Privacy Policy
How we collect, use, and protect your personal data — in full compliance with GDPR and Dutch privacy law (UAVG).
Introduction
Priventix B.V. ("Priventix", "we", "us", or "our") is committed to protecting your personal data. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights under the General Data Protection Regulation (GDPR) (EU) 2016/679 and the Dutch implementation thereof (UAVG).
By purchasing, downloading or using any Priventix product or service — including Priventix AV, Priventix VPN, or any related subscription — you acknowledge you have read and understood this Privacy Policy.
Who We Are
Priventix B.V. is the data controller responsible for your personal data. We are incorporated in the Netherlands and operate the Priventix.ai security platform.
Contact: legal@priventix.ai
What Data We Collect
3.1 Data you provide directly
- Full name
- Email address
- Billing address (including country, city, postal code)
- Phone number
- Payment information — processed by Priventix B.V. and our Merchant of Record, Handl (wehandl.io). We do not store full card numbers. Card data is tokenised and processed in accordance with PCI-DSS standards.
3.2 Data collected automatically
- IP address and approximate geolocation (country / region level)
- Device operating system, version, and hardware identifiers
- Priventix software version installed
- Activation and licence validation events
- Threat detection events (file hash, threat type, action taken — not file content)
- Product usage telemetry (feature usage frequency, error logs)
- VPN connection metadata (server region selected, connection duration) — we do not log VPN traffic content or destination URLs
3.3 Data from third parties
- Affiliate network partners may share your click identifier, campaign ID, and conversion event to enable affiliate commission tracking. No sensitive personal data is shared by affiliates with us.
- Fraud prevention partners may provide risk scoring based on device fingerprint and IP reputation.
Legal Basis for Processing (GDPR Article 6)
We rely on the following legal bases:
Processing your name, email, address and payment data to deliver the software licence and subscription you purchased.
Product telemetry, security improvement, fraud detection, and affiliate tracking — balanced against your rights.
Retention of transaction records for Dutch tax and accounting law (7 years).
Marketing communications — only where you have explicitly opted in.
How We Use Your Data
- Delivering, activating and maintaining your Priventix licence
- Processing payments and issuing invoices via our MoR (Handl)
- Providing customer support
- Sending transactional emails (purchase confirmation, trial reminders, renewal notices)
- Detecting malware and security threats using anonymised telemetry
- Improving product performance and fixing bugs
- Calculating and paying affiliate commissions to our affiliate network
- Complying with legal obligations (tax, anti-fraud, court orders)
- Sending marketing emails if you have opted in (unsubscribe available at any time)
Data Retention
| Data type | Retention period | Basis |
|---|---|---|
| Account & transaction data | 7 years | Dutch tax law |
| Security telemetry | 12 months | Then deleted or fully anonymised |
| Support communications | 3 years | From resolution of request |
| Marketing preferences | Until withdrawn | Consent withdrawal or erasure request |
Data Sharing and Third Parties
We share or process your data only as necessary and only with parties bound by appropriate data processing agreements (DPAs):
7.1 Priventix B.V. — Primary data processor
Priventix B.V. processes your personal data directly for account management, licence activation, product telemetry, threat detection, and customer support. As data controller and primary processor, we operate under Dutch law and GDPR and maintain all required technical and organisational security measures.
7.2 Merchant of Record — Handl
Handl (wehandl.io) acts as Merchant of Record and processes your payment card data and billing information on our behalf. Handl is an independent data controller for payment processing purposes and their own privacy policy governs that processing. We share your name, email, billing address, and purchase details with Handl solely to fulfil the transaction.
7.3 Affiliate network
We share purchase confirmation events (conversion data) with our affiliate tracking network to attribute sales and process commissions. This includes: click ID, product purchased, sale amount, and conversion timestamp. No sensitive personal data is shared.
7.4 Infrastructure and cloud providers
We use cloud hosting and infrastructure providers based in the EU/EEA. All providers are bound by DPAs.
7.5 Legal and regulatory
We may disclose data to law enforcement, regulators or courts where required by applicable law. We will notify you to the extent legally permitted.
Your personal data is never sold, rented, or traded to any third party for their own marketing purposes. Full stop.
International Transfers
Where data is transferred outside the EEA, we ensure adequate safeguards are in place — including Standard Contractual Clauses (SCCs) approved by the European Commission, or reliance on an adequacy decision.
Contact privacy@priventix.ai for details of the safeguards applied to specific transfers.
Your Rights Under GDPR
You have the following rights, exercisable by contacting privacy@priventix.ai. We will respond within 30 days.
Cookies and Tracking
Our website and software may use the following categories of cookies and tracking technologies:
- Strictly necessary: Required for purchase flow, authentication, and fraud prevention.
- Analytics: Anonymous usage statistics to improve our products (opt-out available).
- Affiliate tracking: Click identifiers placed by affiliate partners to attribute purchases.
You can manage cookie preferences via our cookie consent tool on the website.
Security
We implement appropriate technical and organisational measures to protect your data, including TLS encryption in transit, encryption at rest, access controls, and regular security assessments.
No internet transmission is 100% secure; we cannot guarantee absolute security.
Children
Priventix products are not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe we have inadvertently collected such data, contact privacy@priventix.ai and we will delete it promptly.
Changes to this Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a prominent notice on our website. Continued use of our products after the effective date of changes constitutes acceptance.
Contact
- Data Protection enquiries: privacy@priventix.ai
- General contact: legal@priventix.ai
- Address: Priventix B.V., the Netherlands