Privacy Policy
Last updated: May 2026
1. Who We Are
Nytivo ("we", "us", "our") is a compliance management platform for the EU AI Act. We act as a data controller for the personal data we collect from users of our website and service.
2. Data We Collect
We collect:
- Account data: name, email address, and profile information you provide when registering.
- Usage data: information about how you interact with the Service.
- Compliance data: information you enter into the Service about your AI systems (this data is processed on your behalf).
- Payment data: billing information processed by our payment provider, Stripe.
- Technical data: IP addresses, browser type, and other standard server log information.
3. How We Use Your Data
We use your data to:
- Provide and improve the Service
- Send transactional emails (account, billing, regulation updates)
- Comply with our legal obligations
- Prevent fraud and ensure security
4. Legal Basis (GDPR)
We process your data based on: contract performance (to provide the Service), legitimate interests (security, fraud prevention), legal obligations, and consent where required.
5. Data Retention
We retain your account data for as long as your account is active, plus up to 3 years thereafter for legal and audit purposes. You may request deletion at any time.
6. Your Rights
Under GDPR, you have rights to access, rectify, erase, restrict, and port your personal data. To exercise these rights, contact privacy@nytivo.com.
7. Cookies
We use essential cookies for authentication and session management. We do not use tracking or advertising cookies.
8. Free Risk Assessment — Anonymous Data
Our free EU AI Act risk assessment at /risk-check can be completed without creating an account. When you use this tool, we collect:
- Your answers to the risk classification questionnaire. These answers describe your AI system but contain no personal data about you as an individual unless you choose to include it in free-text fields.
- A session ID stored in your browser (cookie and localStorage) to associate your answers with a result page. This ID is a random UUID — it contains no personal information.
- Your IP address and User-Agent for rate limiting and abuse prevention only.
- Your email address, only if you voluntarily submit it on the result page to receive a PDF report.
How we use anonymous assessment data
- To compute and display your risk classification result.
- To generate and send a PDF report if you request one.
- To send a 14-day email nurture sequence if you submit your email (you can unsubscribe at any time from any email).
- In aggregate and anonymised form, to understand how many AI systems fall into each risk tier.
Retention
- Anonymous assessment sessions (no email submitted): deleted automatically after 30 days.
- Sessions with email submitted: retained for 12 months, then deleted.
- Rate-limit logs (IP address only): deleted after 7 days.
Your rights as an anonymous user
Even without an account, you have rights over your data. If you wish to request deletion of your assessment data, email us at privacy@nytivo.com with your session ID (visible in your browser URL after completing the wizard) and we will delete it within 30 days.
9. Contact
Data protection queries: privacy@nytivo.com