privacy notice.
Astrea Technologies, S.A. de C.V. (operating brand AstreaBMS) — Monterrey, Nuevo León, Mexico — collects personal data only to respond to your commercial inquiries and to operate your service. We do not sell data. Compliant with Mexico's Federal Law on the Protection of Personal Data Held by Private Parties (LFPDPPP).
1 · Identity of the data controller
The party responsible for processing your personal data is Astrea Technologies, S.A. de C.V., with domicile in Monterrey, Nuevo León, Mexico. We operate under the brand AstreaBMS for engineering and BMS operation services, and under the product Vaultis for our operations SaaS.
2 · Personal data we collect
We collect the following data when you interact with our site:
- Contact data — name, email — when you fill out the contact form or write to us directly.
- Commercial context — your interest (service / Vaultis / not sure yet), your message — when you fill out the form.
- Technical data — IP address, user agent, date and time of the inquiry — collected automatically to prevent abuse and maintain operational records.
We do not collect: advertising tracking cookies, social media cookies, or third-party pixels. We also do not collect sensitive personal data (racial origin, health, political opinions, religion, sexual orientation, etc.).
3 · Purposes of processing
We use your personal data exclusively to:
- Respond to your commercial inquiry via email or call
- Maintain an internal log of inquiries for follow-up and service improvement
- If you hire us, deliver the agreed service (engineering, consulting, software development, or Vaultis subscription)
Secondary purposes (optional): none. We do not use your data for marketing, profiling, or share it with third parties for their own purposes.
4 · Data transfers
We do not sell or rent your personal data. We may transfer data only to:
- Cloud infrastructure providers (hosting, transactional email, CDN) — acting as data processors under our instructions, with no purpose of their own
- Competent authorities when a formal legal request exists
5 · ARCO rights + consent revocation
You may exercise at any time your rights of Access, Rectification, Cancellation, or Opposition (ARCO) over your personal data, or revoke your consent to its processing, by writing to:
We will respond to your request within 20 business days. There is no cost to exercise these rights.
6 · Data retention
We retain your data for as long as is necessary to fulfill the purpose for which it was collected — typically 24 months from your last contact, or the longer period required by tax / contractual obligations if you become a client.
7 · Security
We maintain reasonable technical and administrative measures to protect your personal data: encryption in transit (HTTPS), role-based internal access control, and periodic infrastructure reviews.
8 · Changes to this notice
We may update this privacy notice to reflect legal changes or operational practices. The current version will always be published on this page with the last-updated date shown at the top.
9 · Data protection authority
If you believe your right to personal data protection has been violated, you may contact the National Institute of Transparency, Access to Information and Personal Data Protection (INAI) at home.inai.org.mx.