Privacy Policy
Last updated: March 2026. This policy describes how RIDING BYTES GmbH (“we”, “us”) processes personal data in connection with the SENAITE Cloud website and hosting service, in accordance with the EU General Data Protection Regulation (GDPR).
1. Controller
RIDING BYTES GmbH
Würzburger Straße 81
90766 Fürth, Germany
Tel.: +49 911 974 930 90
E-mail:
rb@ridingbytes.com
2. Personal Data We Process
2.1 Website visitors
When you visit senaitecloud.com, our server logs record your IP address, browser type, referrer URL, and the time of the request. This data is required to deliver the website and is retained for up to 14 days for security purposes. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in securing and operating the website).
2.2 Waitlist registration (Brevo)
If you sign up for the waitlist, your e-mail address is transmitted to Brevo (formerly Sendinblue) and stored there for the purpose of sending you status updates about the service launch. Brevo is based in France and processes data in the EU. You can unsubscribe at any time using the link in any e-mail we send. Legal basis: Art. 6(1)(a) GDPR (consent).
2.3 Customer account and billing
For active subscriptions we process the following data:
| Data | Purpose | Legal basis | Retention |
|---|---|---|---|
| Name, company, address | Invoicing, contract fulfillment | Art. 6(1)(b) GDPR | 10 years (German tax law) |
| E-mail address | Service notifications, support | Art. 6(1)(b) GDPR | Duration of contract + 3 years |
| Payment data (card token) | Payment processing via Stripe | Art. 6(1)(b) GDPR | Managed by Stripe (see their policy) |
3. Data Processed Within Your SENAITE Instance
All data stored in your SENAITE instance (laboratory samples, analysis results, patient data, user accounts) is under your control. We act as a data processor in accordance with GDPR Article 28 for this data. Processing takes place solely on the infrastructure we provide on your behalf and for the purposes defined in the Data Processing Agreement (DPA).
We do not access the content of your SENAITE instance except for technical support when explicitly authorized by you, or where required by law.
4. Sub-processors
We engage the following sub-processors:
| Sub-processor | Purpose | Location |
|---|---|---|
| Hetzner Online GmbH | Infrastructure (VPS, storage) | Germany / Finland (EU) |
| Stripe, Inc. | Payment processing | USA (SCCs in place) |
| Brevo (Sendinblue SAS) | Waitlist and transactional e-mail | France (EU) |
5. Data Transfers Outside the EU
Payment data processed by Stripe involves a transfer to the USA. This transfer is protected by Standard Contractual Clauses (SCCs) approved by the European Commission.
6. Your Rights
Under the GDPR you have the following rights regarding your personal data:
- Right of access (Art. 15 GDPR) — you may request a copy of the data we hold about you.
- Right to rectification (Art. 16 GDPR) — you may request correction of inaccurate data.
- Right to erasure (Art. 17 GDPR) — you may request deletion of your data where no legal retention obligation applies.
- Right to restriction of processing (Art. 18 GDPR).
- Right to data portability (Art. 20 GDPR).
- Right to object (Art. 21 GDPR) against processing based on legitimate interest.
- Right to withdraw consent at any time (Art. 7(3) GDPR), without affecting the lawfulness of processing prior to withdrawal.
To exercise your rights, contact us at info@ridingbytes.com. You also have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence.
7. Cookies and Tracking
The senaitecloud.com landing page does not set any tracking cookies and does not use analytics scripts. The Brevo subscription form loads scripts from Brevo's CDN solely for form validation and submission.
8. Security
All data in transit is protected by TLS. Customer SENAITE instances run in isolated Docker containers. Backups are encrypted at rest. Access to production infrastructure is restricted to authorized RIDING BYTES personnel.