Privacy Policy

This page is maintained by CloudVis and last updated on 19/07/2026.

1. Who we are

CloudVis operates the AI business dashboard reachable at cloudvis.nl. If you are a customer, we act as processor for the data you connect through your accounts; we act as controller for the account information you provide directly (email, company name, billing details).

2. Data we collect and store

  • Account data — email address, company name, authentication identifiers and subscription status.
  • Connected business data — records fetched from the integrations you enable (for example customers, invoices, orders and payments from Exact Online or other connected apps). Only the fields required for the analytics you enable are stored.
  • Usage data — technical logs needed to operate the service reliably, such as error reports and request metadata.
  • Communication data — emails or support messages you send us.

3. How we collect data

  • Directly from you — when you create an account, enter your company name, update billing details, or contact support.
  • Through integrations you authorise — when you connect a third-party service via OAuth, we read the data required for the features you enable through that service's API and, where available, receive real-time updates via webhooks.
  • Automatically — when you use the app, we generate server logs, error reports and usage metadata to keep the service secure and available.
  • From cookies and similar technologies — we use essential cookies to keep you signed in and to remember your session. We do not use third-party advertising or tracking cookies.

4. How we use your data

We use your data to provide and improve the CloudVis service: rendering KPI dashboards, generating insights and briefings, operating the AI assistant that answers questions based on your connected data, authenticating users, managing subscriptions, and keeping the platform secure. We do not sell your data, and we do not use your connected business data to train third-party foundation models.

5. Legal basis

We process your data on the basis of the contract we have with you (providing the service), our legitimate interest in keeping the service secure and reliable, and compliance with legal obligations. Where required by law, we ask for your consent (for example before enabling an optional integration) and you may withdraw that consent at any time.

6. Subprocessors

CloudVis relies on a small number of trusted infrastructure providers to host the application, store data and run AI inference. Data is transmitted over TLS and stored in access-controlled databases. Current subprocessors include our hosting, database, email, AI inference and payment providers. Contact us for the current list.

7. Retention and deletion

We keep data only as long as necessary:

  • Account data — kept for the duration of your subscription plus 7 years, to meet legal and tax record-keeping obligations.
  • Connected business data — kept while the integration is active. When you disconnect an integration, the mirrored data is deleted within 30 days.
  • Usage logs — kept for up to 90 days, unless longer retention is needed for security or legal reasons.
  • Communication and support data — kept for 2 years after the last interaction.

You can disconnect any integration at any time from the Connector Marketplace. You can also request deletion of your account and all associated data by emailing info@cloudvis.nl. We will action deletion requests within 30 days, unless we are legally required to keep certain records longer.

8. Your rights and withdrawing consent

Under the GDPR you have the right to access, correct, export, restrict and delete your personal data, and to object to certain processing. You can update your account information in the app, disconnect integrations in the Marketplace, or contact us at info@cloudvis.nl to exercise any of these rights or to withdraw consent you have previously given. We will respond within one month.

9. Security

We use TLS in transit and access-controlled, encrypted-at-rest databases. OAuth tokens for connected accounting systems (such as Exact Online) are additionally encrypted at the application level with AES-256-GCM before being stored, so they are not readable from raw database backups. Access to production data is restricted by role-based permissions and row-level security, we honour third-party rate limits and backoff signals, and we identify CloudVis to every upstream provider through a descriptive User-Agent header. We review access regularly and keep our dependencies up to date.

10. Contact

For privacy questions or to exercise your rights, email info@cloudvis.nl. See also our Terms of Use.