Privacy Policy
Last updated: April 2026
1. Data Controller
The data controller responsible for processing your personal data is:
Valiro AI Solutions Herrsching am Ammersee, Germany Email: info@valiro.ai
2. Data We Collect
We collect and process the following categories of personal data:
Account Information
- Name and email address
- Company name and role
- Authentication credentials (managed by Valiro; we issue our own JWT tokens)
Usage Data
- Log data (IP address, browser type, pages visited)
- Feature usage and interaction patterns
- Performance and error data
Project Data
- Projects, work packages, and task information
- Documents uploaded to the platform
- Communications (chat messages, newsfeed posts)
3. Purpose and Legal Basis
We process your data for the following purposes under GDPR Article 6:
| Purpose | Legal Basis |
|---|---|
| Providing our services | Contract performance (Art. 6(1)(b)) |
| Account management | Contract performance (Art. 6(1)(b)) |
| Analytics and improvement | Legitimate interest (Art. 6(1)(f)) |
| Security and fraud prevention | Legitimate interest (Art. 6(1)(f)) |
| Legal compliance | Legal obligation (Art. 6(1)(c)) |
4. Third-Party Service Providers
We use the following service providers to operate our platform:
Convex
We use Convex as our backend database and serverless functions provider. Convex processes and stores your project data, documents, and application data.
Cloudflare
Cloudflare provides content delivery and security services for our static website. They may process technical data such as IP addresses for security and performance optimization.
Umami (self-hosted)
We use Umami for privacy-friendly website analytics. Umami is self-hosted on our own domain and within the EU. It does not use cookies, does not collect personal data, and does not share data with any third party.
Google Gemini AI (EU)
Our AI features are powered by Google Gemini with EU data residency. When you use the AI workspace, your queries and relevant document context are processed by Gemini to generate responses. Data is processed within the European Union.
Authentication
Authentication is handled by the Valiro backend. We issue our own JWT tokens — we do not use a third-party identity provider such as Clerk or Auth0.
5. Data Transfers
Where possible, we use services with EU data residency (self-hosted Umami, Google Gemini EU). For services that may transfer data outside the EU, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) as required by GDPR.
6. Data Retention
We retain your personal data for the following periods:
- Account data: Duration of your account plus 30 days after deletion
- Project data: Duration of your subscription plus any legally required retention period
- Usage analytics: 26 months
- Chat messages: 90 days by default (configurable)
- Security logs: 12 months
7. Your Rights
Under GDPR, you have the following rights regarding your personal data:
- Right of access: Request a copy of your personal data
- Right to rectification: Correct inaccurate or incomplete data
- Right to erasure: Request deletion of your data (“right to be forgotten”)
- Right to restrict processing: Limit how we use your data
- Right to data portability: Receive your data in a portable format
- Right to object: Object to processing based on legitimate interests
- Right to withdraw consent: Where processing is based on consent
To exercise any of these rights, please contact us at info@valiro.ai.
8. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including encryption in transit and at rest, access controls, and regular security assessments. For more details, see our Security page.
9. Cookies
We use cookies and similar technologies. For detailed information about the cookies we use and how to manage them, please see our Cookie Policy.
10. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the “Last updated” date.
11. Contact and Complaints
If you have questions about this privacy policy or wish to exercise your rights, please contact us at:
Valiro AI Solutions Email: info@valiro.ai
You also have the right to lodge a complaint with your local data protection authority. In Germany, this is the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA).