Article 6(1)(a) GDPR)
Recording, transcribing, and analysing meetings Full name, work email, audio and video recordings, transcripts, screen recordings where applicable, call metadata, meeting notes Legitimate interest (Article 6(1)(f) GDPR) – improving service quality and staff training, where participants can reasonably expect such processing and are appropriately informed
Consent (Article 6(1)(a) GDPR) – use of recordings and transcripts for promotional or external distribution
Profiling and personalised advertising Identification and contact info, professional data, engagement data, inferred interests, behavioural data collected via website interactions, communications, and third-party platforms (e.g., G2, LinkedIn, Meta); browsing behaviour through cookies and tracking technologies Consent (Article 6(1)(a) GDPR) for profiling and personalised advertising based on cookies, behavioural data, and interactions with third‑party platforms
Legitimate interest (Article 6(1)(f) GDPR) may apply to limited B2B segmentation within the CRM where it is based on professional context data only and does not involve tracking technologies or intrusive behavioural analysis, subject to your right to object
Partner and integration management Full name, work email, contact details, organisation name, role, partnership agreement copies, referral commission records, joint pipeline data Performance of a contract (Article 6(1)(b) GDPR)
Job applications and recruitment Name, contact details, CV, employment history, cover letter, interview notes, LinkedIn profile, right-to-work information, salary expectations, assessment results Performance of a contract / pre-contractual steps (Article 6(1)(b) GDPR); Consent for talent pool retention (Article 6(1)(a) GDPR); Legal obligation (Article 6(1)(c) GDPR).
Legal compliance, claims defence, and policy enforcement Logs, user IDs, communications, payment and contract metadata, access records Legal obligation (Article 6(1)(c) GDPR), including statutory retention and audit requirements; Legitimate interest in defending legal claims, enforcing policies, and preventing misuse (Article 6(1)(f) GDPR)

4. How We Collect Personal Data

Plytix collects personal data through various channels, depending on how you interact with us. The methods we use fall into the following categories.

4.1. Direct Interactions with You

You provide personal data directly when you fill out a demo request or contact form on our website, subscribe to marketing communications, register for events or content downloads, apply for a job (see our separate Candidate Privacy Notice for details), or contact our support, sales, or partner teams by email, phone, or chat. You also provide data when you use the Plytix platform to manage your account, submit support tickets, or participate in customer research activities.

4.2. Information Collected Automatically Through Your Use

As you navigate our website or use the Plytix platform, we automatically collect technical and usage data. This includes your IP address, device and browser characteristics, operating system, screen resolution, and interaction data such as pages visited, features used, session duration, and referring URLs. For platform users, we also log authentication events, API calls, and account‑related activity to maintain security and deliver the service.

4.3. Cookies and Similar Technologies

We use cookies, pixels, and similar technologies to enhance your experience, analyse website usage, and deliver relevant advertising. These technologies collect identifiers, browsing behaviour, referral sources, and interaction patterns. Where required by applicable law, we obtain your consent before placing non‑essential cookies. You can manage your preferences through our cookie banner and our Cookie Policy, which explains the types of cookies we use and how you can control them.

4.4. Third‑Party Platforms and Tools

We receive personal data from third‑party services that we integrate into our business operations. These include:

  • Cloud hosting and infrastructure providers that store and process data on our behalf.
  • CRM and marketing automation platforms that help us manage customer relationships and campaigns.
  • Analytics and product insight tools that help us understand how users interact with our website and platform.
  • Advertising and retargeting platforms that provide aggregated performance data and, where you have consented, enable personalised advertising.
  • Meeting and communication tools that provide call metadata, recordings, and transcripts when we interact with you.
  • Data enrichment and lead intelligence providers that supply professional contact details and business context to support B2B outreach.
  • Compliance, security, and operations tools that support legal compliance, security monitoring, and contract management.

