Privacy Policy

How we collect, use, and protect your personal information

1. Information We Collect

Contact Information

Name, email address, phone number, company name, job title, and business address when you contact us or engage our services.

Technical Information

During technical audits and consulting engagements, we may access code repositories, system logs, architecture documentation, and other technical data as necessary for service delivery.

Website Analytics

IP address, browser type, device information, pages visited, and usage patterns through cookies and analytics tools (Google Analytics).

2. How We Use Your Information

  • Service Delivery: To provide CTO consulting services, technical audits, and other professional services as contracted.
  • Communication: To respond to inquiries, provide project updates, and maintain professional relationships.
  • Legal Compliance: To comply with legal obligations, resolve disputes, and enforce our agreements.
  • Business Development: To improve our services and develop new offerings (using aggregated, anonymized data only).

3. GDPR Rights (EU Residents)

Under the EU General Data Protection Regulation, you have the following rights:

  • Right to Access: Request copies of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your personal data
  • Right to Restrict Processing: Request limitation of data processing
  • Right to Data Portability: Request transfer of your data
  • Right to Object: Object to processing of your personal data

To exercise these rights, contact us at privacy@denvy.co. We will respond within 30 days.

4. Data Sharing and Disclosure

We Do Not Sell Data

We never sell, rent, or trade your personal information to third parties.

Service Providers

We may share data with trusted service providers (hosting, analytics, payment processing) who are bound by confidentiality agreements.

Legal Requirements

We may disclose information if required by law, court order, or to protect our legal rights.

5. Data Security

Encryption

All data transmission uses TLS encryption. Stored data is encrypted at rest using AES-256.

Access Controls

Access to personal data is limited to authorized personnel on a need-to-know basis. All access is logged and monitored.

Security Audits

We conduct regular security audits and penetration testing to identify and address vulnerabilities.

6. Data Retention

Business Records: Client data is retained for 7 years after engagement completion for legal and tax compliance.

Technical Data: Code and system data accessed during audits is deleted within 90 days of project completion unless retention is required for ongoing services.

Marketing Data: Contact information for prospects is retained for 3 years unless unsubscribe is requested.

Website Analytics: Anonymous usage data is retained for 26 months.

7. Cookies and Tracking

Essential Cookies

Required for website functionality, security, and user authentication.

Analytics Cookies

Google Analytics to understand website usage and improve user experience. You can opt out using browser settings or Google's opt-out tool.

Marketing Cookies

We do not use marketing or advertising cookies. No third-party tracking for advertising purposes.

8. International Data Transfers

EU-US Transfers: When transferring EU personal data to the US, we use Standard Contractual Clauses approved by the European Commission.

Data Processing Locations: Data is primarily processed in Austria (EU) and may be processed in the United States for US clients.

Safeguards: All international transfers include appropriate safeguards to ensure data protection equivalent to EU standards.

9. Children's Privacy

Our services are designed for businesses and individuals 18 years or older. We do not knowingly collect personal information from children under 16 (or under 13 in the US). If we learn that we have collected such information, we will delete it immediately.

10. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of material changes by:

  • Email notification to active clients
  • Prominent notice on our website
  • Updated "Last Modified" date below

Contact Us About Privacy

Questions or concerns about this Privacy Policy or our data practices:

Privacy Officer: privacy@denvy.co

Data Protection Officer (EU): dpo@denvy.co

Mail: Denvy Co., Mariahilfer Strasse 123, 1060 Vienna, Austria

Phone: +43 (12) 345-6789 (EU) | +1 (234) 567-8900 (US)

EU Supervisory Authority: If you are in the EU and believe we have violated GDPR, you may file a complaint with the Austrian Data Protection Authority (Datenschutzbehörde) or your local data protection authority.

Last updated: October 3, 2025
Effective date: October 3, 2025