This Privacy Policy explains how Сигма Ревеню ООД / Sigma Revenue OOD ("Sigma Revenue", "we", "us", "our") collects, uses, shares, and protects personal data when you:
- visit sigmarevenue.com (the "Website"),
- use app.sigmarevenue.com (the "Platform" or "Services"),
- contact us (for example, via email or contact forms).
We are committed to processing personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable Bulgarian data protection law.
1. Key points (summary)
- We mainly process business contact data and Platform user account data.
- Our Platform is designed to work with anonymized hotel booking and revenue metadata.
- We do not use analytics, advertising, or marketing cookies at this time.
- We aim to process and store data within the EU/EEA.
- We do not sell personal data.
This summary is provided for convenience only. The sections below contain the full legal details.
2. Who is the controller?
Controller (for the Website, sales/support communications, and Platform user accounts):
- Сигма Ревеню ООД / Sigma Revenue OOD
- Address: Bulgaria, Sofia 1505, Oborishte District, 18 Vasil Drumev Street
- VAT: BG208261221
- Email (privacy & support): support@sigmarevenue.com
If you are a hotel guest and your hotel uses Sigma Revenue, your hotel is typically the data controller for your guest data. See section 13 below.
3. What personal data we collect
A) Website visitors and business contacts
- Contact details you choose to provide (name, company, work email, phone number, job title)
- Message content when you contact us (emails, form submissions)
- Basic technical data (IP address, browser type, device information, pages visited, timestamps)
B) Platform users (authorized users)
- Account data (name, work email, role and permissions)
- Authentication data (password hash, security tokens - we do not store plaintext passwords)
- Security and audit logs (login events, IP address, actions relevant to security and troubleshooting)
- Support communications
C) Data processed through the Platform from hotel systems
The Platform is designed to use anonymized booking, pricing, and revenue metadata and does not require guest names, email addresses, phone numbers, or similar identifiers in normal operation.
If a customer configures an integration (for example, with a PMS) to send identifiable guest data despite this design, Sigma Revenue processes such data only to provide the Services and only on the customer's documented instructions, typically acting as a data processor.
4. Sources of personal data
We collect personal data:
- Directly from you (Website forms, emails, Platform usage)
- From your organization (when an administrator creates or manages your user account)
- From customer-configured integrations with third-party hotel systems
- Automatically from your browser or device when you access the Website or Platform
5. Purposes of processing and legal bases (GDPR)
We process personal data for the following purposes and legal bases:
Website and inquiries
- Responding to inquiries, scheduling demos, and communicating with you - Legal basis: steps prior to entering into a contract; legitimate interests
- Operating, maintaining, and securing the Website - Legal basis: legitimate interests
Platform users and Services
- Providing the Services (account creation, access control, customer support) - Legal basis: performance of a contract
- Ensuring security, preventing abuse, and troubleshooting - Legal basis: legitimate interests; legal obligations where applicable
Business administration and compliance
- Managing customer relationships, billing, accounting, and legal compliance - Legal basis: contract; legal obligation; legitimate interests
Where we rely on legitimate interests, we have assessed that these interests are not overridden by your fundamental rights and freedoms.
6. Cookies and similar technologies
The Website currently does not use analytics or marketing cookies.
The Platform may use strictly necessary cookies or similar local storage for authentication, session management, and security. These are essential for providing the Services and cannot be disabled.
If we introduce non-essential cookies (such as analytics or marketing cookies) in the future, we will update this Privacy Policy and, where required by law, request your consent via a cookie banner.
7. Sharing of personal data
We share personal data only when necessary and only with:
- Service providers assisting us in operating the Website or Platform (for example, infrastructure or hosting providers in the EU)
- Professional advisers (lawyers, accountants) where required
- Public authorities or regulators where legally required
- Parties involved in a corporate transaction (merger, acquisition, or asset sale), subject to appropriate safeguards
We do not sell personal data.
8. Location of processing and international transfers
Our systems are hosted in the EU/EEA, and we aim to keep personal data processed within this region.
If we ever transfer personal data outside the EU/EEA or the UK, we will implement appropriate safeguards, such as EU Standard Contractual Clauses, and any additional measures required by law.
9. Data retention
We retain personal data only for as long as necessary for the purposes described above:
- Sales leads and inquiries: up to 24 months from the last meaningful interaction, unless you request deletion earlier
- Platform user accounts and security/audit logs: for the duration of the customer relationship and up to 12 months after termination, unless a longer period is required by law or necessary to establish, exercise, or defend legal claims
- Customer data in the Platform: retained and deleted or returned in accordance with the customer contract and documented instructions, where technically feasible
10. Security measures
We implement appropriate technical and organizational measures to protect personal data, including access controls, role-based permissions, secure authentication, monitoring, and secure development practices.
While no system can be guaranteed to be 100% secure, we work continuously to reduce risk and respond promptly to incidents.
11. Your rights under GDPR
Depending on the circumstances, you may have the right to:
- Access your personal data
- Correct inaccurate or incomplete data
- Request deletion of your data
- Restrict or object to processing
- Request data portability (where applicable)
- Withdraw consent, where processing is based on consent
To exercise your rights, contact support@sigmarevenue.com.
We may request additional information to verify your identity before responding.
12. Automated decision-making
We do not engage in automated decision-making that produces legal or similarly significant effects on individuals within the meaning of Article 22 GDPR.
13. If you are a hotel guest
If you are a guest of a hotel that uses Sigma Revenue, the hotel is typically the data controller for your guest data. The Platform is intended to operate using anonymized booking metadata and generally does not require identifiable guest information.
To exercise your rights regarding guest data, please contact the hotel directly. We will assist the hotel as required where we act as a data processor.
14. Children
Our Website and Services are intended for business users and are not directed to children. We do not knowingly collect personal data from children.
15. Third-party links
The Website may contain links to third-party websites or services. Their privacy practices apply to their services, not ours, and we are not responsible for them.
16. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. The latest version will be published on sigmarevenue.com, and the effective date will be updated accordingly.