Siora

Analyze Field
Login

Privacy Policy

Privacy Policy for Siora Ltd

Effective Date: August 31, 2025 Last Updated: August 31, 2025

1. Who We Are

Siora Ltd (“we,” “us,” or “our”) is the data controller responsible for your personal data. Our details are:

  • Name: Siora Ltd
  • UIC / EIK: 208201167
  • Registered Office: 57 Primorski Blvd., Varna, 9000, Bulgaria
  • Data Protection Contact Email: [email protected]

This Privacy Policy explains how we collect, use, and protect your personal data when you use our website siora.ai (the “Site”) and our services.

2. Data We Collect

We collect the following types of personal data:

  • Identity & Contact Data: Your full name, email address, and company details (if applicable).
  • Billing Data: Your billing address and transaction details. Note: Full payment card details are processed directly by Stripe and are not held by us.
  • Technical Data: IP address, browser type, device information, and website usage data collected via cookies.
  • Service Data: The geographical coordinates or area information you provide for the analysis.

3. How and Why We Use Your Data (Legal Basis)

We only use your personal data when the law allows us to. The legal bases for our processing are:

  • Performance of a Contract: To provide you with the soil analysis service you purchased, process your payment, and communicate with you about your order.
  • Legal Obligation: To comply with our legal duties, such as issuing compliant invoices and fiscal receipts, and maintaining accounting records as required by Bulgarian tax and accountancy laws.
  • Legitimate Interests: To improve our services, prevent fraud, and ensure the security of our Site, provided our interests do not override your rights.
  • Consent: For sending marketing communications, if you have explicitly opted-in to receive them.

4. Data Sharing and Third Parties

We do not sell your personal data. We may share it with the following trusted third-party service providers (data processors):

  • Payment Processor: Stripe, Inc. (USA) to process your payments securely.
  • Fiscalization Service: TakeaNap.bg (Bulgaria) to issue legally required fiscal receipts.
  • Hosting Provider: Google Cloud (EU-based servers) to host our website and data.
  • Analytics Provider: Google Analytics to help us understand website traffic.
  • Email Provider: Google Workspaces to send transactional emails.

5. International Data Transfers

Your data may be transferred outside of the European Economic Area (EEA). Our payment processor, Stripe, and analytics/email provider, Google, are based in the United States. We ensure such transfers are lawful and your data is protected by relying on a valid data transfer mechanism, such as the EU’s Standard Contractual Clauses (SCCs).

6. Data Retention

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. By Bulgarian law, we are required to keep accounting documents (like invoices) for a period of 10 years.

7. Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Right of Access: To request a copy of the data we hold about you.
  • Right to Rectification: To correct any inaccurate or incomplete data.
  • Right to Erasure (“Right to be Forgotten”): To request the deletion of your data, where it is no longer necessary for the purposes for which it was collected.
  • Right to Restrict Processing: To request the limitation of our data processing.
  • Right to Data Portability: To receive your data in a structured, machine-readable format.
  • Right to Object: To object to processing based on our legitimate interests.

To exercise these rights, please contact us at [email protected].

8. Supervisory Authority

You have the right to lodge a complaint with the relevant supervisory authority. In Bulgaria, this is the Commission for Personal Data Protection (CPDP / Комисия за защита на личните данни).

Website: www.cpdp.bg