Privacy Policy

This Privacy Policy applies to the website rhombix.co and the RhombiX Commercial Operating System (the “Service”), operated by RHOMBIX CO (“RhombiX”, “we”, “us”), with registered address at N. Lansdorpstraat 33, Amsterdam, The Netherlands. For any privacy enquiry contact us at hello@rhombix.co.

RhombiX acts as data controller for personal data submitted through the public website (e.g. demo requests). When the Service is used by a customer organisation, RhombiX acts as data processor on behalf of that customer under a separate Data Processing Agreement (DPA).

• Contact & demo requests: name, work email, company, role, country, preferred contact channel, your message and any business challenge you describe.
• Technical data: IP address, browser, device and basic server logs kept for security and abuse prevention.
• Cookies & analytics: strictly necessary cookies needed to operate the site, plus — only if you accept on the consent banner — Google Analytics 4 (measurement ID G-SZYW1VWNJM) with IP anonymisation enabled, to understand aggregate site usage. We do not use advertising cookies. You can change your choice at any time by clearing this site's cookies.

• To reply to your request and arrange a demo — legitimate interest / pre-contractual steps (Art. 6(1)(b) & (f) GDPR).
• To send service-related communications about RhombiX — legitimate interest.
• To secure the site, prevent fraud and comply with legal obligations — legal obligation / legitimate interest.

We do not sell your personal data and we do not use it for automated decision-making.

We share data only with vetted service providers acting on our instructions:

• Cloud hosting & database — for site and application infrastructure.
• Email delivery (ZeptoMail / Zoho) — to send and receive contact emails.
• Customer communication tools — to follow up on your request.

Some providers may process data outside the EEA. Where this happens, we rely on Standard Contractual Clauses or an adequacy decision to ensure an equivalent level of protection.

Demo & contact enquiries are retained for up to 24 months from last contact, then deleted or anonymised. Server & security logs are kept for up to 12 months. Customer data processed via the Service is retained per the customer’s contract.

Under the GDPR you have the right to access, rectify, erase, restrict or object to the processing of your personal data, and the right to data portability. To exercise any of these rights, email hello@rhombix.co. You also have the right to lodge a complaint with your national supervisory authority — for the Netherlands this is the Autoriteit Persoonsgegevens.

We apply technical and organisational measures appropriate to the risk: encryption in transit (TLS), least-privilege access, audit logging and regular review of our processors.

We may update this policy as the Service evolves. The “Last updated” date at the top reflects the latest version. Material changes will be highlighted on this page.