Privacy Policy

Last updated: March 17, 2026

Introduction

Isolvio ("we", "our", or "us") operates the Isolvio service (the "Service"). This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data.

Information Collection and Use

We collect several different types of information for various purposes to provide and improve our Service to you.

Types of Data Collected:

  • Personal Data: Email address, name, and account preferences when you register.
  • Billing Information: Payment method details (processed securely through Stripe), billing address, and transaction history.
  • Database Information: We do not store your database backups. Backups are created and immediately transferred to your storage location (S3-compatible or other storage type), then deleted from our systems.
  • Usage Data: Information about how you interact with the Service (IP address, browser type, pages visited, timestamps).
  • Device Data: Device type, operating system, and unique device identifiers.

How We Use Your Information

Isolvio uses the collected data for various purposes:

  • To provide and maintain our Service
  • To process transactions and send related information
  • To send transactional emails (account confirmations, password resets, backup notifications)
  • To monitor and analyze usage patterns to improve our Service
  • To detect, prevent and address fraud and other illegal activities
  • To comply with legal obligations

Data Retention

Isolvio will retain your Personal Data only for as long as necessary for the purposes set out in this Privacy Policy. Specific retention periods are:

  • Account Information: Retained for the duration of your account, plus 90 days after account deletion for legal compliance purposes
  • Billing & Transaction Data: Retained for 7 years to comply with Dutch tax and accounting regulations
  • IP Addresses & Device Data: Retained for 90 days for security, fraud detection, and usage analysis purposes. After 90 days, this data is automatically deleted
  • Email Communications: Retained for the duration of the account or until you request deletion
  • Database Backups: We do not store your database backups. Backups are created and immediately transferred to your chosen storage location (S3-compatible or other type of storage), then permanently deleted from our infrastructure within 24 hours of creation. We have no access to or copy of your backed-up data

You can request deletion of your personal data at any time, subject to legal retention requirements.

Security of Data

The security of your data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. We implement the following security measures:

  • Data Transmission: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher (HTTPS)
  • Database Security: Sensitive data (passwords, API keys) are hashed and encrypted at rest using industry-standard algorithms
  • Payment Processing: All payment processing is handled by Stripe, which maintains PCI-DSS Level 1 compliance and uses advanced encryption standards
  • Access Control: Access to personal data is restricted to authorized personnel only and protected by secure authentication
  • Regular Updates: We maintain up-to-date security patches and conduct regular security reviews

While we implement these security measures, we cannot guarantee absolute security against all potential threats. You are responsible for maintaining the confidentiality of your login credentials.

Account Security & Two-Factor Authentication

We strongly encourage you to secure your account with additional security measures:

  • Strong Passwords: Use a unique, strong password for your Isolvio account. We recommend using a password manager to generate and store complex passwords
  • Two-Factor Authentication (2FA): We offer Two-Factor Authentication to add an extra layer of security to your account. 2FA works with any authenticator app, including:
    • Google Authenticator
    • Microsoft Authenticator
    • Authy
    • 1Password
    • Bitwarden
    • Any other TOTP (Time-based One-Time Password) compatible authenticator app
  • How 2FA Works: When you enable 2FA, you'll be required to enter a verification code from your authenticator app in addition to your password when signing in. This means even if someone obtains your password, they cannot access your account without your authenticator device
  • Recovery Codes: When you set up 2FA, we provide backup recovery codes that you can use to regain access to your account if you lose access to your authenticator app. Store these codes securely
  • Your Responsibility: We strongly recommend enabling 2FA to protect your account. You are responsible for:
    • Keeping your authenticator device secure
    • Protecting your recovery codes
    • Updating your 2FA settings if you change devices

💡 Tip: Enabling two-factor authentication is one of the most effective ways to secure your account. We recommend enabling it during account setup.

Third-Party Services

Our Service may use third-party services:

  • Stripe: For secure payment processing. Stripe handles all payment information and complies with PCI-DSS standards.
  • Your Cloud Storage: Backups are stored exclusively on your own S3-compatible or other type of storage. We do not access or store copies.

Marketing Communications

We respect your privacy regarding marketing communications. Here's how it works:

  • Transactional Emails: We will always send you transactional emails (account confirmations, password resets, backup notifications, billing notices) as these are necessary to operate your account
  • Marketing Emails (Opt-in): We only send marketing, promotional, or newsletter emails if you explicitly opt-in to receive them. We will not add you to marketing lists without your consent
  • Opting Out: You can unsubscribe from marketing emails at any time by clicking the "unsubscribe" link in any marketing email or by contacting us at support@isolvio.com
  • Email Preferences: You can manage your email preferences in your account settings to control which communications you wish to receive

Legal Basis for Processing (GDPR & Dutch Law)

Isolvio is based in the Netherlands and processes personal data in accordance with the General Data Protection Regulation (GDPR) and Dutch data protection laws. We process your data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide our Service and fulfill your account
  • Legal Obligation: Retention of billing records for 7 years as required by Dutch tax law (Wet op de vennootschapsbelasting). Authorities that may request data include the Dutch Tax and Customs Administration (Belastingdienst)
  • Legitimate Interest: Security, fraud prevention, and improvement of our Service
  • Your Consent: For marketing communications and optional analytics where you have explicitly consented

Under GDPR, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe we have violated your data protection rights.

Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data (subject to legal retention requirements)
  • Export your data in a portable format
  • Opt-out of marketing communications

To exercise these rights, please contact us at support@isolvio.com.

Data Breaches and Incident Response

We take data security seriously and have procedures in place to respond to potential data breaches:

  • Detection & Investigation: When we detect or become aware of a potential data breach, we immediately begin an investigation within 24 hours to determine the scope and nature of the incident
  • Notification Timeline: In accordance with GDPR Article 34, we will notify affected users without undue delay, and no later than 72 hours after becoming aware of a breach (unless an exception applies)
  • How We Notify: We will notify you via email sent to the address associated with your account, and may also post notifications on your account dashboard
  • What We'll Tell You: Our notification will include:
    • Description of the breach and affected data
    • Date and time the breach occurred (if known)
    • Likely consequences of the breach
    • Steps we are taking to remediate the situation
    • Recommended actions you should take to protect yourself
    • Contact information for our data protection officer
  • Authority Notification: If the breach affects a large number of users or poses a high risk, we will report the breach to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) as required by GDPR
  • Remediation: We will take immediate action to contain the breach, prevent further unauthorized access, and implement additional security measures

reCAPTCHA Protection

Isolvio uses Google reCAPTCHA v3 to protect our authentication pages (login, registration, password reset) from spam and automated abuse.

How reCAPTCHA Works: Google reCAPTCHA analyzes user interactions to determine if you are human or a bot. It operates invisibly in the background and does not require you to solve CAPTCHAs. The service collects certain data including:

  • Mouse movements and keyboard interactions
  • IP address
  • User agent and browser information
  • Time spent on the page

Google's Data Processing: Google is a subprocessor for reCAPTCHA data. Google processes this data according to their own privacy policies and terms. Your use of our Service in production automatically subjects you to reCAPTCHA data collection. For more information about how Google processes reCAPTCHA data, please refer to:

Your Rights: You have the right to object to reCAPTCHA processing. If you prefer not to have your interactions analyzed by reCAPTCHA, you may contact us at support@isolvio.com to discuss alternative authentication methods.

Subprocessors and Third-Party Vendors

We use several third-party vendors and subprocessors to provide and maintain our Service. These vendors process personal data on our behalf under strict data protection agreements. Below is a list of the primary subprocessors:

Infrastructure & Hosting

  • Cloud Hosting Provider: Infrastructure services for hosting our application and databases. Processes: IP addresses, account data, backup metadata
  • Database Backups: Automated backup services for redundancy and disaster recovery. Processes: encrypted backups of application data (not your database backups)

Payment Processing

  • Stripe: Payment processing and billing. Processes: payment method data, billing information, transaction history. Stripe is a PCI-DSS Level 1 compliant processor and operates under strict data protection standards

Monitoring, Logging & Analytics

  • Error Tracking & Monitoring: Services to monitor application performance, detect errors, and alert us to issues. Processes: error logs, performance metrics, anonymized usage patterns (no personally identifiable information)
  • Security Monitoring: Tools to detect and prevent suspicious activity, fraud, and unauthorized access. Processes: IP addresses, access logs, authentication events
  • Application Logging: Logs of user actions within the application for debugging and auditing purposes. Processes: account IDs, action timestamps, general activity information (not sensitive data)

Communication

  • Email Service Provider: For sending transactional and notification emails. Processes: email addresses, user names, notification content

Your Cloud Storage (Your Vendor)

  • S3-Compatible or Other Storage Provider: You choose and control your storage provider (e.g., AWS S3, DigitalOcean Spaces, MinIO, etc.). You provide credentials to Isolvio so we can transfer backups to your storage. The storage provider processes and stores your backup data. We have no control over their data handling practices

ℹ Important: All subprocessors are contractually obligated to process data only as instructed by us, maintain confidentiality, implement appropriate security measures, and comply with data protection regulations (GDPR, Dutch data protection law). You can request a full list of current subprocessors at any time by contacting support@isolvio.com.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Update the "Last updated" date at the top of this policy
  • Notify you by email if we make changes that materially affect your privacy rights
  • For minor clarifications or updates, we will post the changes directly without additional notification
  • Continue your use of the Service after a notification constitutes your acceptance of the updated policy

We encourage you to review this policy periodically to stay informed about how we protect your data.

Contact Us

If you have any questions about this Privacy Policy, data privacy concerns, or wish to exercise your data protection rights, please contact us:

Email: support@isolvio.com
Data Protection Officer inquiries: You can also contact us regarding any data protection or GDPR-related concerns