Skip to content
← Home Legal

Privacy & GDPR notice

Last updated: April 2026

Skygena s.r.o. ("Skygena", "we", "our") is committed to protecting your personal data. This Privacy Notice explains how we collect, use, store and protect your data when you visit skygena.com, interact with Skyra (our AI concierge), or contact us.

1. Data controller

Skygena s.r.o., registered in the Czech Republic. For any question about your personal data or to exercise your rights, write to [email protected].

2. What we collect

  • Contact form data: name, work email, company, role, areas of interest, free-text message. Collected only when you submit the contact form.
  • Direct correspondence: the content of emails you send us at [email protected] or similar.
  • Skyra chatbot conversations: the messages you type into Skyra and its responses. We use a third-party LLM provider (Anthropic) to generate Skyra's replies; your conversations are transmitted to Anthropic for that purpose under their terms.
  • Operational logs: server logs containing IP address, user agent and request path, kept for security and to investigate abuse. Retained for 30 days.
  • Analytics (optional, consent-based): anonymised usage statistics, only if you have accepted analytics cookies.
  • Cookies: see our Cookie Policy for details.

3. Why we process your data (legal bases)

  • To answer your enquiry — Art. 6(1)(b) GDPR (pre-contractual steps) and Art. 6(1)(f) (legitimate interest).
  • To operate Skyra — Art. 6(1)(f), with the content of the conversation provided by you on a voluntary basis.
  • To keep the site secure and operational — Art. 6(1)(f), based on our legitimate interest in running a secure service.
  • To run analytics — Art. 6(1)(a), consent only, and only when you accept analytics cookies.
  • To comply with the law — Art. 6(1)(c) where applicable.

4. How long we keep it

  • Contact form submissions and direct correspondence: up to 24 months, then deleted or anonymised.
  • Skyra conversations: kept up to 30 days for abuse investigation, then deleted.
  • Server logs: 30 days.
  • Analytics (if accepted): up to 13 months.

5. Who we share it with

We do not sell personal data. We share personal data only with processors necessary to operate our service, under a Data Processing Agreement:

  • Our hosting provider (Hetzner, EU-based).
  • Our email relay (SMTP provider, EU-based).
  • Anthropic (LLM provider) for Skyra replies. Data may be processed outside the EEA under Anthropic's applicable safeguards. You can avoid this processing by not using Skyra.

6. International transfers

Where data is transferred outside the EEA (e.g. to the LLM provider behind Skyra), we rely on Standard Contractual Clauses and additional safeguards as appropriate.

7. Your rights

Under GDPR, you have the right to:

  • access your personal data;
  • request correction of inaccurate data;
  • request erasure ("right to be forgotten");
  • request restriction of processing;
  • data portability;
  • object to processing based on legitimate interest;
  • withdraw consent at any time;
  • lodge a complaint with your supervisory authority (for example, the Czech Office for Personal Data Protection — Úřad pro ochranu osobních údajů).

To exercise any of these rights, email [email protected]. We respond within one month.

8. Security

We apply industry-standard security controls: TLS for all traffic, encryption at rest for stored data, least-privilege access, audit logging and regular review. No system is perfectly secure. If you believe you have found a vulnerability, please write to [email protected].

9. Children

Our services are intended for business users. We do not knowingly collect personal data of anyone under 16.

10. Changes to this notice

We may update this notice. The "Last updated" date above reflects the current version. Material changes will be highlighted on the homepage.