Each of these third parties processes personal data under our instructions as data processors (or, in some cases, as independent controllers). We have data processing agreements in place with all relevant processors, and we rely on appropriate safeguards (such as Standard Contractual Clauses or the EU‑US Data Privacy Framework) for any international transfers.

A full list of our sub-processors, including the categories of services they provide, is available on request by contacting gdpr@plytix.com. We will provide the list without undue delay and keep it up to date.

Where we receive personal data about you from third-party sources rather than directly from you, we apply additional safeguards in accordance with Article 14 GDPR. This includes identifying the source of the data and providing you with the relevant information within the timeframes required by applicable law.

4.5. Publicly Available Sources

For business‑to‑business outreach, we may supplement our information with data from publicly available sources. This includes professional contact details, job titles, and company information found on corporate websites, business directories, professional social networks (such as LinkedIn), or software review platforms (such as G2 and Capterra). When we rely on such sources, we inform you about the source of the data within the timeframes required by applicable law and provide you with an opportunity to object to further processing.

4.6. Information from Partners, Customers, or Referrals

If you are referred to us by an existing customer or a business partner, we may receive your name, work email address, and other professional details from the referring party. In such cases, we rely on the referrer to have obtained your consent where necessary, and we will notify you about the referral when we first contact you.

4.7. Office Visits and Security Monitoring

When you visit our offices, we may collect personal data through visitor logs. This is done to ensure the safety of our premises, employees, and visitors. Visitor information is retained only for the period necessary to fulfil the security purpose for which it was collected, after which it is securely deleted.

5. How Long We Retain Your Personal Data

Plytix retains your personal data only for as long as necessary to fulfil the purposes for which it was collected. After that period, we securely delete or anonymise the data, unless we are required by law to keep it longer (for example, for tax, accounting, or litigation purposes). To determine the appropriate retention periods, we apply the following criteria:

  • Contractual and account data: Retained for the duration of the contractual relationship and for a period thereafter sufficient to address post-contractual obligations, legal claims, and disputes. This period is determined by the applicable statute of limitations under the law governing the contract.
  • Billing and tax records: Retained for the period required by applicable tax and accounting law in the relevant jurisdiction. This is determined by the statutory retention obligations of the country where the entity contracting with you is established.
  • Security and fraud prevention logs: Retained for a rolling period sufficient to detect, investigate, and respond to security incidents, after which they are deleted or anonymised. If a security incident or legal hold is active, relevant logs are retained for the duration of that investigation.
  • Analytics and cookie data: Retained in accordance with our Cookie Policy. Aggregated or anonymised analytics data may be retained for longer for statistical purposes, provided it can no longer be attributed to an individual.
  • Marketing and consent-based data: Retained until you withdraw your consent or object to processing, or until we determine that continued retention is no longer proportionate given the absence of active engagement. We review marketing contact lists periodically and suppress or delete inactive contacts.
  • Meeting recordings and transcripts: Retained for a limited period necessary for the purpose for which the recording was made (such as internal training, follow-up, or service delivery), after which they are deleted. Recordings are not retained indefinitely.
  • Talent pool: Retained for a maximum of two years from the date of your application or consent, unless you withdraw your consent earlier.
  • Legal compliance data: Retained for the period required by the applicable legal obligation. Once that obligation expires, the data is securely deleted or anonymised.

In all cases, when personal data is no longer needed for the purposes described, we either delete it or render it anonymous so that it can no longer be linked to you. Where deletion is not immediately possible (for example, in backup systems), we apply appropriate safeguards to ensure the data is not further processed until it can be permanently removed.

6. Who We Share Your Personal Data With

Plytix does not sell your personal data. We share your data only with the categories of recipients described below, and only when necessary for the purposes outlined in this policy.

6.1. Affiliates and Group Entities

We may share your data with Plytix S.L., Plytix.com ApS, and Plytix.com Inc., as well as any future subsidiaries, to manage customer relationships, provide support, and coordinate operations across the group. All entities are subject to the same data protection standards and are bound by this policy.

