Privacy Policy
Last updated: 22 April 2026
Contents
Data Controller: Volodymyr Franko, sole proprietor (self-employed), trading as Vexar.io, based in Dublin, Ireland. Contact: legal@vexar.io.
1. Data we collect
When you use Vexar.io, we collect the following categories of personal data:
- Account data: name, email, hashed password, language preference.
- Billing data: payment method tokens (via Stripe), invoice history, billing address. We never store full card numbers — they are stored by Stripe.
- Usage data: pages created, last login, IP addresses, browser type, action logs.
- Customer site data: content you publish (text, images, products), site configuration.
- Communications: support tickets, chat messages with our team.
2. Why we collect it
- To provide the Service (host your site, send notifications, process payments).
- To improve the platform (anonymous usage analytics).
- To prevent abuse and respond to security incidents.
- To comply with legal obligations (tax, anti-fraud, data-retention laws).
Legal basis under GDPR Article 6: contract performance (1.b), legitimate interest (1.f), consent for marketing (1.a), legal obligation for billing records (1.c).
3. Sharing with third parties
We share minimum necessary data with the following processors, each bound by a Data Processing Agreement:
| Processor | Purpose | Region |
|---|---|---|
| Stripe | Payment processing, card storage | EU/US |
| Amazon SES | Transactional email delivery | EU (eu-west-1) |
| Telegram | Customer notifications (opt-in) | Global |
| Anthropic / OpenAI | AI content generation (opt-in) | US |
We do not sell, rent or trade your personal data. We may disclose data to law enforcement when required by valid legal process.
4. Data retention
- Active account data: retained for the lifetime of the account.
- Deleted account data: 30-day recovery grace period, then permanent deletion.
- Billing records: 7 years (legal tax requirement).
- Server logs: 90 days, then anonymised or deleted.
- Daily backups: 7 days rolling, encrypted, off-site.
5. Security
We employ the following technical and organisational measures:
- TLS 1.2+ encryption for all data in transit.
- Encrypted database backups, off-site storage.
- Firewall (UFW), intrusion prevention (Fail2ban), regular security patches.
- Limited admin access (key-based SSH, IP allow-listing, audit logs).
- Bcrypt password hashing.
6. Your rights (GDPR)
If you are a resident of the EU/EEA you have the right to:
- Access a copy of your personal data.
- Rectify inaccurate data.
- Erase data («right to be forgotten»), subject to legal retention obligations.
- Restrict or object to processing.
- Portability: receive your data in a machine-readable format.
- Withdraw consent at any time (where consent was the basis).
- Lodge a complaint with your national data protection authority.
To exercise any of these rights, contact info@vexar.io. We respond within 30 days.
7. Cookies
We use the following cookie categories:
- Essential (session, CSRF, language) — cannot be disabled.
- Analytics (aggregated usage stats) — opt-in via cookie banner.
We do not use third-party advertising or tracking cookies.
8. Contact
Data Protection contact: info@vexar.io.