Serena Labs
PlatformSolutionsCasesTechnologyInsightsAboutContactEspañol
Sign in

LEGAL

Privacy Policy.

Last updated:2026-05-12

This Privacy Policy describes how Serena Labs ("we," "us," "our") collects, uses, and shares information when you visit or interact with our website at serenalabs.io.

We comply with the EU General Data Protection Regulation (GDPR — Regulation 2016/679) and the Spanish Organic Law 3/2018 on the Protection of Personal Data and the Guarantee of Digital Rights (LOPDGDD).

1. Data Controller

The data controller for personal data collected through our Services is Serena Labs (legal entity name confirmed at registration). Address: Carrer de Sant Antoni Maria Claret, 167, Horta-Guinardó, 08025 Barcelona, Spain. Email: hello@serenalabs.io.

2. What Data We Collect

Information you provide: name, email, company, role, segment, country and message via contact form; email and language preference via newsletter; email and optional company/role via lab waitlist.

Information collected automatically: anonymized IP, browser type, OS, referring URL, pages visited, timestamps; cookies described in our Cookie Policy.

Information we do not collect: special categories of personal data (e.g., health, biometric) through this website. Data from children under 16.

3. Legal Basis (GDPR Art. 6)

  • Consent: marketing communications, analytics, newsletter, lab waitlist.
  • Contract performance: responding to contact form inquiries.
  • Legitimate interest: site security, fraud prevention, service improvement.

4. Retention

  • Contact submissions: 3 years from last interaction.
  • Newsletter subscribers: until unsubscribed.
  • Lab waitlist: until 6 months after Lab launches or upon request for deletion.
  • Analytics: anonymized per provider policy.

5. Sharing

Processors under written agreements: Supabase (data hosting, EU region), Vercel (web hosting, EU region), Resend (transactional email), PostHog (analytics, EU instance, only with consent). We do not sell or share data with advertisers.

6. International Transfers

Data processed and stored in the EU/EEA. Cross-border transfers protected by Standard Contractual Clauses.

7. Your Rights (GDPR Arts. 15-22)

Access, rectification, erasure ("right to be forgotten"), restriction, portability, objection, no automated decision-making, withdrawal of consent. Contact hello@serenalabs.io. Response within 30 days. Right to lodge a complaint with the AEPD (aepd.es).

8. Security

Encryption in transit (TLS) and at rest. Access controls and audit logging. Regular assessments. Data minimization.

9. Cookies

Detailed in our Cookie Policy.

10. Changes

We may update this Policy. Material changes posted on this page with updated "Last updated" date.

11. Contact

hello@serenalabs.io · Health Hub Barcelona, Carrer de Sant Antoni Maria Claret, 167, Horta-Guinardó, 08025 Barcelona, Spain.

Note: this is a template ready for review by qualified Spanish counsel before public launch.