Privacy Notice

This Privacy Notice (Aviso de Privacidad Integral) describes how Blackgem Labs ("Blackgem", "we", "us") collects, uses, discloses, and safeguards personal data in accordance with Mexico's Ley Federal de Protección de Datos Personales en Posesión de los Particulares (LFPDPPP), its Regulations, and applicable international standards.

1. Data controller

Blackgem Labs acts as the data controller (responsable) for the personal data described below. Contact: blackgem@blackgem.net.

2. Personal data we collect

• Identification & contact: full name, business email, company, job title, country, phone (only if you provide it).
• Professional context: information you share about your organization, security posture, or engagement scope when contacting us or during an engagement.
• Technical data: IP address, device and browser data, pages visited, referrer, and approximate location derived from IP.
• Account data (if applicable): credentials and role for the admin area, managed via our authentication provider.

We do not knowingly collect sensitive personal data and request that you not share it.

3. Purposes of processing

Primary purposes (necessary for the relationship):

• Respond to inquiries and provide advisory services.
• Negotiate, execute, and perform contracts, including invoicing and tax compliance.
• Deliver, secure, and support our services and the website.
• Comply with legal, regulatory, and contractual obligations.

Secondary purposes (you may opt out without affecting the primary relationship):

• Send relevant insights, research, and event invitations.
• Anonymous analytics to improve our content and website.

4. Legal basis

Processing is based on contract performance, your consent (where required, including for secondary purposes and non-essential cookies), our legitimate interest in operating and securing Blackgem Labs, and compliance with legal obligations.

5. Sharing & transfers

We share personal data only with trusted processors who help us operate our business (cloud hosting, email, analytics, authentication, payment processing) under written confidentiality and data-protection terms. We may disclose data when required by a competent authority or to protect our rights. Some processors are located outside Mexico; in those cases we rely on the exceptions in Articles 36 and 37 of the LFPDPPP and apply appropriate safeguards.

6. ARCO rights

You may exercise your rights of Access, Rectification, Cancellation, and Opposition, as well as revoke your consent or limit the use or disclosure of your data, by writing to blackgem@blackgem.net with: (i) your name and contact details, (ii) proof of identity, (iii) a clear description of the right being exercised, and (iv) any element that facilitates locating the data. We will respond within the legal terms set by the LFPDPPP.

7. Retention

We retain personal data only for as long as needed to fulfill the purposes above and to meet legal, tax, accounting, and security obligations, after which it is deleted or anonymized.

8. Security

We apply administrative, technical, and physical safeguards consistent with our practice as a cybersecurity advisory firm, including least-privilege access, encryption in transit, audit logging, and secure development practices.

9. Cookies

Our website uses cookies and similar technologies. See our Cookie Policy for details and to manage your preferences.

10. Changes to this notice

We may update this notice. Material changes will be communicated through the website or by email when appropriate. The "Last updated" date above reflects the latest revision.