Vectavia
Sign in Create free account
Menu
Home Toolkit Regulatory Map Learn Advisory About Sign in Create free account
Privacy Policy

How Vectavia handles personal data.

Last updated: 2026-05-25

Vectavia Technology Ltd. is based in Malta and provides AI governance self-service tools and advisory services. This policy explains what personal data we collect, why we use it, and the choices available to users and website visitors.

1. Who controls the data

Vectavia Technology Ltd. is the controller for personal data collected through this website, the free workspace, account functions, and consultation forms. You can contact us through the website contact form.

2. Data we collect

We may collect account data, such as name, email address, password hash, Google sign-in identifier, and profile information returned by Google if you use Google sign-in. We also collect workspace data that you enter into the AI governance toolkit, including AI inventory records, risk library entries, GDPR screening responses, policy notes, vendor reviews, control assignments, monitoring reviews, and report records.

When you submit a consultation request, we collect the information you provide, such as name, email, company, country, service interest, and message. We may also process technical data such as IP address, browser information, session cookies, security logs, and basic request logs needed to operate and protect the service.

3. Why we use the data

We use personal data to provide accounts and the workspace, save governance records, send password reset emails, process contact requests, respond to advisory enquiries, protect the service from misuse, maintain security, and improve the reliability of the website.

4. Legal bases

Depending on the context, we process data because it is necessary to provide the service requested by the user, because we have a legitimate interest in operating and securing the website, because we need to respond to a consultation enquiry, or because we must comply with legal obligations.

5. Sensitive or confidential data

The toolkit is designed for high-level governance records. Users should not paste customer records, employee files, contracts, source code, credentials, medical or financial data, or confidential internal documents into the workspace. Use descriptions, categories, evidence references, and governance notes instead.

6. Service providers and transfers

We may use service providers for hosting, email delivery, authentication, and infrastructure. Data may be processed outside your country where those providers operate. Where required, we aim to use appropriate contractual and technical safeguards.

7. Retention

Account and workspace data is kept while the account remains active or as needed to provide the service. Users can delete their governance workspace data from the account area. Consultation requests and related communications may be kept for business records and follow-up unless deletion is requested and retention is not otherwise required.

8. Your rights

Depending on your location and applicable law, you may have rights to access, correct, delete, restrict, object to, or receive a copy of your personal data. You may also have the right to lodge a complaint with a data protection authority.

9. Security

We use reasonable technical and organizational measures to protect account and workspace data. No online service can guarantee perfect security, so users should avoid entering highly sensitive or confidential content into free-form fields.

10. Changes

We may update this policy as the service develops. The latest version will be posted on this page with an updated date.