Privacy Policy

Last updated: February 15, 2026

VortexHQ ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use the VortexHQ application and services.

We are based in the Republic of Bulgaria, a member state of the European Union. We comply with the General Data Protection Regulation (GDPR) and applicable Bulgarian data protection laws.

1. Data We Collect

a) Account Data

  • Name and email address (required for registration)
  • Hashed password (we never store plaintext passwords)
  • Subscription status and billing information

b) Device & Technical Data

  • Machine fingerprint (hardware hash for account verification — not personally identifiable)
  • Operating system, app version, and platform
  • IP address (for security and rate limiting)
  • Session data and authentication tokens

c) Usage Data

  • Feature usage counters (e.g., AI requests per month)
  • SMTP test email metadata (sender, recipient, subject — for your testing purposes)
  • API request logs (for rate limiting and abuse prevention)

d) Cloud Sync Data

  • SSH/FTP/SQL connection configurations (encrypted)
  • API cluster data you choose to sync
  • Nexus membership and collaboration data

2. How We Use Your Data

We use your data to:

  • Provide and maintain the Service
  • Authenticate your identity and validate your subscription
  • Process payments and manage subscriptions
  • Enforce rate limits and prevent abuse
  • Send important service communications (security alerts, billing)
  • Improve the Software based on aggregated usage patterns

We do NOT:

  • Sell your personal data to third parties
  • Use your data for advertising
  • Share your connection credentials with anyone
  • Read the content of your test emails (they are only stored for your use)

3. Legal Basis (GDPR)

We process your data based on:

  • Contract: Necessary to provide the Service you subscribed to (Art. 6(1)(b) GDPR)
  • Legitimate Interest: Security, fraud prevention, and service improvement (Art. 6(1)(f) GDPR)
  • Consent: For optional marketing communications (Art. 6(1)(a) GDPR)
  • Legal Obligation: Tax and financial record-keeping (Art. 6(1)(c) GDPR)

4. Data Storage & Security

  • Data is stored on secure servers within the European Union
  • All data in transit is encrypted via TLS/HTTPS
  • Passwords are hashed using bcrypt
  • Local data on your device is encrypted using AES-256
  • We implement rate limiting and IP blocking to prevent brute-force attacks
  • Access to our infrastructure is restricted and audited

5. Data Retention

  • Active accounts: Data retained for the lifetime of your account
  • Cancelled subscriptions: Cloud data retained for 30 days, then deleted
  • Deleted accounts: All personal data deleted within 30 days of request
  • Test emails: Auto-pruned based on per-credential limits (max 50 per credential)
  • Logs: Security and access logs retained for up to 90 days

6. Your Rights (GDPR)

As an EU resident, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Receive your data in a structured, machine-readable format
  • Restriction: Restrict processing of your data
  • Objection: Object to processing based on legitimate interest
  • Withdraw Consent: Withdraw consent for optional processing at any time

To exercise these rights, contact privacy@vortexhq.dev. We will respond within 30 days.

7. Third-Party Services

We use the following third-party services:

  • Stripe: Payment processing (see Stripe Privacy Policy)
  • AI Providers (Anthropic, OpenAI): When you use AI features, your prompts are sent to these providers (see their respective privacy policies)

We do not share your personal data with third parties except as necessary to provide the Service.

8. Cookies & Local Storage

The desktop application uses local storage and encrypted files on your device. Our website may use essential cookies for authentication. We do not use tracking or advertising cookies.

9. Children's Privacy

The Service is not directed at children under 16. We do not knowingly collect data from children. If we become aware of such collection, we will delete the data promptly.

10. International Transfers

Your data is processed within the EU. If any processing occurs outside the EU, we ensure adequate protection through Standard Contractual Clauses or equivalent safeguards.

11. Changes to This Policy

We may update this Privacy Policy. Material changes will be communicated via email or in-app notification. Continued use after changes constitutes acceptance.

12. Contact & Data Protection Officer

For privacy-related inquiries:

  • Email: privacy@vortexhq.dev
  • You may also lodge a complaint with the Commission for Personal Data Protection of Bulgaria (CPDP).

Last updated: February 16, 2026

Terms of Service End User Agreement Refund Policy