This Policy explains how AVINITY ("we", "us") collects and processes personal data when you use our platform, marketing site and support channels.
1. Data we collect
- Account data: name, email, workspace, role.
- Usage data: pages visited, features used, browser and device.
- Customer content: projects, decisions, benefits and other data you enter.
- Communications: support tickets and email correspondence.
2. How we use it
To operate the Service, authenticate users, provide support, improve product quality, detect abuse, and meet legal obligations. We do not sell personal data.
3. Legal bases (GDPR)
Contract performance, legitimate interests (product improvement, security), consent (marketing), and legal obligation.
4. Sub-processors
We rely on trusted infrastructure providers for hosting, database, email and AI inference. A current list is available on request from privacy@avinityconsulting.com.
5. Data retention
Customer Data is retained for the duration of your subscription plus 30 days for export. Audit logs are retained for 24 months. Backups are rotated within 30 days.
6. Security
Data is encrypted in transit (TLS 1.2+) and at rest. Access is scoped by row-level security and audited. Only your workspace admins can access your workspace data.
7. Your rights
Subject to applicable law, you may request access, rectification, deletion, portability or restriction of your personal data. Contact privacy@avinityconsulting.com.
8. International transfers
Where data is transferred outside your jurisdiction, we rely on Standard Contractual Clauses or equivalent safeguards.
9. Changes
We will notify workspace admins of material changes at least 30 days before they take effect.

