Last updated:
NvisionData is a privacy-first analytics platform. This policy explains what we collect, why we collect it, and the choices you have. We've tried to write it the way we speak about it internally — short paragraphs, plain English, no boilerplate we don't actually mean.
NvisionData is operated by Nvision Data Solutions SRL, a company registered in Romania (registration ID nvision-data-solutions-srl-zy). For any privacy-related question you can reach us at privacy@nvisiondata.com.
This policy applies to nvisiondata.com, analytics.nvisiondata.com, and any subdomain we operate. It does not apply to websites that happen to use NvisionData as their analytics provider — those sites have their own privacy policies and are responsible for them.
Privacy law (GDPR, the UK GDPR, similar regimes) distinguishes between the controller of personal data — the party that decides what to collect and why — and the processor that handles it on the controller's behalf. NvisionData operates in both roles depending on the data:
nvisiondata.com) using our own product.The rest of this policy covers our role as a controller. For the processor side — how we handle events on a customer's behalf — see our Data Processing Agreement.
We collect three categories of data, and only what we actually use.
1. Account data. When you create a NvisionData account we store your email address, your display name (if you provide one), and the workspace and property identifiers tied to your account. We use OAuth (Google) or passwordless magic links — we do not store passwords.
2. Billing data. Paid customers go through Stripe. Stripe holds the card number, expiry, and billing address; we receive a Stripe customer ID, the last four digits of the card, the billing email, and invoice metadata. Card numbers never touch our servers.
3. Product-usage events. When you use the console (analytics.nvisiondata.com) we record minimal telemetry — page views, property switches, errors, response timing — using NvisionData itself, with the same consent-aware pipeline our customers use. We do not record session replays, mouse movements, scroll heatmaps, or anything similar.
4. Support conversations. Email threads with our support team are stored in our email provider for as long as we need to keep the conversation useful.
Each category above maps to a narrow purpose:
For users in the European Economic Area, the United Kingdom, and Switzerland, we rely on two legal bases under the GDPR:
Where we ask for consent (for example, to send you marketing email), we record the consent and you can withdraw it at any time without affecting your access to the service.
Retention windows depend on the dataset. The defaults below match our pricing tiers; on paid tiers customers can extend raw-event retention indefinitely (they pay the storage cost).
If you're an EEA, UK, or Swiss resident — and in many other jurisdictions with equivalent rights — you can ask us to:
The fastest path is the in-product DSAR flow at /settings/dsar. If you can't reach the console for any reason, email privacy@nvisiondata.com and we'll handle it manually within 30 days.
If you're a visitor of a site that uses NvisionData (rather than a NvisionData customer), please contact that site's operator first — they are the controller of their analytics data and we can only act on their instructions.
We use a small number of vendors to operate the service. The current list — names, role, region — lives at /legal/sub-processors and is updated whenever a vendor is added or removed.
NvisionData Cloud runs in the European Union by default — Hetzner Frankfurt for collectors and workers, ClickHouse Cloud EU for the event store, Vercel EU for the console. Personal data of EU residents stays in the EU.
Three vendors we depend on (Stripe, Sentry, Cloudflare) are headquartered in the United States and may process limited operational data — billing records, error reports, edge traffic metadata — outside the EU. For those flows we rely on the European Commission Standard Contractual Clauses and the additional safeguards each vendor publishes.
We're currently working through SOC 2 Type I — Security, Availability, and Confidentiality. Auditor engagement is planned for Q3 2026; we'll publish the report here once it's complete. We do not claim SOC 2, ISO 27001, or HIPAA today.
What is in place:
If you find a security issue, please email security@nvisiondata.com. We respond within two business days.
NvisionData is not designed for children. We do not knowingly collect data from people under 16. If you believe a child has provided us data, contact privacy@nvisiondata.com and we'll delete it.
When we change this policy we update the “Last updated” date at the top. For changes that meaningfully affect what we collect or how we use it, we'll also email customers and post a note on /changelog at least 14 days before the change takes effect.
For privacy questions: privacy@nvisiondata.com.
For everything else legal: legal@nvisiondata.com.
Postal: Nvision Data Solutions SRL, Romania. Registration ID nvision-data-solutions-srl-zy.