← Back to Vibranius

Privacy Policy

Last updated: June 2026

1. Introduction

Eveleone LTD ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect your information when you use Vibranius ("the Service").

Vibranius is designed differently: Your business documents and data are stored on your dedicated server. We do not have access to your files, documents, or content except as described in this policy.

2. Data Controller

Data Controller: Eveleone LTD

• Registered in: Cyprus (European Union)
• Registration Number: [To be added]
• Registered Address: Address available on request (contact [email protected])
• Contact: [email protected]

3. What Data We Collect

We collect the following types of information:

3.1. Account Information

• Email address
• Full name
• Company name
• Billing address
• Phone number (optional)

3.2. Billing Information

• Payment card details (processed securely by Stripe — we never see your full card number)
• Invoices and payment history
• Tax ID or VAT number (if provided)

3.3. Usage Data

• Login timestamps and IP addresses
• Service feature usage (for support and improvement)
• Error logs and crash reports
• Storage consumption metrics

3.4. Communication Data

• Support email content
• Email marketing preferences (you can opt out anytime)

3.5. What We DO NOT Collect

Important: We do NOT access, collect, or process:

• Your document content (files stored on your server)
• Your business data (contacts, financial records, etc.)
• Your team's private communications
• Any content created within Vibranius modules (stored on your server)

All content data remains on your dedicated server under your control. The one exception is the AI assistant: when you choose to send a document to it, that content is processed by our AI sub-processor (Google Cloud Vertex AI) within the EU and is never used to train any model. See section 10.4.

4. How We Use Your Data

We use the collected data for the following purposes:

4.1. Service Provision

• Creating and managing your account
• Processing payments and subscriptions
• Providing technical support
• Sending service notifications and updates

4.2. Security and Fraud Prevention

• Verifying your identity
• Detecting and preventing fraudulent activity
• Securing the Service against attacks

4.3. Legal Compliance

• Complying with legal obligations
• Responding to lawful requests from authorities
• Enforcing our Terms of Service

4.4. Improvement

• Analyzing usage patterns to improve Service performance
• Identifying and fixing bugs
• Planning new features (based on anonymized usage data)

5. Legal Basis for Processing

Under GDPR, we rely on the following legal bases:

• Contract Performance: Processing necessary to provide the Service under our subscription agreement
• Legitimate Interest: Security monitoring, fraud prevention, and service improvement
• Legal Obligation: Compliance with tax, accounting, and other legal requirements
• Consent: Marketing communications (can be withdrawn anytime)

6. Data Storage and Location

Your data is stored and processed as follows:

6.1. Account and Billing Data

• Stored on secure servers in Finland (Hetzner Helsinki) (Hetzner)
• Within the European Union
• Encrypted at rest (AES-256) and in transit (TLS 1.3)

6.2. Your Content Data

• Stored on your dedicated server in Finland (Hetzner Helsinki)
• Accessible only by you and your authorized users
• We do NOT have access unless explicitly requested for support
• When you send a document to the AI assistant, its content is processed by Google Cloud Vertex AI within the EU and is never used for training (see section 10.4)

7. Data Retention

We retain your data as follows:

• Account Data: Duration of contract + 30 days (for final billing and support)
• Billing Records: 7 years (legal requirement in Cyprus/EU)
• Support Emails: 2 years from last interaction
• Usage Logs: 90 days
• Your Content: Determined by your retention policy on your server

Upon account termination, account data is deleted within 30 days, except billing records which are retained for legal compliance.

8. Your Rights

Under GDPR, you have the following rights:

8.1. Right of Access

You can request a copy of all data we hold about you. Contact [email protected].

8.2. Right to Rectification

You can correct inaccurate or incomplete data. Login to your account or contact us.

8.3. Right to Erasure ("Right to be Forgotten")

You can request deletion of your account data, subject to legal retention requirements (e.g., tax records). Your content data can be deleted at any time from your server.

8.4. Right to Portability

You can export your account data in a structured, machine-readable format.

8.5. Right to Object

You can object to processing based on legitimate interest (e.g., marketing emails).

8.6. Right to Restrict Processing

In certain circumstances, you can request we limit how we use your data.

8.7. Right to Lodge a Complaint

You have the right to complain to a data protection authority:

• Office of the Commissioner for Personal Data Protection (Cyprus)
• Website: www.dataprotection.gov.cy

9. Cookies and Tracking

Vibranius uses minimal cookies:

• Session Cookies: Essential for login and Service functionality
• Preference Cookies: Remember your language and display settings

We do NOT use:

• Advertising trackers
• Third-party analytics (Google Analytics, etc.)
• Cross-site tracking pixels

10. Third-Party Services

We use the following trusted third parties:

10.1. Hetzner Online GmbH (Germany)

• Purpose: Server infrastructure hosting
• Data: Account metadata only (no content access)
• Location: Finland (EU)
• Privacy: hetzner.com/de/rechtliches/datenschutz

10.2. Stripe Inc. (USA)

• Purpose: Payment processing
• Data: Payment card details (we never see full card numbers)
• Location: USA — EU data protected via Standard Contractual Clauses (SCCs)
• Privacy: stripe.com/privacy

10.3. Let's Encrypt (USA)

• Purpose: SSL/TLS certificate authority
• Data: Domain names only (no personal data)
• Privacy: letsencrypt.org/privacy

10.4. Google Cloud — Vertex AI (EU region)

• Purpose: Powers the AI assistant — processes document content you submit to it
• Data: The document content and prompts you send to the AI assistant
• Location: European Union region — content is processed in the EU and does not leave it
• Training: Your content is never used to train Google's or any other AI models (enterprise terms)
• Privacy: Google Cloud Data Processing Addendum

Important: No third party has access to the content stored on your server. The only third-party content processing is the AI assistant: when you send a document to it, that content is processed by Google Cloud Vertex AI in the EU and is never used for training. It is never sold or shared with anyone else.

11. Data Transfers Outside EU

We minimize data transfers outside the EU:

• Account and billing data: Stored in the EU (Finland)
• Payment data: Processed by Stripe (USA) under SCCs — your card data never leaves Stripe's secure environment
• Your stored content: kept on your server in the EU. When you send a document to the AI assistant, it is processed by Google Cloud Vertex AI in an EU region — it stays within the EU and is never used for training

12. Security Measures

We implement appropriate security measures including:

• AES-256 encryption for data at rest
• TLS 1.3 encryption for data in transit
• Regular security audits and updates
• Access logging and monitoring
• Two-factor authentication (2FA) available

However, no method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

13. Children's Privacy

Vibranius is intended for business use and is not directed to children under 16. We do not knowingly collect data from children under 16. If we become aware of such collection, we will delete it immediately.

14. International Users

If you are located outside the European Union, your information may be transferred to and processed in the EU in accordance with this Privacy Policy.

We comply with the EU-US Data Privacy Framework for applicable data transfers.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be:

• Posted on this page
• Emailed to all account holders
• Effective 30 days after notification

Your continued use of the Service after changes constitutes acceptance.

16. Contact

For privacy-related questions, requests, or complaints:

• Email: [email protected]
• Data Protection Officer: [email protected]
• Company: Eveleone LTD
• Address: Address available on request (contact [email protected])

We will respond to all inquiries within 30 days.

17. Data Processing Agreement

For business customers requiring a Data Processing Agreement (DPA), please refer to our DPA or contact [email protected].