For users in the European Economic Area (EEA) or United Kingdom, we process your data under the following legal bases:
| Data Type | Legal Basis |
|---|---|
| Account registration & profile | Contract performance — necessary to provide the service |
| Project data, files, communications | Contract performance |
| Billing records | Legal obligation (tax and accounting laws) |
| Security logs & activity audit | Legitimate interest — fraud prevention and security |
| Usage analytics (if enabled) | Legitimate interest — service improvement |
| Marketing emails | Consent (opt-in only; we do not send unsolicited marketing) |
We do not sell your data to any third party. We do not send marketing emails unless you have explicitly opted in.
We share your information only in the following limited, necessary circumstances:
We never share data with advertisers, data brokers, analytics resellers, or any party for marketing purposes.
The following third-party services process data on our behalf. We have reviewed each for adequate data protection practices:
| Service | Purpose | Data Processed | Privacy Policy |
|---|---|---|---|
| Stripe | Payment processing | Name, email, billing address, card data (Stripe only — never stored by us) | stripe.com/privacy |
| Resend | Transactional email delivery | Email address, message content of notifications and invoices | resend.com/privacy |
| Cloudflare | DNS, CDN, DDoS protection | IP address, request metadata (no page content stored) | cloudflare.com/privacypolicy |
| Anthropic (Claude) | AI-powered support reply drafts (if enabled in admin panel) | Support ticket content sent for AI analysis — anonymized where possible | anthropic.com/privacy |
| Google (Google Site embed) | Portal embed host | IP address, usage session data (Google's standard analytics) | policies.google.com/privacy |
We keep your data only as long as necessary:
| Data Category | Retention Period | Reason |
|---|---|---|
| Account data (profile, credentials) | Active account lifetime + 30 days after deletion request | Service delivery |
| Project data, files, communications | 1 year after project completion | Support and follow-up work |
| Billing and invoice records | 7 years | Tax / accounting legal requirement |
| Security and activity logs | 12 months | Security audits and fraud detection |
| Support ticket history | 2 years from ticket close | Ongoing support context |
| Contact form submissions | 1 year | Follow-up and legal record |
| All data after subscription cancellation | 30 days (then permanently deleted) | Grace period for data export |
You may request earlier deletion of any data not subject to a legal retention requirement (see Section 10).
We use only the minimum necessary cookies and browser storage:
| Name | Type | Purpose | Duration |
|---|---|---|---|
PHPSESSID | Strictly necessary | Authentication session — keeps you logged in | 7 days or session end |
remember_token | Strictly necessary | "Remember me" persistent login token | 30 days |
lang | Functional | Language preference (English / Spanish) | 1 year |
ev_theme | Functional | Light / dark mode preference — stored in localStorage only, never sent to server | Persistent |
ev_cookie_consent | Functional | Records your cookie consent choice | 1 year |
We do not use advertising cookies, tracking pixels, or third-party analytics cookies. If Google Analytics is enabled, it operates under Google's privacy policy and you may opt out via Google's opt-out tool.
We apply reasonable technical and organizational security measures, including:
No transmission or storage method is 100% secure. While we take these protections seriously, we cannot guarantee absolute security. In the event of a breach that affects your data, we will notify you promptly (see Section 12).
Depending on your location, you may have the following rights regarding your personal data:
| Right | What It Means |
|---|---|
| Access | Request a copy of the personal data we hold about you |
| Correction | Request that we correct inaccurate or incomplete information |
| Deletion | Request that we delete your personal data (subject to legal retention obligations) |
| Portability | Receive your data in a structured, machine-readable format (JSON or CSV) |
| Restriction | Request that we limit how we use your data while a dispute is resolved |
| Objection | Object to processing based on legitimate interest (e.g., analytics) |
| Withdraw consent | Opt out of any processing based on consent (e.g., marketing) at any time |
To exercise any right, contact us at [email protected] or via our contact page. We will respond within 30 days (GDPR requires 1 month; we aim for faster). No fee is charged for standard requests. We may ask you to verify your identity before processing a request.
If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the CPRA grants you additional rights:
To submit a CCPA request, contact us at [email protected] with the subject line "CCPA Request." We will verify your identity and respond within 45 days, with a possible 45-day extension if needed.
Categories of personal information collected in the past 12 months: Identifiers (name, email, IP address); commercial information (invoices, payments); internet activity (page visits, feature usage); professional information (company name, industry).
Source: Directly from you and automatically from your use of the platform. Business purpose: Service delivery, billing, security, and support. Disclosed to: Sub-processors listed in Section 5 only.
In the event of a data security incident that poses a risk to your personal information:
To report a suspected security issue, email [email protected] with the subject "Security Issue."
Our services are not directed to children under 16 years of age. We do not knowingly collect personal information from minors. If we become aware that we have collected data from a child under 16 without verifiable parental consent, we will delete it promptly. If you believe we may have data about a child, please contact us.
EdgeVenture is based in the United States. If you access our services from outside the US (including from the EEA or UK), your data will be transferred to and processed in the United States. The US may not offer the same level of data protection as your home country.
We rely on the following safeguards for international transfers:
We may update this Privacy Policy from time to time. We will revise the "Last updated" date at the top when we do. For material changes, we will notify you by email and/or through a notice in your client portal at least 14 days before the change takes effect. Continued use of the service after the effective date constitutes acceptance of the updated policy.
EdgeVenture is the data controller for information collected through this platform.
Related documents: Terms of Service · Data & Compliance