Privacy Policy
Platform Version — Last Updated: October 31, 2025
Applies to applications on the Solvedio platform, including Daily Controls.
Controller / Processor: Solvedio, J.S.A., myhive Vajnorská 100/B, 831 04 Bratislava, Slovakia, ID: 53 910 389, registered in the Commercial Register of Bratislava III District Court, section Sja, file No. 187/B
Contact: help@solvedio.com | legal@solvedio.com
1. Introduction
This Privacy Policy explains how we process personal data of users of our SaaS products built on the Solvedio platform, including the Daily Controls application.
By using the Service, you confirm that you have read and understood this policy.
This policy complies with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data (“GDPR”).
2. GDPR Roles
- Customer (organization) = Data Controller
- Solvedio, J.S.A. = Data Processor acting on behalf of the Customer
- Free or trial users = Solvedio acts as the Data Controller
The relationship between the Customer and Solvedio is governed by the Data Processing Agreement (DPA).
3. What Data We Process
- Account data: name, email, organization, password, system role, optionally photo, job title
- Activity data: interactions, logs, IP address, browser type, access time, performance metrics
- User-created data: notes, files, skill assessments, comments, goals
- Communication data: support messages, feedback, incidents
We do not collect any special categories of personal data under Article 9 GDPR (e.g. health data, religious beliefs, political opinions).
4. Purposes and Legal Bases
| Purpose | Legal Basis |
|---|---|
| Account provision and management | Performance of contract (Art. 6(1)(b)) |
| Operations, maintenance and security | Legitimate interest (Art. 6(1)(f)) |
| User support | Performance of contract / legitimate interest |
| Analytics and product improvement | Legitimate interest or consent (for cookies) |
| Marketing (consent-based only) | Consent (Art. 6(1)(a)) |
| Fulfillment of legal obligations | Art. 6(1)(c) GDPR |
5. Recipients and Sub-processors
We share data only to the extent necessary with:
- Microsoft Azure (EU – Frankfurt) – hosting, computing resources
- Amazon AWS (EU – Frankfurt) – hosting, computing resources
- SendGrid (EU/USA) – sending notifications
- Aspecta – parent company providing service operations
- AI providers (only when AI features are active) – process text queries, never store content or use it for training
- Legal and technical partners – in case of rights protection or audit
Each sub-processor is bound by a written data processing agreement under Article 28 GDPR.
6. International Data Transfers
Processing takes place primarily in the EU (Germany, Frankfurt).
If data is transferred outside the EU, Standard Contractual Clauses (SCC) or the EU-US Data Privacy Framework apply.
7. Data Retention
| Category | Retention Period |
|---|---|
| User account | Duration of contract + 30 days (with export option), then deletion |
| User-created content | Until deleted by user or contract termination |
| Logs and system records | 6–24 months, then anonymization |
| Accounting and contractual data | As required by law (typically 10 years) |
8. Security
We use TLS 1.2/1.3, encryption of data at rest, multi-level access controls, regular audits, backups, and internal security policies.
Our employees and partners are regularly trained on security and data protection principles.
In the event of a data security incident, affected individuals and customers will be notified within 72 hours of discovering the breach pursuant to Article 33 GDPR.
9. Your Rights
You have the right to access, rectification, erasure, portability, restriction of processing, objection, and withdrawal of consent.
Send requests to help@solvedio.com.
You have the right to file a complaint with the Slovak Office for Personal Data Protection.
We respond to requests without undue delay, no later than 30 days from receipt.
10. Automated Processing and AI
The Service does not perform automated decision-making with legal effects under Article 22 GDPR.
AI features serve solely as a support tool and do not process personal data outside the context of the user session.
11. Children
The Service is not intended for individuals under 16 years of age.
If we learn that we have processed data of a child without parental consent, we will delete the data.
12. Changes and Notifications
We may update this policy. We will inform you of changes through the application or by email.
The latest version is always available in the application under the Privacy section.
Contact
Solvedio, J.S.A.
myhive Vajnorská 100/B, 831 04 Bratislava, Slovak Republic
help@solvedio.com | legal@solvedio.com