BBLabs NewsBBLabs News

BBLabs News · Legal

Privacy Policy

Last updated: 2026-05-26.

At BBLabs News (operated by BBLabs, owned by Gorka Morillo), we take your privacy seriously. This policy explains what data we collect, why, for how long, and what rights you have. We comply with the GDPR (EU Regulation 2016/679) and Spanish data-protection law.

1. Data controller

BBLabs — contact: team@bblabs.es. For any privacy enquiry, email us with subject "Privacy".

2. What data we collect and why

Newsletter subscription

  • Email — required to send you the newsletter.
  • Selected topics (CVE / Bug Bounty / Cyberattacks / AI) — to personalise which stories you receive.
  • Preferred language (ES / EN).
  • IP at signup — for aggregated geolocation (city/country), abuse prevention, and anonymised audience metrics.

Email tracking

  • Send and open events — we log when we send you an email and, if your mail client loads the tracking pixel, when you open it. To opt out, block remote images in your mail client.
  • User-Agent and approximate country on open — to understand devices and geographies.

Cookies and authentication

  • bblabs_session — first-party JWT cookie, HttpOnly, SameSite=Lax, 8h expiry. Only set when you log in with your email.
  • reader_mode — reader-mode preference cookie (no personal data).

No third-party cookies, no cross-site trackers, no Google Analytics. We don't sell your data to anyone.

3. Legal basis

We process your email and preferences on the basis of your consent (GDPR Art. 6.1.a), provided when you voluntarily subscribe. Legitimate interest (Art. 6.1.f) covers abuse prevention and aggregated audience metrics needed to keep the service running.

4. Processors (third parties)

For email delivery we use an SMTP provider. For IP geolocation (city/country level, not individual) we use the local MaxMind GeoLite2 database. Both are subject to GDPR and covered by data-processing agreements. Email us for specifics on the current SMTP provider.

5. Retention

  • Active subscriber: data kept while subscribed.
  • After unsubscribing: marked as unsubscribed immediately (no more emails). The record persists to prevent accidental resubscription and for audit purposes; you can request full deletion at any time.
  • Email events (send/open): automatically purged after 90 days.

6. Your rights (GDPR)

  • Access — what we store about you.
  • Rectification — correct inaccurate data.
  • Erasure — right to be forgotten.
  • Restriction / objection to processing.
  • Portability — export your data in a structured format.
  • Withdraw consent at any time (the unsubscribe link in every email footer is immediate withdrawal).
  • Lodge a complaint with the Spanish Data Protection Agency.

To exercise these rights, email team@bblabs.es with subject "GDPR" and the right you want to exercise. We reply within 30 days.

7. International transfers

Data is processed within the European Economic Area (EEA). If at any point we use a provider outside the EEA (e.g. certain CDN edge nodes), it's done under EU-approved Standard Contractual Clauses.

8. Changes to this policy

If we update this policy, we'll notify you by email to your subscription address at least 14 days in advance. The current version is always at https://news.bblabs.es/en/privacy.

9. Contact

Questions? Email team@bblabs.es or reply to any BBLabs News email.