Preview Data Processing Terms
Processor terms for invited users who route personal data through Ruvix workflows.
1. Parties and role
Ruvix is currently a free live preview operated by Shpetim Islami, an individual based in Austria. These Preview Data Processing Terms apply when you use Ruvix to process personal data for which you act as controller and Ruvix acts as processor under the GDPR.
If you only join the waitlist or use Ruvix for your own account data, the Privacy Policy explains that processing instead.
2. Subject and duration
- Subject
- Processing personal data that you configure Ruvix workflows to store, transform, route, or transmit.
- Duration
- For as long as you use the preview service, plus the deletion and backup retention periods described in the Privacy Policy.
- Nature and purpose
- Hosting, storage, retrieval, transformation, workflow execution, logging, troubleshooting, and transmission between systems you connect.
- Data subjects
- Determined by you, such as your employees, customers, prospects, users, suppliers, or other contacts.
- Data categories
- Determined by you and your workflows. Do not process special-category, payment-card, health, criminal-offence, or other high-risk data without written approval.
3. Your instructions and responsibilities
Ruvix processes workflow personal data only based on your documented instructions, including the workflow configuration, connected systems, and actions you choose in the app. You are responsible for ensuring that your instructions are lawful, that you have the required notices and legal bases, and that connected third-party services are used according to their terms.
4. Confidentiality and access
Access to workflow personal data is limited to what is needed to operate, secure, troubleshoot, and support the preview service. Anyone authorised to access such data must be bound by confidentiality obligations.
5. Security measures
Ruvix uses preview-stage technical and organisational measures designed to protect workflow data, including:
- TLS for data in transit;
- Encryption for secrets and credentials where implemented;
- Tenant separation and access controls;
- Least-privilege operational access;
- Backups and restoration processes;
- Logging and monitoring for security, reliability, and troubleshooting.
6. Subprocessors
You authorise Ruvix to use providers needed to deliver the preview. The current provider list is:
- Hetzner - EU hosting and infrastructure
- Hetzner - managed or self-operated database infrastructure & NeonDB
- Resend - transactional email
- NewRelic - error monitoring and diagnostics
- Direct email or the configured contact form endpoint
- Cloudflare Web Analytics (Cloudflare, Inc., USA) - cookie-less aggregate visit metrics for the marketing website. Transfers to the United States are covered by the EU–US Data Privacy Framework or the European Commission's Standard Contractual Clauses, as applicable.
Ruvix will update this page when the provider list materially changes and will use providers under terms intended to protect personal data appropriately for the preview stage.
7. Data subject requests
If a data subject contacts Ruvix about personal data that you process through workflows, Ruvix will redirect the request to you where reasonably possible. Ruvix will provide reasonable assistance for access, deletion, correction, restriction, portability, or objection requests, taking into account the preview-stage nature of the service.
8. Personal data breaches
If Ruvix becomes aware of a personal data breach affecting workflow personal data, Ruvix will notify affected controllers without undue delay after becoming aware of the breach and provide information reasonably available about the nature of the incident, affected data, likely consequences, and measures taken or planned.
9. Return and deletion
During the preview, export and deletion features may be limited. Ruvix will delete or return workflow personal data where reasonably possible when you close your account or request deletion, unless retention is needed for security, legal, backup, or dispute reasons. Backup deletion follows the retention periods described in the Privacy Policy.
10. International transfers
Ruvix aims to use EU/EEA processing where practical. If workflow personal data is transferred outside the EU/EEA, Ruvix will rely on an adequacy decision or appropriate safeguards such as the European Commission's Standard Contractual Clauses.
11. Preview limitations
These terms are intended for a free preview, not for regulated production use. Do not route sensitive or business-critical personal data through Ruvix unless you have independently assessed the risk and received written approval for that use case.