Volver al inicio

Privacy Policy

Última actualización: 19 June 2026

This Privacy Policy explains how Keystone Consulting ("Keystone", "we", "us", "our") collects, uses, stores, and protects personal data when you visit our website or use the applications and services we operate, including any product that you sign in to using a Keystone account or a third-party identity provider such as Google or Microsoft.

We are committed to handling personal data lawfully, transparently, and in accordance with the EU General Data Protection Regulation (GDPR) and applicable Portuguese data protection law. By using our website or services you agree to the practices described here.

1. Who we are

Keystone Consulting is a technology leadership consultancy based in Portugal. For the purposes of the GDPR, Keystone is the data controller for the personal data described in this policy.

If you have any questions about this policy or how your data is handled, contact us at hello@keystoneconsulting.tech.

2. Data we collect

Contact data you provide directly: when you email us or reach out through the website, we receive your name, email address, and the contents of your message.

Authentication data: when you sign in to one of our applications using Google or Microsoft, the identity provider shares a limited profile with us — typically your name, email address, a stable account identifier, and (where available) your profile picture. We request only the minimum scopes needed to authenticate you (openid, profile, email). We do not request access to your contacts, files, calendar, or other Google or Microsoft user data.

Account and usage data: when you use an application, we store the records needed to operate it — your organisation membership, role, preferences, and audit information such as sign-in events and changes you make.

Technical data: our servers and hosting provider automatically log standard technical information such as IP address, browser type, and request timestamps for security and reliability purposes.

3. How we use your data

To authenticate you and provide secure access to our applications and services.

To operate, maintain, and improve our services, and to respond to your enquiries.

To keep our services secure — detecting, investigating, and preventing fraud, abuse, and unauthorised access.

To comply with our legal obligations.

We rely on the following legal bases under the GDPR: performance of a contract (providing the service you signed in to), our legitimate interests (security, service improvement, and responding to enquiries), your consent (where required, e.g. non-essential cookies), and compliance with legal obligations.

4. How Google and Microsoft user data is used

Information obtained from Google or Microsoft sign-in is used solely to authenticate you and to create and manage your account within the application you are accessing. We do not use it for advertising. We do not sell it. We do not share it with third parties except the infrastructure providers that host the service on our behalf, and only as needed to deliver the service to you.

Keystone's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

5. Sharing and disclosure

We do not sell personal data. We share it only with: (a) service providers who process data on our behalf under contract, such as cloud hosting (Microsoft Azure) and email delivery; (b) identity providers (Google, Microsoft) strictly to perform authentication you initiate; and (c) authorities where we are legally required to do so.

All processors are bound by appropriate data protection terms and may only process data on our documented instructions.

6. International transfers

Our services are hosted within the European Union. Where any processing involves transfers outside the European Economic Area, we ensure appropriate safeguards are in place, such as the European Commission's Standard Contractual Clauses.

7. Data retention

We keep personal data only for as long as necessary to provide the service and to meet our legal, accounting, and security obligations. Account data is retained while your account is active; when an account is closed, associated personal data is deleted or anonymised within a reasonable period, except where we are required to retain it by law.

8. Your rights

Under the GDPR you have the right to access, rectify, erase, restrict, and object to the processing of your personal data, and the right to data portability. Where processing is based on consent, you may withdraw that consent at any time.

To exercise any of these rights, contact us at hello@keystoneconsulting.tech. You also have the right to lodge a complaint with your local supervisory authority — in Portugal, the Comissão Nacional de Proteção de Dados (CNPD).

9. Cookies

Our website uses strictly necessary cookies required for it to function, and, only with your consent, a limited set of analytics or preference cookies. You can manage non-essential cookies through the consent controls presented on the site and through your browser settings.

10. Security

We apply appropriate technical and organisational measures to protect personal data, including encryption in transit, encrypted storage of credentials and tokens, access controls, and audit logging. No method of transmission or storage is completely secure, but we work continuously to protect your data.

11. Children

Our services are intended for business use and are not directed at children under 16. We do not knowingly collect personal data from children.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the "last updated" date above and, where changes are material, take reasonable steps to notify you.

13. Contact

For any privacy question or request, contact us at hello@keystoneconsulting.tech.