Privacy Policy
EUSecureAI (Navwis Management ApS, CVR 33362773) · Last updated: April 2026
Who we are
EUSecureAI is operated by Navwis Management ApS, a Danish company (CVR 33362773) registered in Denmark, EU. Questions about this policy: privacy@eusecureai.com
What data we collect
- Account data — your email address. We do not store passwords; authentication uses email magic links.
- Organisation data — your organisation name and your role within it (owner or member).
- Documents you upload — files added to the Knowledge Base are stored and processed to power AI support features. You choose what to upload.
- Conversation data — chat messages are stored to provide conversation history within your session.
- Technical data — standard server logs (IP address, timestamps, request paths) for security and debugging. Not used for profiling.
Why we process your data (legal basis)
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Providing the service (auth, AI answers) | Performance of a contract (Art. 6(1)(b)) |
| Storing uploaded documents for AI retrieval | Performance of a contract (Art. 6(1)(b)) |
| Sending magic-link emails | Performance of a contract (Art. 6(1)(b)) |
| Security logging | Legitimate interests (Art. 6(1)(f)) |
We do not process your data for advertising and do not sell it to third parties.
Where your data is stored
Core platform infrastructure is hosted in Frankfurt, Germany (EU). Third-party sub-processors are selected for EU/EEA location where possible. Where a sub-processor operates outside the EU/EEA, appropriate safeguards are in place — such as EU Standard Contractual Clauses — as required by GDPR Chapter V.
Third-party processors
To generate AI responses, your chat messages and relevant document excerpts are sent to an AI model provider. We share only what is necessary to generate a response — we do not share your full document library or account details with AI providers.
| Category | Purpose | Target location |
|---|---|---|
| AI model provider | Language model inference for AI responses | EU/EEA |
| Database provider | Storing user data, documents, conversations | EU/EEA |
| Application hosting provider | Running and serving the platform | EU/EEA |
| Email delivery provider | Sending authentication magic links | EU/EEA |
You may request the full list of specific sub-processors by contacting privacy@eusecureai.com.
How long we keep your data
- Account and organisation data — retained while your account is active; deleted upon request or account closure.
- Uploaded documents — retained until you delete them or your organisation is deleted.
- Conversation history — retained while your account is active; can be deleted on request.
- Server logs — retained for a limited period (typically 30 days), then deleted.
Security and compliance
The platform is designed with controls intended to support GDPR compliance, EU AI Act considerations, and future alignment with standards such as ISO 27001. Measures applied include access control, encryption in transit, and data minimisation.
EUSecureAI is not currently ISO 27001 certified.
Your rights under GDPR
As an EU data subject, you have the right to:
- Access — request a copy of the personal data we hold about you
- Rectification — ask us to correct inaccurate data
- Erasure — ask us to delete your data
- Restriction — ask us to limit how we use your data
- Portability — receive your data in a machine-readable format
- Object — object to processing based on legitimate interests
- Complaint — lodge a complaint with the Danish Data Protection Authority (Datatilsynet, datatilsynet.dk)
Contact us at privacy@eusecureai.com. We will respond within 30 days.
Cookies
See our Cookie Policy for details.
Changes to this policy
We may update this policy. If we make material changes, we will notify you by email or via the platform. The "last updated" date at the top of this page will always reflect the current version.