This notice explains what personal data we collect, why we collect it, and how we protect it. We follow data minimization and transparency principles across every workflow.
What We Collect, Why We Collect It, And How Long We Keep It.
We avoid sensitive data whenever possible and only request the minimum information required to run compliance workflows.
| Data Categories | Data | Purpose | Retention |
|---|---|---|---|
| Account And Access | Name; Work email; Role and permissions | Provision accounts, enforce access control, and maintain audit trails. | Active account + 30 days. |
| Compliance Records | RoPA records; DPIA and DTIA assessments; DSAR requests; Vendor risk files | Provide compliance workflows, evidence, and audit exports. | Customer-configurable; deleted on request or per contract. |
| Usage And Security Telemetry | Feature usage; Device and browser details; Login metadata | Improve reliability, detect abuse, and measure platform health. | Up to 24 months, with aggregation after 90 days. |
| Support Communications | Support tickets; Attachments you provide; Contact history | Resolve issues and maintain service quality. | Up to 36 months, unless deleted earlier on request. |
| Billing And Contracts | Billing contact; Invoices and payment status; Order forms | Billing, taxation, and contract administration. | Up to 10 years where required by law. |
Clear, Documented, And Auditable Privacy Practices.
We show you what data is processed, where it lives, and how it is safeguarded. Every commitment is backed by evidence in the Trust Center.
- Data minimization
- Purpose limitation
- Policy visibility
Clear Processing Purposes
We document each processing activity and make it visible in the Trust Center.
Retention Transparency
Retention periods are defined per data category and reviewed quarterly.
No Data Sale
Privexus does not sell personal data or use it for unrelated advertising.
Every Processing Activity Is Tied To A Defined Legal Basis.
We document the lawful basis for each workflow to ensure clarity, accountability, and transparent processing decisions.
Contract
Process account data to deliver the platform and administer agreements.
Legitimate Interests
Protect the service, detect abuse, and improve reliability.
Consent
Optional communications or analytics are used only when enabled.
Legal Obligation
Retain records required by law and respond to lawful requests.
Privacy By Design With Technical And Organizational Controls.
Security safeguards are designed to protect confidentiality, integrity, and availability across the platform.
Encryption
TLS in transit and AES-256 at rest with managed key rotation.
Access Controls
Role based access, SSO or MFA, and immutable audit logging.
Incident Response
We notify customers without undue delay per contract and law.
Your Rights
Understand and exercise your privacy rights regarding your personal data. We are dedicated to transparency and provide you with full control over your information.
- Access and export your data.
- Correct inaccuracies in records.
- Request deletion when permitted by law.
- Restrict processing in certain circumstances.
- Object to certain processing activities.
- Withdraw consent for optional processing.
- Lodge a complaint with your supervisory authority.
For any requests or inquiries, please submit them via the button or email privacy@privexus.io. We verify identity and respond within 30 days.
Data Minimization And Processing Roles.
We limit collection to what is required and clearly define how we act as a processor on behalf of customers.
Data minimization
- We collect only required fields for each workflow.
- We avoid sensitive data unless explicitly needed.
- We aggregate or anonymize telemetry whenever possible.
Processing roles
Privexus acts as a data processor for customer content. Customers remain controllers and decide what personal data is stored in the platform.
We use vetted subprocessors for hosting and support, and we provide full details in the Trust Center registry.
Clear Disclosures To Support Transparency And Accountability.
These statements clarify automated decision making, minors, and how updates are communicated.
Automated Decision-Making
Privexus does not use automated decisions with legal or similarly significant effects.
Children And Minors
The service is intended for business users and not for children under 16.
Updates To This Notice
Material changes are posted in the Trust Center with a clear effective date.
Questions About Privacy Practices Or Data Rights?
Our privacy team responds within one business day and can provide detailed evidence packs upon request.