Privacy Notice
Effective Date: October 21, 2025
Version: 1.1
Operator: Labrys Troposyne Systems (under incorporation in Estonia)
Platform: Automation Blueprints Marketplace (“ABM”, “we”, “us”, “our”)
Website: https://abmlib.dev
1. Introduction
Automation Blueprints Marketplace (“ABM”) is committed to protecting personal data pursuant to applicable data-protection laws, including the General Data Protection Regulation (“GDPR”). This notice explains how ABM collects, processes, shares, and safeguards personal data when you use our website or services. It supplements any information provided at the point of data collection and is intended to be read in conjunction therewith. This website is not directed to children, and ABM does not knowingly collect personal data relating to minors.
2. Data Controller
Pursuant to GDPR Article 4(7), Automation Blueprints Marketplace is the data controller responsible for the processing of your personal data. For any privacy-related inquiries or to exercise your legal rights, you may contact us via email at support@abmlib.dev. Notwithstanding your right to lodge a complaint with a supervisory authority, ABM requests that you contact us first to address your concerns directly.
3. Categories of Personal Data Collected
ABM collects, processes, and may retain personal data insofar as it is necessary, appropriate, and proportionate for the provision, operation, maintenance, and improvement of our services, as well as for the protection of our legitimate business interests, including security, fraud prevention, and compliance with legal obligations. Personal-data categories include:
Identifiers and Account Data: Your name, email address, and unique user ID, which enables ABM to authenticate users, manage accounts, and communicate service-related information. Where you choose to authenticate via Single Sign-On (SSO), ABM receives authentication credentials from third-party identity providers, including Google LLC (Gmail), Microsoft Corporation (LinkedIn), or GitHub, Inc., comprising email addresses, profile names, unique identifiers assigned by the provider, and, where authorized, profile photographs and basic account information shared through the OAuth authorization flow.
User-Generated Content and Behavioral Data: Reviews, ratings, blueprint ownership, favorites, and import activity, which ABM processes to provide, display, and enhance services, monitor usage patterns, and detect misuse or breaches of our terms of service.
Technical and Usage Data: Information collected automatically through cookies, web beacons, or similar technologies, including device and browser information, IP addresses, authentication tokens, session identifiers, and usage metrics, for analytics, service functionality, security monitoring, and service improvement purposes.
ABM does not intentionally process special categories of personal data or information relating to criminal convictions, except insofar as required by law or regulatory obligations. ABM shall not be held responsible for any personal data, including sensitive information, that users voluntarily provide beyond what is strictly necessary for the services. Users are encouraged to exercise discretion when submitting data.
4. Methods of Data Collection
Personal data is collected through the following methods:
Direct Interactions: You provide personal data when you register for an account, submit content, provide reviews, select favorites, or import data into the platform.
Third-Party Authentication Services (Single Sign-On): Users may choose to register or authenticate using their Google (Gmail), LinkedIn, or GitHub accounts. When using SSO, ABM receives authentication credentials and profile information from these identity providers in accordance with the permissions granted by you through the respective OAuth authorization flow. The specific data shared depends on the provider and the permissions you authorize, but typically includes your email address, name, and a unique identifier. You will be presented with a consent screen by the identity provider detailing what information will be shared with ABM before authentication is completed.
Automated Technologies: Cookies, web beacons, authentication tokens, and similar tools are used to facilitate service functionality, maintain authenticated sessions, conduct analytics, monitor usage, and improve the performance and security of the platform.
5. Purposes of Processing and Legal Bases
ABM processes personal data pursuant to GDPR Articles 6(1)(b), 6(1)(c), and 6(1)(f). Principal purposes and the corresponding legal bases are summarised below:
| Purpose | Data Processed | Legal Basis |
|---|---|---|
| Registering a user account | Name, email | Performance of a contract |
| Authentication via third-party SSO providers | Email, name, profile identifier, authentication tokens from Google/LinkedIn/GitHub | Performance of a contract; legitimate interests |
| Submitting, owning, or managing blueprints | User ID, blueprint ownership | Performance of a contract; legitimate interests |
| Leaving reviews or ratings | Review content, review ID, rating | Performance of a contract; legitimate interests |
| Tracking and displaying favourites | Favourite selections | Performance of a contract; legitimate interests |
| Managing import activity | Import user ID | Performance of a contract; legitimate interests |
| Communicating updates or support | Performance of a contract; legal obligation | |
| Platform analytics, service improvement, misuse detection | Technical, usage, and behavioural data | Legitimate interests; legal obligation |
| Compliance with legal obligations | All relevant data | Legal obligation |
6. Disclosure of Personal Data
ABM may disclose personal data to third parties insofar as necessary for the operation and maintenance of the platform, subject to the following:
- Service Providers: ABM may disclose personal data to service providers assisting with platform functionality, infrastructure, and administration, provided that such entities process personal data lawfully, pursuant to written agreements, and with appropriate technical and organizational security measures.
