Privacy Policy

1. Controller

Ruvix is currently a free live preview operated by Shpetim Islami, an individual based in Austria. For GDPR purposes, Shpetim Islami is the controller for the personal data described in this policy.

Contact: privacy@ruvix.io. Full operator details are available in the Legal Notice.

2. Data we collect

Waitlist and preview access

Name, email address, optional company name, what you want to automate, how you heard about Ruvix, invitation status, invitation tokens, and related timestamps.

Account data

Name, email address, hashed password, team/workspace details, role, invitation and authentication records, and account security events.

Workflow and app data

Workflows, node configuration, connection metadata, encrypted credentials or secrets you configure, execution status, timing, logs, errors, and output needed to run and troubleshoot workflows.

Technical and security data

IP address, user agent, session identifiers, request metadata, diagnostic logs, and similar data used to operate the service, keep accounts secure, prevent abuse, and investigate incidents.

Communications

Messages sent by email, the contact form, support requests, vulnerability reports, and replies.

3. Why we process data

• Preview access and accounts: to manage the waitlist, invitations, accounts, authentication, and workspace access (GDPR Art 6(1)(b)).
• Operating Ruvix: to run workflows, store configurations, process app requests, and provide support (Art 6(1)(b)).
• Security and abuse prevention: to protect accounts, investigate errors, prevent misuse, and maintain service reliability (Art 6(1)(f)).
• Product emails: to send preview access, service, and product updates where you requested or can reasonably expect them; optional marketing emails are sent only with consent where required (Art 6(1)(a) or Art 6(1)(f)).
• Legal duties: to comply with applicable legal obligations (Art 6(1)(c)).

4. Retention

• Waitlist records: until you withdraw, are onboarded, or the preview/waitlist is closed, plus a short cleanup period.
• Account data: while your account exists, then deleted or anonymised after account deletion unless retention is needed for security, legal, or dispute reasons.
• Workflow configuration and execution data: while needed to provide the preview service; logs are normally kept for up to 90 days unless needed longer for security or troubleshooting.
• Security logs: normally up to 180 days, unless an incident requires longer retention.
• Support and contact messages: up to 24 months after the last interaction.

5. Providers and subprocessors

Ruvix uses service providers only to operate the website, waitlist, app, email, support, and security monitoring. The current provider list is:

• Hosting and infrastructure: Hetzner - EU hosting and infrastructure
• Database infrastructure: Hetzner - managed or self-operated database infrastructure & NeonDB
• Transactional email: Resend - transactional email
• Error monitoring and diagnostics: NewRelic - error monitoring and diagnostics
• Contact form: Direct email or the configured contact form endpoint
• Marketing-website analytics: Cloudflare Web Analytics (Cloudflare, Inc., USA) - cookie-less aggregate visit metrics for the marketing website. See the Cookie Policy for details.

Ruvix does not sell personal data and does not share personal data for third-party advertising.

6. International transfers

Ruvix aims to keep preview processing in the EU/EEA where practical. If a provider processes personal data outside the EU/EEA, Ruvix relies on an adequacy decision or appropriate safeguards such as the European Commission's Standard Contractual Clauses.

7. Your rights

Under the GDPR, you may have the right to:

• Access the personal data held about you;
• Request correction of inaccurate data;
• Request deletion of data;
• Restrict processing;
• Receive data in a portable format;
• Object to processing based on legitimate interests;
• Withdraw consent where processing is based on consent.

To exercise these rights, email privacy@ruvix.io. Ruvix aims to respond within one month.

You may also lodge a complaint with the Austrian Data Protection Authority (Datenschutzbehörde) at www.dsb.gv.at, or with the supervisory authority in your EU country of residence.

8. Security

Ruvix uses technical and organisational measures designed for a preview-stage service, including TLS, access controls, encrypted secrets where implemented, tenant separation, backups, and monitored logs. No internet service is completely secure. If Ruvix becomes aware of a personal data breach that meets the GDPR notification threshold, affected users and/or the relevant authority will be notified as required by law.

9. Cookies

See the Cookie Policy for information about cookies, session storage, local storage, and similar technologies.