6.2. Service Providers and Sub‑processors

We engage third‑party companies to help us deliver our services, operate our business, and perform essential functions. These service providers act as data processors on our behalf and are contractually required to process your data only under our instructions and in compliance with applicable data protection laws. Categories of service providers include:

  • Cloud infrastructure and hosting (e.g., AWS, MongoDB, Redis)
  • Customer relationship management and marketing platforms (e.g., HubSpot, Intercom)
  • Analytics and product insight tools (e.g., Google Analytics, Mixpanel, Hotjar)
  • Sales and lead enrichment services (e.g., Clay, Warmly)
  • Advertising and retargeting platforms (e.g., Meta, LinkedIn, Google Ads)
  • Meeting, recording, and transcription tools (e.g., Fathom)
  • Payment processing and fraud detection (e.g., Stripe)
    • Security, compliance, and IT operations (e.g., Qalea.ai, Borlabs, OneFlow)
  • HR and recruitment platforms (e.g., Factorial, Oyster, ADP)

A complete list of our sub‑processors, including the categories of services they provide and the countries in which they operate, is maintained in our Sub‑processor List. This list is updated regularly and is available upon request by contacting gdpr@plytix.com. Where required under applicable contractual or legal obligations, we will notify customers of material changes to our sub‑processor list.

6.3. Business Partners and Resellers

When you interact with Plytix through a partner, reseller, or integration partner, we may share relevant information with that partner to manage the relationship, coordinate sales and support, and fulfill our contractual obligations. In such cases, the partner acts as either a joint controller or an independent controller, and their use of your data is governed by their own privacy policy.

6.4. Legal and Regulatory Authorities

We may disclose your personal data to courts, law enforcement, or other public authorities when required by law, such as to comply with a subpoena, legal process, or government request, or to protect our rights, property, or safety, or that of our customers or others.

6.5. Corporate Transactions

If Plytix is involved in a merger, acquisition, or asset sale, your personal data may be transferred as part of that transaction. We will notify you of any such change in ownership or control and ensure that the recipient agrees to handle your data in accordance with this policy.

6.6. With Your Consent

In certain circumstances, we may ask for your permission to share your data with third parties for purposes not covered in this policy. You may withdraw that consent at any time.

All third parties that process personal data on our behalf are bound by data processing agreements that include, where applicable, the European Commission’s Standard Contractual Clauses or other approved transfer mechanisms to ensure adequate protection for international transfers.

For more information on how we safeguard your data when it is transferred outside your country, please refer to the International Data Transfers section of this policy.

7. International Data Transfers

Plytix operates globally. To provide our services and run our business, we may transfer your personal data to countries outside your country of residence, including to countries that may not have the same level of data protection as your home jurisdiction.

Where required, we carry out transfer impact assessments to evaluate the level of protection in the recipient country and implement supplementary measures where necessary.

7.1. Transfers from the European Economic Area (EEA), United Kingdom, and Switzerland

When we transfer personal data from the EEA, UK, or Switzerland to a country that has not been recognised by the European Commission (or the relevant authority) as providing an adequate level of protection, we rely on one of the following safeguards:

  • EU‑US Data Privacy Framework (DPF): Some of our service providers are certified under the EU‑US DPF, the UK Extension to the DPF, or the Swiss‑US DPF, and we transfer data to them on that basis.
  • Standard Contractual Clauses (SCCs): For transfers to other third‑country recipients, we use the European Commission’s Standard Contractual Clauses (or, for the UK, the International Data Transfer Addendum). These clauses contractually oblige the recipient to protect your data to EU standards.
  • Derogations: In limited circumstances, we may transfer data without SCCs or DPF certification when necessary for the performance of a contract with you, for important reasons of public interest, or for the establishment, exercise, or defence of legal claims. Such transfers are the exception and are carried out only when no other lawful mechanism is available.

7.2. Countries where we commonly transfer data

We frequently transfer data to the United States, where many of our service providers are based. The European Commission has adopted an adequacy decision for the EU‑US Data Privacy Framework (10 July 2023), which provides a lawful basis for transfers to DPF‑certified entities. For transfers to other countries (e.g., Canada, Japan, New Zealand, United Kingdom), we rely either on adequacy decisions where available or on SCCs.

You may obtain a copy of the safeguards we use (including the SCCs) by contacting us at gdpr@plytix.com.

8. Automated Decision‑Making and Profiling

Where you have consented, Plytix may use profiling to tailor the content and advertising you see. Profiling means any form of automated processing of personal data used to evaluate certain personal aspects, such as your interests, preferences, or behaviour.

We create profiles for advertising and segmentation purposes. This helps us show you relevant ads, recommend content, and improve our services. Profiling is based on:

  • Identification and contact information (e.g., your name and work email)
  • Professional or employment data (e.g., job title, company)
  • Your interactions with our website, our advertisements, and third‑party platforms (e.g., G2, LinkedIn, Meta)
  • Your browsing behaviour, collected through cookies and similar technologies (where you have consented)

The information used for profiling comes from you (when you fill out forms, use our services, or accept cookies) and, in some cases, from third‑party platforms with which we have contracted, such as G2.com, Inc.

Where we use AI to assist in support or transcription, these tools are used to facilitate human interaction. AI tools only support humans in processing and analysing data; they do not make autonomous decisions that affect your rights, access, or services. Plytix does not use AI to make decisions that result in denial of service or other legal effects without human oversight.

We do not currently use your personal data to make decisions based solely on automated processing that produce legal effects or similarly significantly affect you. Should we ever introduce such processing, we will inform you in advance, provide meaningful information about the logic involved, and implement appropriate safeguards including the right to request human review.

You have the right to object to profiling at any time. If you object, we will stop processing your data for that purpose. To exercise your right, contact us at gdpr@plytix.com.

9. Your rights

Depending on your jurisdiction, you may have certain rights regarding your personal data. We are committed to responding to requests in a timely manner, typically within 30 days, and without undue delay. To exercise any of these rights, please contact us using the details provided at the end of this section.

9.1. Rights Under Applicable Data Protection Laws

  • Right of access: You may request confirmation of whether we process your personal data, and if so, obtain a copy along with information about the purposes, categories of data, recipients, retention period, and the existence of automated decision‑making (including profiling).
  • Right to rectification: You may ask us to correct inaccurate personal data or to complete incomplete data.
  • Right to erasure (right to be forgotten): You may request deletion of your personal data when it is no longer necessary for the purposes for which it was collected, when you withdraw consent, when you object to processing based on legitimate interests, or when processing is unlawful. This right is not absolute and may not apply where we have a legal obligation to retain the data.
  • Right to restriction of processing: You may ask us to limit processing while we verify the accuracy of your data, when processing is unlawful but you oppose erasure, or when you need the data for legal claims after the purpose has ended.
  • Right to data portability: You may request to receive your personal data in a structured, commonly used, machine‑readable format and to have it transmitted to another controller where processing is based on consent or contract and carried out by automated means.
  • Right to object: You may object at any time to processing based on our legitimate interests (including profiling) or for direct marketing purposes. If you object, we will stop processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
  • Right to withdraw consent: Where processing is based on your consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.
  • Right to lodge a complaint: You have the right to lodge a complaint with the supervisory authority in your country of residence or place of work. The lead supervisory authority for Plytix is the Spanish Data Protection Agency (Agencia Española de Protección de Datos, AEPD), reachable at www.aepd.es. If you are located in another jurisdiction, you may contact your local data protection authority. A list of EU/EEA supervisory authorities is available at https://www.edpb.europa.eu. The UK supervisory authority is the Information Commissioner's Office (ICO) at www.ico.org.uk. The Swiss supervisory authority is the Federal Data Protection and Information Commissioner (FDPIC) at www.edoeb.admin.ch.

