Privacy Policy
Last updated: February 13, 2026
Pryvii ("we", "us", or "our") operates the pryvii.com website and the Pryvii privacy compliance scanning platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our services. We are committed to complying with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the Personal Information Protection and Electronic Documents Act (PIPEDA).
1. Data Controller
Pryvii is the data controller responsible for your personal data. If you have any questions about how we process your information, please contact us at privacy@pryvii.com.
2. Information We Collect
We collect information you provide directly, such as your name, email address, and payment details when you create an account or subscribe to a plan. We also collect usage data automatically, including your IP address, browser type, pages visited, and interactions with our platform. When you use our scanning service, we process the URLs you submit and the publicly available content of the scanned web pages.
3. How We Use Your Information
We use your information to provide and maintain our services, process your transactions, send service-related communications, improve our platform, detect and prevent fraud, and comply with legal obligations. We use AI models to analyze website compliance, and scanned website data is processed for the sole purpose of generating compliance reports.
4. Legal Basis for Processing (GDPR)
Under the GDPR, we process your data based on the following legal grounds: • Contract performance — to provide the services you have requested. • Legitimate interests — to improve our platform, prevent fraud, and ensure security. • Consent — where you have given us explicit permission, such as for marketing communications. • Legal obligation — to comply with applicable laws and regulations. You may withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.
5. Data Sharing and Third Parties
We do not sell your personal data. We share your information only with trusted third-party service providers necessary to operate our platform: • Payment processing (Stripe) • Email delivery (Resend) • Database hosting (Neon) • AI processing (OpenRouter) • Error monitoring (Sentry) All third-party processors are bound by data processing agreements and are required to protect your information in accordance with applicable privacy laws.
6. International Data Transfers
Your data may be transferred to and processed in countries outside your country of residence, including the United States. When we transfer data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, or reliance on the recipient's participation in recognized data protection frameworks.
7. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. Account data is retained for the duration of your account and for a reasonable period thereafter. Scan results are retained according to your subscription plan. You may request deletion of your data at any time.
8. Your Rights Under the GDPR
If you are located in the European Economic Area (EEA), you have the following rights: • Right of access — obtain a copy of your personal data. • Right to rectification — correct inaccurate or incomplete data. • Right to erasure — request deletion of your personal data. • Right to restrict processing — limit how we use your data. • Right to data portability — receive your data in a structured, machine-readable format. • Right to object — object to processing based on legitimate interests. • Right to withdraw consent — revoke consent at any time. To exercise these rights, contact us at privacy@pryvii.com. We will respond within 30 days.
9. Your Rights Under the CCPA
If you are a California resident, you have the following rights: • Right to know — request information about the categories and specific pieces of personal information we have collected. • Right to delete — request deletion of your personal information. • Right to opt-out — opt out of the sale of your personal information. We do not sell personal information. • Right to non-discrimination — we will not discriminate against you for exercising your privacy rights. To exercise these rights, contact us at privacy@pryvii.com or use the controls available in your account settings.
10. Your Rights Under PIPEDA
If you are a Canadian resident, you have the following rights under PIPEDA: • Right to access — request access to the personal information we hold about you. • Right to correction — request correction of inaccurate or incomplete information. • Right to withdraw consent — withdraw your consent for the collection, use, or disclosure of your information. • Right to complain — file a complaint with the Office of the Privacy Commissioner of Canada. To exercise these rights, contact us at privacy@pryvii.com. We will respond within 30 days.
11. Cookies and Tracking Technologies
We use essential cookies required for the operation of our platform, such as authentication tokens. We use analytics cookies only with your consent to understand how our platform is used. You can manage your cookie preferences through your browser settings. Our platform does not respond to Do Not Track signals, but we honor the Global Privacy Control signal where required by law.
12. Children's Privacy
Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information promptly.
13. Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption in transit and at rest, access controls, and regular security assessments. However, no method of transmission over the Internet is 100% secure.
14. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. Your continued use of our services after changes take effect constitutes acceptance of the revised policy.
15. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, please contact us at: Email: privacy@pryvii.com You also have the right to lodge a complaint with your local data protection authority.