1. Scope and controller
PHI SOLUTIONS SRL ("PHI Solutions", "we", "us", or "our") is a Romanian company that operates Sigmance as its brand and product. PHI Solutions controls the personal-data processing described in this policy. This policy covers the public website at sigmance.ai, its access-request form, and direct communications with us about access, partnerships, investment interest, research, or engineering work.
A separately contracted platform, software deployment, engineering engagement, research subscription, or investment relationship may be governed by additional privacy terms that identify the relevant legal entity and allocate controller and processor responsibilities. Those specific terms apply to that relationship if they conflict with this website policy.
Third-party websites and services linked from our site, including Substack and LinkedIn, apply their own privacy notices when you choose to visit them.
2. Personal data we collect
Information you provide
Depending on how you interact with us, you may provide:
- your name and email address;
- your organization or professional affiliation;
- the type of relationship you are interested in, such as platform access, a partnership, investing in the business, or discussing a capital mandate;
- an indicated stage, mandate, time horizon, or other information you choose to include in a message; and
- the contents and metadata of emails or other communications you send to us.
Technical and security data
Our hosting and security providers process ordinary network and request data needed to deliver and protect the website. This may include your IP address, request time, requested URL, browser and device information, referral information, and abuse-prevention signals. When you submit the access form, we retain the source IP address and first- and last-contact timestamps with the submission.
Please do not send passwords, brokerage credentials, payment-card details, special-category personal data, material non-public information, or other information that is not necessary for us to review and answer your request.
3. How we collect data
We collect personal data:
- directly from you, when you submit the access form, email us, or otherwise communicate with us;
- automatically from your device, through the website, hosting infrastructure, and security tooling; and
- from a person acting for your organization, if they include your business contact details in a legitimate inquiry.
We do not currently purchase consumer profiles or enrich access requests with data-broker records.
4. Purposes and legal bases
Under the EU General Data Protection Regulation (GDPR), we process personal data only where a legal basis applies. The relevant purposes and bases are:
- Operating and securing the website. We process technical and security data to deliver pages, prevent abuse, diagnose failures, and protect our systems. The basis is our legitimate interest in running a safe and reliable public website.
- Reviewing and responding to requests. We use your contact and inquiry details to answer you, assess fit, arrange a discussion, and take steps you request before a possible contract. The bases are pre-contractual steps and our legitimate interest in managing genuine business inquiries.
- Managing the access list and relationship. We retain a record of your request, avoid duplicate outreach, and send updates that are directly related to the relationship you asked us to explore. The basis is our legitimate interest in managing access and business relationships. We will rely on consent where the law requires it for optional direct marketing.
- Compliance and legal claims. We may preserve or disclose information to comply with law, respond to lawful requests, or establish, exercise, or defend legal claims. The bases are legal obligation and our legitimate interests in protecting our rights.
Providing required access-form fields is voluntary, but we cannot review or answer the request without a name and a way to contact you. Optional fields help us understand the request and may be left blank.
5. Automated decision-making
We do not use the public website or access form to make decisions based solely on automated processing that produce legal effects, or similarly significant effects, for you. Access and relationship requests are reviewed by people. Anti-abuse systems may automatically reject or challenge traffic that appears automated or malicious, but you can contact us if you believe a legitimate request was blocked.
8. International transfers
PHI SOLUTIONS SRL is based in Romania, but parts of our website and inquiry infrastructure are hosted in the United States, and some providers may process data in other countries outside the European Economic Area. Where GDPR transfer restrictions apply, the transfer mechanism depends on the provider and the relevant agreement. It may include an applicable adequacy decision, the European Commission's Standard Contractual Clauses together with supplementary safeguards where needed, or another mechanism permitted by Chapter V GDPR.
You may contact us for more information about the safeguards relevant to your data.
9. Data retention
We retain personal data only for as long as reasonably necessary for the purposes described above. Because access, partnership, investment, and engineering discussions have different timelines, we use criteria rather than one fixed period. Those criteria include whether your request or potential relationship remains active, whether follow-up is reasonably expected, security and recordkeeping needs, legal limitation periods, and any duty to retain information.
Access-form records are keyed to the email address supplied. A later submission updates the current inquiry details while preserving the first-contact timestamp. Where a deletion request is valid and no legal exception requires continued retention, copies may still remain for a limited period in protected backups or disaster-recovery systems and will not be used for unrelated purposes.
10. Security
We use technical and organizational measures designed to protect personal data, including encrypted transport, restricted infrastructure, private storage, input validation, anti-abuse controls, access controls, and recovery protections. No website, transmission, or storage system is completely secure, so we cannot guarantee absolute security.
11. Your data-protection rights
Subject to the conditions and exceptions in applicable law, you may have the right to:
- request access to and a copy of your personal data;
- correct inaccurate or incomplete data;
- request erasure or restriction of processing;
- object to processing based on legitimate interests, including direct marketing;
- receive data you provided in a portable format where applicable;
- withdraw consent at any time, without affecting processing already carried out lawfully; and
- lodge a complaint with a competent supervisory authority.
To exercise a right, email contact@sigmance.ai. We may ask for information needed to verify your identity and request. We will respond within the period required by applicable law.
In Romania, the supervisory authority is the National Supervisory Authority for Personal Data Processing (ANSPDCP). You can find its contact and complaint information at dataprotection.ro. You may also complain to the supervisory authority where you live or work, or where an alleged infringement occurred.
12. Children
The website and access process are intended for adults and professional or institutional audiences. They are not directed to children under 18, and we do not knowingly collect their personal data. If you believe a child has provided data to us, please contact us so we can investigate and delete it where appropriate.
13. Changes and contact
We may update this policy to reflect changes in our website, data practices, providers, or legal obligations. The revised version will be posted here with a new last-updated date. Where a change materially affects how we use data already collected, we will provide additional notice when required by law.
Questions or requests about this policy can be sent to contact@sigmance.ai. For general website inquiries, you can also use our contact page.