Phantom Lab is the data controller for personal data collected through our websites and services. We collect only what is needed to operate and secure Phantom Lab. We use personal data to provide and improve the service, we do not sell personal data.
Our legal bases include contract (to provide the service), legitimate interests (for security, fraud prevention, and service improvement balanced against your rights), legal obligations, and consent (for optional communications).
Special-category data is processed under appropriate GDPR conditions and safeguards. We may share data outside of our organization (e.g. with government bodies and law enforcement agencies) only when required by law. We retain personal data only as long as necessary for the purposes described and protect it with technical and organisational security measures.
You have GDPR rights to access, rectify, erase, restrict, and port your data, and to object to processing or withdraw consent at any time without affecting prior lawful processing.
You can exercise these rights or raise questions by emailing hello@phantomlab.ai. You also have the right to lodge a complaint with your local supervisory authority. We may update this notice to reflect changes to our practices; material changes will be communicated appropriately.