Privacy Policy

Privacy notice for Aventriva websites and applications.

• Last updated: May 1, 2026.
• Controller: Aventriva.
• Data-protection contact: contact@aventriva.com.
• Scope: the public company page, direct inquiries, and Aventriva applications and SaaS services.
• The English version is the binding publication text. Polish and Norwegian versions are convenience translations.

What data we may process.

• Contact and inquiry data: name, email, company details, message contents, and files or context you choose to send.
• Account and service data: user accounts, roles, permissions, settings, support context, and application project data.
• Read-only design access data: access time, IP address, user agent, browser, operating system, device type, referrer, language, and bot flag when a shared read-only design link is opened.
• Technical and security data: request metadata, logs, error reports, security events, and infrastructure diagnostics.
• Billing and payment data: invoice and transaction metadata. Payment details may be handled by providers such as Stripe, PayU, or Klarna when payment features are used.
• Analytics and marketing data: Google Analytics and advertising/remarketing data may be used only through the selected consent setup once those tools are configured.

Why we use data.

We process data to respond to inquiries, provide and improve our applications, operate and secure the company page and SaaS infrastructure, handle support, maintain business and accounting records, detect abuse or security issues, and run analytics or marketing only where a valid consent setup applies.

Tools and vendors.

Relevant tools may include AWS, GoDaddy, Titan Email, Google services including Google Analytics, Stripe, PayU, Klarna, Slack, Google Workspace, and GitHub. These providers process data only for the services they provide to us or as otherwise described in their own terms and privacy materials.

Retention.

• Public company-page runtime logs are normally short-lived; the current Lambda log group is set to 14 days.
• Application logs are normally kept up to 30 days unless needed for security, abuse, legal, or operational investigation.
• Direct inquiries are normally kept for up to 24 months after the last substantive contact unless they become customer, accounting, legal, or security records.
• Account and project data is normally kept for the account or customer relationship and up to 24 months after closure or deletion request, unless a longer legal, accounting, support, warranty, or security reason applies.
• Shared read-only design links currently default to 180 days. Detailed read-only access logs are intended to be kept for up to 90 days, with aggregate statistics kept longer only when they are no longer identifiable.
• Google Analytics event and user data is planned with a 14-month retention setting once analytics is configured.
• Billing, invoice, tax, accounting, security-incident, and legal records may be kept for the period required by law or needed to defend claims.
• Backups expire according to the applicable rolling backup lifecycle and may briefly retain data after deletion from the active system.

Your rights.

Depending on the situation, you may have rights to access, correction, deletion, restriction, portability, objection, consent withdrawal, and a complaint to the relevant supervisory authority. To use these rights, contact contact@aventriva.com.