Privacy Policy

1. Overview

This Privacy Policy explains how Vaxelia handles personal data when you use our websites and platform. We act as a controller for data about visitors and account users, and as a processor for the Customer Data our customers hold within their tenants, which we process only on their instructions and under our customer agreements.

2. Information we collect

Information you provide

• Account and contact details: name, work email, company, role.
• Messages you send us through forms, demo requests, or support.
• Billing and subscription information.

Information collected automatically

• Usage and device data needed to operate and secure the Service.
• Logs of automated decisions and platform actions, retained for accountability and the compliance application.

Customer Data inside a tenant (including the Worldview built from an organization’s operation) is governed by that customer’s configuration and our agreement with them, not by this policy’s controller terms.

3. How we use information

We use personal data to provide, secure, and improve the Service; to communicate with you; to process billing; and to meet legal and regulatory obligations. We do not pool Customer Data across customers, and we do not use it to train models for the benefit of others.

4. Legal bases

Where the GDPR applies, we rely on the following legal bases: performance of a contract (to provide the Service); legitimate interests (to secure and improve it, balanced against your rights); consent (where required, such as certain cookies and marketing); and compliance with a legal obligation.

5. Data residency & isolation

Data is hosted with EU-primary residency, with alternative regions available for Enterprise customers. Each customer’s data, knowledge base, and operational history lives in its own tenant. Isolation is enforced at the infrastructure layer: there is no cross-tenant access through any path, and no pooled training.

6. Sharing & processors

We do not sell personal data. We share it only with service providers (sub-processors) who help us operate the Service under contract and appropriate safeguards, and where required by law or to protect rights and safety. A current list of sub-processors is available on request.

7. Data retention

We retain personal data for as long as needed to provide the Service and to meet legal, accounting, and compliance obligations. On termination, Customer Data is made available for export for a limited period before deletion, in line with our customer agreements.

8. Your rights

Subject to applicable law, you have the right to access, correct, delete, restrict, or object to the processing of your personal data, and to data portability. Where we act as processor for Customer Data, we support our customers in fulfilling these requests through the platform’s data-subject-request tooling.

• To exercise your rights, contact us.
• You may also lodge a complaint with your supervisory authority.

9. Cookies

We use strictly necessary cookies to operate the Service, and, with your consent where required, cookies that help us understand usage. You can manage non-essential cookies through the consent controls provided on our websites.

10. International transfers

Where personal data is transferred outside its region of origin, we use appropriate safeguards (such as adequacy decisions or standard contractual clauses) to protect it in line with applicable law.

11. Security

We protect personal data with encryption in transit (TLS 1.3) and at rest (AES-256), role-based access control with fine-grained permissions, SSO and MFA, and tenant isolation enforced at the infrastructure layer. No system is perfectly secure, but security is engineered into the platform rather than added on.

12. Changes

We may update this policy from time to time. Material changes will be communicated through the Service or by email before they take effect, and the “last updated” date above will change.

13. Contact

Questions about privacy, or to exercise your rights? Contact us. For security disclosures, email [email protected].