Privacy Policy
Last updated: 30 March 2026
This Privacy Policy explains how Vivotiv ("we", "us", "our") collects, uses, and protects your personal data when you use vivotiv.com and vivotiv.se (the "Service").
1. Data Controller
Vivotiv
Email: hello@vivotiv.com
If you have questions about how we handle your personal data, contact us at that address.
2. What Data We Collect
Scan submissions
When you submit a website scan, we collect your email address and the website URL you enter. This data is stored in our database so we can process the scan and send you the results.
Analytics data
If you consent to analytics cookies, we collect anonymized usage data including page views, session duration, device and browser type, and country-level location. This data is collected through PostHog and is only processed after you grant consent via the cookie banner.
Error and performance data
We use Sentry to monitor errors and application stability. When an error occurs, Sentry collects error messages, stack traces, browser and operating system metadata, and request URLs. Sentry does not set cookies. This data is processed based on our legitimate interest in maintaining a reliable service.
3. Legal Basis for Processing
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Processing website scans and delivering results | Consent — Art. 6(1)(a) |
| Sending scan results via email | Consent — Art. 6(1)(a) |
| Occasional follow-up communication about our services | Legitimate interest — Art. 6(1)(f) |
| Analyzing website usage to improve the service | Consent — Art. 6(1)(a) |
| Error monitoring and application stability | Legitimate interest — Art. 6(1)(f) |
4. Data Processors (Sub-processors)
We share data with the following third-party processors to operate the Service:
| Processor | Purpose | Location |
|---|---|---|
| Supabase | Database (scan data, email storage) | EU (AWS eu-west-1) |
| Vercel | Hosting | US / EU |
| one.com | Transactional email (SMTP) | EU |
| PostHog | Product analytics (page views, feature usage) | EU |
| Sentry | Error monitoring and application stability | US |
| Cloudflare | API hosting (Cloudflare Workers) | US / EU |
| Railway | Background job processing (scan pipeline) | US |
5. International Data Transfers
Some of our processors (Vercel, Sentry, Cloudflare) operate in the United States. Where personal data is transferred outside the EU/EEA, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection. We have Data Processing Agreements in place with all processors that handle personal data.
6. Data Retention
| Data | Retention period |
|---|---|
| Email and URL from scan submissions | 12 months after last scan, or until deletion request |
| Analytics data (PostHog) | 24 months |
| Error reports (Sentry) | 90 days |
| Cookie consent records | 5 years |
7. Your Rights
Under the GDPR you have the right to:
- Access — request a copy of the personal data we hold about you.
- Rectification — ask us to correct inaccurate data.
- Erasure — ask us to delete your personal data.
- Restriction — ask us to restrict processing in certain circumstances.
- Data portability — receive your data in a machine-readable format.
- Object — object to processing based on legitimate interests.
- Withdraw consent — withdraw consent at any time via the Cookie Preferences link in the footer.
To exercise any right, email us at hello@vivotiv.com. We will respond within 30 days.
8. Supervisory Authority
You have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY) at imy.se.
9. Changes to This Policy
We may update this policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision.