Privacy Policy

Serenyc is operated by Serenyc Limited, a company registered in Ireland under company number 797268, with its registered office at 6 Fern Road, Sandyford, Dublin D18 FP98, Ireland.

You may contact us at hello@serenyc.com.

For the purposes of the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the Irish Data Protection Act 2018, and where applicable the UK GDPR, Serenyc Limited is the Data Controller of your Personal Data when we decide the purposes and means of processing.

Our lead supervisory authority within the European Union is the Irish Data Protection Commission.

Our Services are intended for individuals aged 18 and over. We do not knowingly collect Personal Data from children. If you believe a child has provided us with Personal Data, please contact us and we will take appropriate steps to address the issue, including deletion where legally required.

This Privacy Policy applies when you visit our website, sign up for beta access, subscribe to our mailing list, communicate with us, participate in surveys or research, purchase or use our products, interact with connected devices (where applicable), or otherwise engage with our Services online or offline.

This Privacy Policy does not apply to third-party websites, apps, products, or services that may be linked from our Services. Those third parties have their own privacy policies and practices, and you should review them before providing information.

We collect Personal Data in three main ways.

• We collect Personal Data you provide directly to us when you complete forms, create an account, sign up for beta access, make a purchase, contact us, participate in surveys, or communicate with us.
• We collect Personal Data automatically when you use our Services, such as through cookies, pixels, device identifiers, and server logs, depending on your consent settings and the technologies we use.
• We may collect Personal Data from third parties where permitted, such as service providers who help us operate the Services, payment processors that confirm payment status, advertising partners (subject to your choices), logistics partners, or business partners involved in a co-branded or joint offering that you choose to engage with.

To operate Serenyc effectively and to support future product expansion, we may collect the following categories of Personal Data, depending on how you interact with the Services.

• We may collect identity and contact information, such as your name, email address, telephone number, postal address, country of residence, and preferred language.
• We may collect account and authentication information, such as account identifiers, login credentials, password hashes, authentication tokens, security settings, and account preferences, where accounts are offered. We do not intentionally collect or store plain-text passwords.
• We may collect beta signup and onboarding information, such as the fact that you joined a waitlist, your interest in specific features, preferred use-cases, household or environment preferences relevant to product fit, and information you provide in questionnaires or forms.
• We may collect communications and support information, such as the content of messages you send us, support tickets, call records where applicable, attachments, and diagnostic information you provide to help resolve issues.
• We may collect transaction and fulfillment information, such as purchase history, billing and shipping details, order identifiers, delivery status, returns, refunds, and customer service interactions related to an order. Payment card details are typically processed by third-party payment processors and are not stored by Serenyc, except where a processor provides us with limited tokenised information for billing management.
• We may collect technical and device information, such as IP address, device type, browser type, operating system, device identifiers, approximate location derived from IP address, session identifiers, time zone, language, crash reports, diagnostic logs, and performance metrics.
• We may collect usage and interaction information, such as pages viewed, navigation paths, session duration, clicks, referring pages, feature engagement, and interaction with communications, subject to cookie and analytics preferences.
• Where connected devices or IoT functionality are offered, we may collect connected device information, such as device identifiers, firmware version, device status, configuration settings, pairing information, connectivity status, usage frequency, and operational telemetry that is reasonably necessary to provide and maintain functionality, improve reliability, and support troubleshooting.
• Where relevant to product operation and user experience, we may collect environmental and preference information, such as user-selected settings, schedules, scent or mode preferences, room or deployment characteristics you provide, and other non-medical preference indicators that help the service operate as intended.
• We may collect marketing and preference information, such as communication preferences, consent records and timestamps, subscription status, campaign interactions, and opt-out history.
• We may collect security and fraud-prevention information, such as risk signals, abnormal login activity, indicators of automated abuse, and device or session information used to protect our Services and users.
• We may collect business-to-business contact information where you interact with us on behalf of an organisation, such as your name, work email, job title, organisation name, and business communications.
• We may collect legal and compliance information where necessary to meet legal obligations, enforce terms, respond to lawful requests, exercise or defend legal claims, or maintain appropriate records.

We do not intend to collect special category data (such as health data) through standard beta signups and ordinary use of the Services. If you choose to disclose special category data in free-text fields or communications, we may process it only where legally permitted and with appropriate safeguards, and we may take steps to minimise, redact, or delete such information where it is not necessary for the purpose for which it was provided.

We use Personal Data to operate and improve our Services. We use Personal Data to manage beta access, waitlists, onboarding, and research participation. We use Personal Data to provide customer support, troubleshoot issues, and respond to enquiries. We use Personal Data to communicate service-related notices, product updates, and administrative information. We use Personal Data to process transactions, deliver products, manage returns, and provide related support. We use Personal Data to personalise settings and improve the performance, reliability, and safety of our Services and connected devices where applicable. We use Personal Data for analytics and to understand how people use our Services, subject to your consent choices where required. We use Personal Data to maintain the security of our Services, detect and prevent fraud or abuse, and enforce our terms and policies. We use Personal Data to comply with applicable laws and regulations and to protect our rights and the rights of others.

Where the GDPR or UK GDPR applies, we process Personal Data under one or more lawful bases.

• We process some Personal Data because it is necessary for the performance of a contract with you or to take steps at your request before entering into a contract, such as providing an account, processing an order, or delivering requested services.
• We process some Personal Data because we have a legitimate interest in operating, improving, and securing our Services, conducting product research and development, and communicating with users, provided those interests are not overridden by your rights and freedoms.
• We process some Personal Data to comply with legal obligations, such as record-keeping, tax and accounting obligations, and responses to lawful requests.
• We process some Personal Data based on consent, such as for marketing communications where required, and for non-essential cookies and similar technologies. Where we rely on consent, you may withdraw it at any time, and we will cease that processing from the point of withdrawal, while retaining any processing that remains lawful on other bases or that is required by law.

If we ever process special category data, we will do so only when a valid Article 9 condition applies, such as explicit consent or another lawful basis permitted by applicable law, and with appropriate safeguards.

If we offer SMS or similar messaging and you opt in, we may send recurring automated marketing messages and service updates to the number you provide. Consent to receive marketing messages is not a condition of purchase. You may opt out at any time by using the unsubscribe mechanism described in the message or by contacting us. Message and data rates may apply depending on your carrier and plan. We may send you administrative or service-related messages that are necessary to provide the Services, and you may not be able to opt out of those messages where they are essential for service delivery, security, or legal compliance.

We use cookies and similar technologies such as pixels, SDKs, local storage, and server logs to operate our Services, understand usage, and improve performance. Some cookies are strictly necessary for the Services to function, and other cookies are used for analytics, personalisation, or advertising depending on your choices and the jurisdictions applicable to you.

Where required by law, non-essential cookies and similar technologies will be used only after you provide consent through our cookie banner or preference centre. You can change your cookie preferences at any time using our cookie settings tool where available, or through your browser settings, though some features may not work properly if you disable certain cookies.

We share Personal Data only as described in this Privacy Policy and only as necessary for business and operational purposes.

• We share Personal Data with service providers and processors that help us operate the Services, such as form providers, hosting providers, cloud infrastructure providers, analytics providers, customer support tools, email and communications platforms, payment processors, fraud prevention providers, and logistics partners. We require these providers to protect Personal Data and process it only on our instructions or as otherwise permitted by law.
• We may share Personal Data at your direction or with your consent, such as when you choose to connect with a third-party integration or participate in a co-branded or partner experience that clearly explains the sharing.
• We may share Personal Data with professional advisors such as lawyers, auditors, accountants, insurers, and consultants where necessary for legitimate business purposes.
• We may share Personal Data in connection with legal and compliance matters, such as responding to lawful requests, court orders, or regulatory inquiries, and to protect the rights, property, and safety of Serenyc, our users, and others.
• We may share Personal Data in connection with business transfers, such as a merger, acquisition, reorganisation, financing, sale of assets, or similar transaction, where Personal Data may be transferred as part of the business assets, subject to applicable law and appropriate confidentiality protections.

We may share anonymised or aggregated information that does not identify you for analytics, research, and business purposes.

Serenyc does not currently sell Personal Data in exchange for money.

Some privacy laws in certain jurisdictions define “sale” broadly to include sharing Personal Data for cross-context behavioural advertising or similar benefits. Where those laws apply, we will provide appropriate opt-out mechanisms and will honour legally valid requests.

If in the future we decide to sell Personal Data or share it in a way that is considered a “sale” under applicable law, we will do so only in compliance with applicable legal requirements, which may include providing notice and offering the ability to opt out, or obtaining consent where required.

You have the right to opt out of the sale of your Personal Data to third parties where such a right applies. You may exercise this right by contacting us using the information in the “How to Contact Us” section of this Privacy Policy.

Depending on where you live and the laws that apply, you may have rights regarding your Personal Data.

• If the GDPR or UK GDPR applies, you may have the right to request access to your Personal Data, the right to rectify inaccurate data, the right to request erasure, the right to restrict processing, the right to data portability, and the right to object to processing, including objection to direct marketing. Where we rely on consent, you have the right to withdraw consent at any time.
• If certain US state privacy laws apply to you, you may have rights to know the categories and specific pieces of Personal Data collected, to access and delete Personal Data, to correct certain inaccuracies, to obtain a portable copy of your data, and to opt out of sales, targeted advertising, and certain profiling.

To exercise your rights, you may contact us at hello@serenyc.com.

Serenyc is based in Ireland, and your Personal Data may be processed in Ireland, the European Economic Area, the United Kingdom, and other countries where our service providers operate.

When we transfer Personal Data outside the EEA or the UK, we use appropriate safeguards as required by law, such as adequacy decisions, standard contractual clauses, the UK Addendum, or other lawful transfer mechanisms, depending on the circumstances and the jurisdictions involved.

We take the security of Personal Data seriously and implement appropriate technical and organisational measures designed to protect Personal Data from unauthorised access, disclosure, alteration, or destruction. These measures may include access controls, encryption where appropriate, secure hosting environments, monitoring, and administrative policies.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security, but we work to continuously improve our safeguards.

We retain Personal Data only for as long as necessary to fulfil the purposes described in this Privacy Policy, including providing the Services, meeting legal and accounting obligations, resolving disputes, enforcing agreements, and maintaining security.

Retention periods vary depending on the nature of the data, the purpose of processing, and legal requirements. Where appropriate, we delete, anonymise, or de-identify data when it is no longer needed.

If you are located in the European Union, you have the right to lodge a complaint with your local supervisory authority, and in Ireland this is the Irish Data Protection Commission.

If you are located in the United Kingdom, you may also lodge a complaint with the UK Information Commissioner's Office.

We encourage you to contact us first so we can try to resolve your concern promptly.