Privacy Policy — Ebivon

1. Who we are

Ebivon operates the AI governance and EU AI Act compliance platform available at ebivon.com. This Privacy Policy explains how we collect, use, and protect your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable data protection law.

2. Data we collect

We collect the following categories of data:

Account data: Your name and email address, collected when you sign up via our authentication provider (Clerk).
AI system data:Descriptions, intake questionnaire responses, and classification results for the AI systems you register in Ebivon. This data relates to your organisation's business operations, not to individuals.
Usage data: Log data including pages visited, actions taken, and feature usage, used to improve the platform.
Uploaded documents: Any files you upload as supporting evidence for your compliance records.

3. How we use your data

We use your data to:

Provide, operate, and improve the Ebivon platform
Authenticate your account and maintain security
Generate AI Act classifications and compliance reports
Respond to support requests
Comply with our legal obligations

We do not use your data for advertising, sell it to third parties, or use it to train AI models.

4. Legal basis for processing

We process your personal data on the following legal bases under GDPR Article 6:

Contract: Processing necessary to deliver the service you have signed up for
Legitimate interests: Platform security, fraud prevention, and service improvement
Legal obligation: Where required by applicable law

5. Data retention

We retain your account and system data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required by law to retain it longer.

6. Third-party services

We use the following third-party sub-processors to deliver the service:

Clerk — authentication and user management
PostgreSQL hosting provider — encrypted database storage

All sub-processors are bound by data processing agreements and comply with GDPR.

7. Your rights

Under GDPR, you have the right to:

Access the personal data we hold about you
Correct inaccurate data
Request deletion of your data (“right to be forgotten”)
Object to or restrict processing of your data
Data portability
Lodge a complaint with your national data protection authority

To exercise any of these rights, contact us through the Ebivon platform.

8. Security

We implement appropriate technical and organisational measures to protect your data, including encrypted data storage, authenticated API access, and organisation-scoped data isolation. All data is transmitted over HTTPS.

9. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting an updated version on this page with a revised date. Continued use of the platform after changes are posted constitutes acceptance of the updated policy.

10. Contact

For privacy-related enquiries or to exercise your data rights, please contact us through the Ebivon platform. You may also contact us at the email address listed on our website.