9.2. Rights Under the California Privacy Rights Act (CPRA)

Plytix does not sell your personal information as defined under the CPRA. If you are a California resident, you have the following rights under the CPRA:

  • Right to know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the sources of that information, the purposes for collection, and the categories of third parties with whom we share it.
  • Right to delete: You may request deletion of your personal information, subject to certain exceptions (e.g., to complete transactions, detect security incidents, or comply with legal obligations).
  • Right to correct: You may request correction of inaccurate personal information.
  • Right to opt out of sharing for cross-context behavioural advertising: We share your personal information with advertising partners for purposes that may be considered "cross-context behavioural advertising." You have the right to opt out of such sharing. To do so, you may update your cookie preferences using our cookie preference centre, accessible via the cookie settings link in the footer of our website, or contact us directly at gdpr@plytix.com. We will process your request within 15 business days.
  • Right to limit use of sensitive personal information: We do not use sensitive personal information (as defined by the CPRA) for purposes other than those permitted by law. If that changes, we will provide you with the right to limit such use.
  • Right to non‑discrimination: We will not discriminate against you for exercising your rights.

9.3. How to Exercise Your Rights

To exercise any of the rights described above, please contact us using one of the following methods:

  • Email: gdpr@plytix.com
  • Post: Plytix S.L., Alameda Principal, 24, 2nd Floor, 29005 Málaga, Spain

To help us verify your identity, please provide sufficient information (such as your name, email address, and the nature of your request). If we have reasonable doubts about your identity, we may ask for additional information. If you use an authorised agent to make a request, we may require written proof of authorisation.

We aim to respond to all verifiable requests within 30 days. If we need more time, we will inform you of the extension.

10. Personal Data of Minors

The Plytix website and all associated services are intended for adult users, individuals aged 18 or older (or the minimum age required under applicable law). We do not knowingly collect personal information from minors. If we discover that we have inadvertently collected personal data from a minor, we will delete it immediately. If you are a parent or legal guardian and believe that a minor has provided us with personal information, please contact us at gdpr@plytix.com.

11. Use of Cookies & Third‑Party Links and Services

We use cookies and similar tracking technologies to enhance your experience, analyse usage, and deliver relevant advertising. For detailed information about the cookies we use, how we use them, and how you can manage your preferences, please refer to our Cookie Policy.

Our website and platform may contain links to third‑party websites, plugins, or applications. Clicking those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third‑party sites and are not responsible for their privacy practices. When you leave our website, we encourage you to read the privacy policy of every site you visit.

12. Disclaimer of Liability

Plytix takes reasonable steps to ensure the accuracy of the personal data we hold. However, the accuracy of data you provide to us directly depends on the information you submit. If you become aware that your data is inaccurate or outdated, we encourage you to contact us to request correction.

We also assume no responsibility for the incorrect, inappropriate, or unlawful use of information by users of our website or platform, nor for the content of third‑party sites accessible through links provided on our website. We encourage you to review the privacy policies of any third‑party sites you visit.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or other operational reasons. When we make material changes, we will revise the “Last Updated” date at the top of this page. Where required by applicable law, we will provide additional notice, such as by posting a prominent notice on our website, sending you an email, or seeking your explicit consent if necessary.

We encourage you to review this Privacy Policy regularly to stay informed about how we process your personal data and how you can exercise your rights.

14. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

Email: gdpr@plytix.com
Post: Plytix S.L., Alameda Principal, 24, 2nd Floor, 29005 Málaga, Spain

Explore Plytix on your terms.
Pick your next step.

Discovery call

Ask your questions, talk through your needs, and see in 20 minutes if Plytix feels like the right fit.
Book now

Book a demo

Explore the platform and focus on the features that matter most to you in a tailored 45-minute walkthrough.
Book now