Privacy Policy

Back to Home

Last Updated: 5 February 2025

Table of Contents

Article 1. Introduction

This website and associated API and Dashboard (collectively referred to as "Service") are owned and operated by Vivacity BV, a limited liability company registered in the Netherlands. At PindaCaaS we understand that your privacy is important, and we are committed to protecting your personal data. This Privacy Statement explains how we collect, use, and share your information in accordance with the General Data Protection Regulation ("GDPR").

By using the Service, you agree to this Privacy Policy and our Terms and Conditions. If you do not agree with this Privacy Policy or our Terms and Conditions, you must not use the Service.

Article 2. Information We Process

2.1 Account Information

To provide you with our Service, we collect and process the following account information:

  • Email address (for authentication and communication)
  • Full name (to identify who we are doing business with)
  • Password (stored in encrypted form)
  • Usage data (such as login times and API usage)

2.2 Transaction Data

For our transaction categorization service, we process:

  • Transaction descriptions
  • Counterparty information

We deliberately avoid processing sensitive financial information such as:

  • Account holder details
  • IBAN numbers (both for inflows and outflows)
  • Transaction amounts
  • Any other sensitive financial data

2.3 Statistical Information

We collect non-identifiable statistical information about the Service usage, including:

  • Number of processed transactions
  • Categories assigned to transactions
  • Categorization methods used
  • General performance metrics

2.4 Website Analytics

To improve our service and understand how visitors interact with our website, we collect anonymous technical information during your visit. This information includes:

  • Browser type and version (e.g., Firefox/134.0)
  • Operating system (e.g., Linux)
  • Screen resolution (e.g., 3440x1440)
  • Browser language preference (e.g., en-US)
  • Country of access (e.g., NL)
  • Pages visited on our website
  • Referring website (if any)

This information is collected without using cookies and cannot be used to personally identify you. We use this data solely for statistical purposes to improve our website's user experience and performance. The data is processed anonymously and is not combined with any personal information.

Article 3. Grounds for Data Processing

We process personal data under the following legal grounds:

  • Contractual Necessity: We process your account information and transaction data as necessary to provide the Service, manage your registration, and enable your use of the Service.
  • Consent: For any processing activities not covered by contractual necessity, we will ask for your explicit consent. You can withdraw your consent at any time.

Article 4. How We Use Your Data

We use your data for the following purposes:

  • To provide and maintain our transaction categorization service
  • To improve our categorization algorithms and accuracy
  • To analyze usage patterns and optimize our service
  • To communicate with you about service updates and changes
  • To provide customer support and respond to your requests
  • To ensure the security and proper functioning of our service

Article 5. Data Protection

Your data is important to us and we take our role in protecting it very seriously. We implement robust security measures to ensure the confidentiality, integrity, and availability of our services and your data:

  • Our infrastructure is hosted on Cloudflare's global network using serverless architecture
  • All data is encrypted in transit and at rest using industry-standard encryption
  • We employ strict access controls and authentication mechanisms
  • Regular security audits and vulnerability assessments are conducted
  • All staff members use 2-factor authentication
  • We follow the principle of least privilege for system access

Article 6. Data Sharing

We do not share, sell, or disclose your data to third parties, except:

  • When required by law
  • As necessary to provide the Service
  • With service providers who assist in operating our Service (subject to appropriate data protection agreements)

Article 7. Data Retention

7.1 Transaction Data

We retain transaction data for only 300 seconds (5 minutes) after processing. This extremely short retention period ensures that your transaction data is only kept for the minimum time necessary to provide the categorization service.

7.2 Account Information

Account-related information is retained for the duration of your active subscription and up to 90 days after service termination.

7.3 Statistical Data

We retain non-identifiable statistical information (such as number of processed transactions, categories assigned, and categorization methods used) for analytical purposes. This data cannot be linked back to specific transaction information submitted by the user and helps us improve our service quality and performance.

Article 8. Your Rights

Under GDPR, you have several important rights. Here's a detailed explanation of each:

  • Right to Access: You have the right to obtain confirmation that personal data is being processed and, if so, access to that data. This includes the right to know what data we collect, how we use it, and who we share it with.
  • Right to Rectification: You have the right to have inaccurate or incomplete personal data corrected. If you believe any information we hold about you is incorrect, you can request its correction.
  • Right to Erasure ("Right to be Forgotten"): You have the right to have personal data erased under certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected, or when you withdraw consent.
  • Right to Restrict Processing: You have the right to request the limitation of processing when certain conditions are met, such as when you contest the accuracy of your data or when the processing is unlawful but you oppose erasure.
  • Right to Data Portability: You have the right to receive personal data in a structured, commonly used, and machine-readable format and to transfer that data to another controller without hindrance.
  • Right to Object: You have the right to object to the processing of personal data in certain situations, including processing based on legitimate interests or for direct marketing purposes.

To exercise any of these rights or if you have questions about this Privacy Policy, please contact our Data Protection Officer at [email protected].

Article 9. Updates to This Statement

We may update this Privacy Policy periodically to reflect changes in our practices or applicable laws. We will notify you of any material changes through the Service or via email. Your continued use of the Service after such modifications constitutes your acknowledgment of the modified Privacy Policy and your agreement to abide and be bound by the modified Privacy Policy and Terms and Conditions.