Privacy Policy

Overview

At Nordvec, we prioritise data security and confidentiality above all else. This privacy policy describes how we collect, use, disclose, and store personal data when you visit our website, create an account, or use our AI platform. When you use our Service on behalf of your employer (who is our B2B customer), we act primarily as a Data Processor, and your employer acts as the Data Controller.

1. What data do we collect?

We collect: identification and contact information (name, email, phone number, job title, and company name), account and transfer data (encrypted/hashed passwords, profile pictures via OAuth, encrypted tokens for third-party integrations), payment information (processed securely via Stripe; we do not store your full card details), and technical/log data (IP address, browser type, device type, login times, and page views for security and product optimisation).

2. Purpose and legal basis

We process your personal data for: Service delivery (Art. 6(1)(b): creating and managing your user account), Payment and bookkeeping (Art. 6(1)(c): invoicing and record-keeping as required by the Danish Bookkeeping Act), Improvement and security (Art. 6(1)(f): preventing misuse, debugging, and analysing anonymised usage data), and Marketing (Art. 6(1)(a): newsletters, only with active opt-in).

3. Use of AI and third parties

Nordvec is built around Large Language Models (LLMs). We maintain Zero-Data-Retention agreements with our AI providers. This means your prompts and queries are NOT used to train public AI models, and your data is isolated per tenant via strict Row-Level-Security (RLS) policies in our database. We may share contact/billing information with third-party vendors (e.g. hosting providers, auth providers) solely to the extent necessary to deliver our Service.

4. Transfer to third countries

Our servers are located in the EU (France / Germany). If we use systems outside the EU/EEA, we ensure transfer is covered by EU Commission Standard Contractual Clauses (SCCs), supplemented by Data Privacy Framework certifications where applicable.

5. Data retention

We retain your profile information as long as you have an active account. If you delete your account, we remove your information (except what we are legally required to retain under the Danish Bookkeeping Act for 5 years). Data from your connected systems is deleted in accordance with our Data Processing Agreement.

6. Your rights

Under GDPR, you have the right to: access the information we process about you, rectification of inaccurate information, erasure of your information, restriction of processing, objection to otherwise lawful processing (e.g. direct marketing), and data portability, i.e. to receive your information in a structured, machine-readable format.

7. Changes to this policy

We reserve the right to update this privacy policy to reflect changes in legislation or our Service. We will notify you via email or through the platform of any material changes.

8. Contact

If you have questions or wish to exercise your rights, contact: Nordvec, Email: legal@nordvec.com. You also have the right to file a complaint with the Danish Data Protection Agency (www.datatilsynet.dk).