Privacy Policy

Last updated: May 17, 2026

1. Introduction

ValidonX ("we", "us", "our") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our platform at validonx.com (the "Service").

2. Data We Collect

Account Data

When you register, we collect your name, email address, company name, and password (stored as a cryptographic hash).

Billing Data

If you subscribe to a paid plan, we collect billing information through Stripe. We do not store credit card numbers on our servers.

Usage Data

We collect API request logs, activation records, and usage metrics to operate the Service and enforce plan limits.

Technical Data

We may collect IP addresses, browser user agents, and device information for security, rate limiting, and debugging purposes.

3. How We Use Your Data

  • To provide and operate the Service
  • To process payments and manage subscriptions
  • To send transactional emails (verification, password reset, invoices)
  • To enforce rate limits and prevent abuse
  • To improve the Service through aggregated, anonymized analytics
  • To send marketing communications (only with your explicit consent)

4. Legal Basis for Processing (GDPR)

  • Contract performance: Processing necessary to deliver the Service you signed up for
  • Legitimate interest: Security monitoring, fraud prevention, platform improvement
  • Consent: Marketing emails and newsletter (opt-in only)
  • Legal obligation: Tax and billing record retention

5. Data Sharing

We share data only with the following categories of third parties:

  • Stripe — payment processing
  • Vectis Mail — email delivery
  • Sentry — error tracking (PII disabled by default)
  • Infrastructure provider — server hosting in Singapore (encrypted at rest)

We do not sell your personal data to third parties.

6. Data Retention

  • Account data: retained for the lifetime of your account + 30 days after deletion
  • Billing records: 7 years (tax compliance)
  • Audit logs: configurable, default 7 years
  • Usage data: 365 days
  • Marketing consent records: retained until withdrawal + 30 days

7. Your Rights

Under GDPR and applicable data protection laws, you have the right to:

  • Access your personal data (export via dashboard)
  • Rectify inaccurate data (edit in settings)
  • Erase your data (request account deletion)
  • Port your data (JSON/CSV export)
  • Object to marketing communications (unsubscribe)
  • Restrict processing in certain circumstances

To exercise these rights, contact us at privacy@validonx.com.

8. Data Security

We implement industry-standard security measures including encryption at rest and in transit, per-tenant database isolation, HMAC-SHA256 API key hashing, Argon2id password hashing, role-based access control, and comprehensive audit logging.

9. Cookies

We use essential cookies for authentication and session management. We do not use third-party tracking cookies. You can manage your cookie preferences via the consent banner displayed on your first visit.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice on the Service.

11. Contact

For privacy-related inquiries, contact us at privacy@validonx.com.

We use essential cookies for authentication and session management. Privacy Policy