Your data.
Our absolute commitment.

Our AI agents operate under strict data protection principles: • Strict isolation: each client's data is processed in dedicated, isolated environments. No data is shared between clients. • Zero third-party training: your data is never used to train third-party models or improve external services. • Full traceability: every agent action is logged with timestamp, identifier, and result. Audit trail available on request. • Data minimization: only data strictly necessary for task execution is processed. • Encryption: all data in transit (TLS 1.3) and at rest (AES-256) is encrypted.

We collect the following data through our contact form: • Full name (required) • Professional email address (required) • Phone number (optional) • Company name (optional) • Project description (required) Legal basis: legitimate interest (responding to your inquiries) and explicit consent. Retention period: 3 years from last contact.

Staros Cyber Ops guarantees the security of your data through: • AES-256 encryption for all data at rest • TLS 1.3 for all data in transit • Zero-trust architecture with multi-factor authentication • Hosting exclusively on European infrastructure (EU) • Regular penetration testing by independent auditors • 24/7 monitoring with real-time anomaly detection • Incident response procedure < 4 hours No client data is stored on servers outside the EU.

Staros Cyber Ops complies with the following regulations: • GDPR (General Data Protection Regulation) — EU 2016/679 • EU AI Act — Regulation (EU) 2024/1689 on Artificial Intelligence • NIS2 Directive — Security of network and information systems • ISO 27001 — Information security management (certification in progress) • CCPA — California Consumer Privacy Act (for US-based clients) Our AI agents are classified as "limited risk" under the EU AI Act.

Under GDPR and applicable laws, you have the following rights: • Right of access: obtain a copy of your data (deadline: 30 days) • Right of rectification: correct inaccurate data (deadline: 30 days) • Right to erasure: delete your data ("right to be forgotten") (deadline: 30 days) • Right to data portability: receive your data in a structured format • Right to object: object to the processing of your data • Right to restriction: restrict processing in certain cases To exercise your rights: [email protected]

We work with the following sub-processors, all subject to GDPR-compliant DPAs: • Hosting: European cloud infrastructure (EU) • LLM models: providers with EU standard contractual clauses • Contact form: Web3Forms (data processed under GDPR) No data transfer outside the EU without appropriate safeguards (Standard Contractual Clauses or adequacy decisions).

We use only essential cookies necessary for the website to function. No tracking or advertising cookies are used. Analytics: anonymous usage statistics only, hosted on EU infrastructure. No third-party advertising cookies.

For any questions regarding data protection: Email: [email protected] Phone: +33 7 83 68 02 78 Supervisory authority (France): CNIL — Commission Nationale de l'Informatique et des Libertés www.cnil.fr — 3 Place de Fontenoy, 75007 Paris, France