- Third-Party Authentication Providers: When users choose to authenticate via Single Sign-On, ABM receives personal data from third-party identity providers, specifically Google LLC, Microsoft Corporation (LinkedIn), and GitHub, Inc. These providers act as independent data controllers for the authentication process and the data they collect in that capacity. The data shared with ABM through SSO is limited to the information necessary for authentication and account creation, as authorized by you through the OAuth consent screen presented by the identity provider.
Users who select SSO authentication should review the privacy policies of these respective providers:
- Google Privacy Policy: https://policies.google.com/privacy
- LinkedIn Privacy Policy: https://www.linkedin.com/legal/privacy-policy
- GitHub Privacy Policy: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement
Personal data may be disclosed where required by applicable law, regulation, court order, or legal proceedings, or to enforce ABM's terms of service and protect the rights, property, or safety of ABM, its users, or others.
Personal data may be disclosed in connection with corporate transactions such as mergers, acquisitions, restructuring, or sale of assets, insofar as necessary for the execution of the transaction and subject to appropriate confidentiality obligations.
Personal data shall not be disclosed for third-party marketing purposes without your explicit consent.
7. International Data Transfers
In circumstances whereby personal data is transferred outside your jurisdiction, ABM shall implement appropriate safeguards pursuant to the GDPR, thereby ensuring a level of protection substantially equivalent to that afforded within the European Economic Area. Such transfers shall occur only insofar as the destination country has been deemed adequate by the European Commission, the transfer is subject to EU Standard Contractual Clauses together with any necessary supplementary measures, or other safeguards under Article 46(2) GDPR are in place.
When users authenticate via Single Sign-On using Google, LinkedIn, or GitHub, personal data may be transferred to and processed by these providers in jurisdictions outside the EEA, including the United States. These providers implement the following safeguards:
- Google LLC participates in the EU-U.S. Data Privacy Framework and relies on Standard Contractual Clauses for international transfers to jurisdictions without adequacy decisions. Google's data transfer mechanisms are detailed in their privacy policy and data processing terms.
- Microsoft Corporation (LinkedIn) participates in the EU-U.S. Data Privacy Framework and has implemented appropriate safeguards including Standard Contractual Clauses for data transfers. Microsoft's data transfer commitments are set forth in their privacy statement and data protection addendum.
- GitHub, Inc. (a Microsoft subsidiary) adheres to the EU-U.S. Data Privacy Framework Principles and relies on Standard Contractual Clauses for data transfers to jurisdictions without adequacy decisions. GitHub's approach to international transfers is described in their privacy statement.
Users authenticating through SSO should be aware that their authentication data will be subject to the data transfer mechanisms and safeguards implemented by the respective identity provider. ABM does not control the processing activities of these independent controllers but has selected providers that demonstrate compliance with applicable data protection requirements.
Transfers may occur without standard safeguards only under the limited conditions of Article 49 GDPR, including where you have provided explicit consent, the transfer is necessary for contractual purposes, for important public interest, for the establishment, exercise, or defence of legal claims, to protect vital interests, or where permitted from a public register. Where no other legal basis exists, a transfer may take place only if it is occasional, concerns a limited number of data subjects, is necessary for compelling legitimate interests of ABM not overridden by your rights, and is accompanied by the safeguards prescribed under Article 49 GDPR.
8. Data Security
ABM has implemented technical and organisational measures to protect personal data against unauthorised access, accidental loss, alteration, or unlawful disclosure. Access is restricted to personnel with a legitimate need and managed in accordance with ABM security policies.
9. Data Retention
Personal data is retained only as long as necessary for the purposes described or as required by law, taking into account data sensitivity, quantity, and applicable legal obligations.
10. Your Legal Rights
Pursuant to GDPR, you have the right to access, correct, or request the erasure of your personal data; to object to or request restriction of processing; to request portability of your personal data; to withdraw consent where processing is consent-based; and to lodge a complaint with your supervisory authority. To exercise these rights, please contact support@abmlib.dev to exercise these rights.
Where you have authenticated using a third-party SSO provider (Google, LinkedIn, or GitHub), certain data processing relating to the authentication mechanism itself is governed by that provider's privacy policy. These providers act as independent data controllers for authentication data they collect. To exercise rights related to data held by these identity providers in their capacity as controllers of the authentication process, you should contact them directly through their respective privacy contact mechanisms. ABM can assist you in understanding which personal data is controlled by ABM versus the SSO provider and will respond to rights requests concerning data under ABM's control.
11. Updates to This Privacy Notice
This notice is current as of October 8, 2025. ABM may update it in response to operational or legal developments. Users should review the notice periodically.
12. Third-Party Links
This website may contain links to external sites and utilizes third-party authentication services. When you choose to authenticate using Single Sign-On, you will be redirected to the authentication pages of third-party identity providers (Google, LinkedIn, or GitHub). These providers are independent data controllers with their own privacy policies governing the authentication process and any data they collect.
ABM is not responsible for the privacy practices of such third-party sites or services, and users are encouraged to review the privacy notices of any third-party websites or services they access, including SSO providers before choosing to authenticate through those services.