Regulus

CRA Scope
Join Now

Privacy Policy

Last updated: 15 January 2026

This Privacy Policy explains how Regulus Cybersecurity S.L. (“Regulus”, “we”, “us”, “our”) collects, uses, and protects your personal data when you visit https://goregulus.com (the “Website”), download resources, subscribe to our communications, or join our early access program for Cyber Resilience Act (CRA) compliance tools.

If you have any questions about this Privacy Policy, please contact us at privacy@goregulus.com.

  1. Data Controller

The data controller responsible for processing your personal data is:

Regulus Cybersecurity S.L.
Carrer de l’Exemple 123
08010 Barcelona, Spain
Email: privacy@goregulus.com

  1. What Personal Data We Collect

We may collect the following categories of personal data:

2.1 Data you provide directly

  • Identification data: name, surname, job title.
  • Contact data: business email address, company name, country.
  • Communication data: content of messages you send us via forms or email.
  • Marketing preferences: your choices regarding newsletters and early access communications.

2.2 Data collected automatically
When you visit our Website, we may automatically collect:

  • Usage data: pages visited, time spent on each page, clicks, referring URLs.
  • Device and technical data: IP address, browser type and version, operating system, language settings.
  • Cookie data: information collected through cookies and similar technologies (see our Cookie Policy for details).

2.3 Data from third parties
We may receive limited analytics or marketing information from:

  • Analytics providers (e.g. aggregated web traffic data).
  • Email and marketing tools (e.g. open and click rates for campaigns).
  1. Purposes and Legal Bases for Processing

We process your personal data for the following purposes and on the following legal bases under the GDPR:

3.1 To operate the Website and provide content

  • Purpose: to display the Website, deliver technical content and ensure performance and security.
  • Data: usage data, device data, cookie data (strictly necessary cookies).
  • Legal basis: legitimate interest (Article 6(1)(f) GDPR) in operating a secure and functional Website.

3.2 To send you requested resources (e.g. CRA Checklist)

  • Purpose: to send you the CRA Readiness Checklist or other materials you request.
  • Data: identification data, contact data.
  • Legal basis: performance of a contract or pre-contractual measures (Article 6(1)(b) GDPR).

3.3 To manage our early access program

  • Purpose: to register you for early access to Regulus CRA tools, send onboarding information, product updates and relevant communications.
  • Data: identification data, contact data, company information, communication data.
  • Legal basis: performance of a contract or pre-contractual measures (Article 6(1)(b) GDPR), and legitimate interest (Article 6(1)(f) GDPR) in managing early access to our product.

3.4 To send you newsletters and regulatory updates

  • Purpose: to send you emails about CRA, EU cybersecurity regulation and our services.
  • Data: contact data, marketing preferences, basic engagement metrics.
  • Legal basis: consent (Article 6(1)(a) GDPR), where required; legitimate interest (Article 6(1)(f) GDPR) for existing business contacts, in accordance with applicable laws.
  • You can unsubscribe at any time via the link in each email.

3.5 To improve our content, Website and services

  • Purpose: to analyse how our content is used, improve user experience, and prioritise new CRA content and features.
  • Data: usage data, device data, aggregated analytics.
  • Legal basis: legitimate interest (Article 6(1)(f) GDPR) in improving our services.

3.6 To comply with legal obligations and defend our rights

  • Purpose: to comply with applicable laws, respond to requests from authorities and exercise or defend legal claims.
  • Data: any relevant category of personal data.
  • Legal basis: legal obligation (Article 6(1)(c) GDPR) and legitimate interest (Article 6(1)(f) GDPR).
  1. How Long We Keep Your Data

We retain personal data only for as long as necessary for the purposes described above, or as required by law. Indicatively:

  • Contact and early access data: as long as you remain engaged with our communications or our early access program, and for a limited period afterwards for record-keeping and legal purposes.
  • Newsletter data: until you unsubscribe or your email bounces permanently.
  • Technical logs: for a limited retention period necessary for security, troubleshooting, and analytics.
    When data is no longer required, we will delete or anonymise it.
  1. Who We Share Your Data With

We do not sell your personal data. We may share your data with:

  • Service providers and processors:
    For example, website hosting, email infrastructure, analytics tools, form tools and CRM systems. These providers act under our instructions and are bound by data processing agreements.
  • Professional advisers:
    Such as legal, compliance or accounting advisers, when necessary.
  • Public authorities:
    When required by law or to protect our rights or the rights of third parties.

Where service providers are located outside the European Economic Area (EEA), we implement appropriate safeguards (such as Standard Contractual Clauses) to protect your data in accordance with GDPR requirements.

  1. International Data Transfers

Some of our service providers may be based outside the EEA. When this involves a transfer of personal data, we ensure an adequate level of protection by:

  • Relying on adequacy decisions of the European Commission, where applicable, or
  • Implementing Standard Contractual Clauses or equivalent safeguards.

You can contact us at privacy@goregulus.com for more information about international transfers and the safeguards in place.

  1. Your Rights Under GDPR

Subject to the conditions and limitations set out in the GDPR, you have the following rights:

  • Right of access: to obtain confirmation whether we process your data and access that data.
  • Right to rectification: to correct inaccurate or incomplete personal data.
  • Right to erasure: to request deletion of your personal data where there is no legal ground for us to retain it.
  • Right to restriction of processing: in certain circumstances.
  • Right to data portability: to receive your data in a structured, commonly used and machine-readable format and transmit it to another controller where technically feasible.
  • Right to object:
    • to processing based on our legitimate interests, on grounds relating to your particular situation,
    • to direct marketing, at any time.

Where processing is based on your consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

To exercise your rights, please contact us at privacy@goregulus.com. You may be asked to provide information to verify your identity.

  1. Right to Lodge a Complaint

If you believe that your data protection rights have been violated, you have the right to lodge a complaint with your local supervisory authority. For Spain, this is:

Agencia Española de Protección de Datos (AEPD)
www.aepd.es

  1. Security Measures

We take appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, disclosure or destruction. While no system is completely secure, we continuously review and improve our security controls in line with industry practices.

  1. Links to Other Websites

Our Website may contain links to third-party websites, resources or services. We are not responsible for the privacy practices or content of such third parties. We recommend you review their privacy policies before providing any personal data.

  1. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in law, our practices or our services. The “Last updated” date at the top of this page indicates the latest revision. We encourage you to review this page periodically.

If changes are material, we may provide additional notice, for example by email or through the Website.

  1. Contact

For any questions or requests regarding this Privacy Policy or your personal data, you can contact us at:

Regulus Cybersecurity S.L.
Carrer de l’Exemple 123
08010 Barcelona, Spain
Email: privacy@goregulus.com

Regulus Logo
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.