Privacy Policy

Last updated: December 21, 2025

1. Introduction

App Harbour ApS ("we", "us", "our") operates AxiumVista (the "Service"). This Privacy Policy explains how we collect, use, and protect your personal data when you use the Service.

We comply with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data We Collect

2.1 Account Information

  • Name
  • Email address
  • Password (hashed and encrypted; we never store plain-text passwords)

2.2 Workspace and Project Data

  • Workspace names and member lists
  • Project data: SCQA content, ICE scores, action plans
  • User-generated content within workflows

2.3 Usage Data

  • Login times and session information
  • Feature usage (which workflows you use)
  • Error logs and debugging information

2.4 Payment Information

Payment processing is handled by Stripe. We do not store credit card numbers or full payment details on our servers. We receive only:

  • Stripe customer ID
  • Subscription status and billing period
  • Last 4 digits of card (for display purposes)

3. How We Use Your Data

We use your data to:

  • Provide and maintain the Service
  • Process payments and manage subscriptions
  • Send transactional emails (password resets, invitations, billing notifications)
  • Provide customer support when you contact us
  • Improve the Service based on usage patterns
  • Detect and prevent fraud, abuse, or security issues
  • Comply with legal obligations

4. Legal Basis for Processing (GDPR)

We process your data based on:

  • Contract: To provide the Service you signed up for
  • Legitimate interest: To improve the Service and prevent abuse
  • Consent: For optional marketing communications (opt-in only)
  • Legal obligation: To comply with tax and financial regulations

5. Data Sharing

We do not sell your data. We share data only with:

5.1 Service Providers

  • Railway: Hosting and database infrastructure
  • Stripe: Payment processing
  • OpenAI: AI assistance (data not retained or used for training)
  • Resend/SendGrid: Transactional email delivery

5.2 Legal Requirements

We may disclose data if required by law, court order, or to protect our rights or the safety of others.

6. Data Retention

  • Active accounts: Data is retained as long as your account is active
  • Closed accounts: Data is permanently deleted within 30 days of account closure
  • Backups: Backup copies are retained for 30 days for disaster recovery
  • Logs: Error and security logs are retained for 90 days

7. Your Rights (GDPR)

You have the right to:

  • Access: Request a copy of your data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data
  • Export: Receive your data in a portable format
  • Object: Object to certain types of processing
  • Withdraw consent: Opt out of optional communications

To exercise these rights, contact us at privacy@axiumvista.com.

8. Security

We protect your data using:

  • HTTPS encryption for all data transmission
  • Encrypted password storage (bcrypt hashing)
  • Secure database hosting with access controls
  • Regular security updates and monitoring

While we take security seriously, no system is 100% secure. You are responsible for keeping your account credentials confidential.

9. Cookies

AxiumVista uses essential cookies to maintain your session and authentication. We do not use tracking or advertising cookies.

  • Session cookies: Required for login and authentication (httpOnly, secure)
  • No third-party tracking: We do not use Google Analytics or similar tools

10. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect data from children. If you believe we have collected data from a child, contact us immediately.

11. International Data Transfers

Our servers are located in the EU/EEA. If you access the Service from outside the EU, your data may be transferred to EU servers. We ensure appropriate safeguards are in place.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email or through the Service. The "Last updated" date at the top indicates the latest revision.

13. Contact Us

If you have questions about this Privacy Policy or how we handle your data, contact us at:

Email: privacy@axiumvista.com

Company: App Harbour ApS
Location: Denmark

Data Protection Officer: For GDPR-related requests, email dpo@axiumvista.com.