Vexoris.

Legal

Data protection & Privacy Policy

How we collect, use, and protect your information. We comply with applicable data protection law, including the GDPR where it applies.

Privacy & data protection

Our privacy notice

Controller, data we collect, legal basis, retention, your rights, cookies, and updates.

Section
Details

Data controller and contact

The data controller responsible for this website and the Vexoris member platform is Vexoris Development (sole proprietor).

For questions about data protection or to exercise your rights, contact us at contact@vexorisdev.com. Name and address of the data controller are stated in the imprint or available on request via that email.

What data we collect

When you use this website, create a Vexoris member account, or get in touch with us, we may process:

  • Website usage data: Browser type, device type, pages visited, date and time of access, and technical identifiers needed to operate and secure the site (including IP address where required for security, rate limiting, or login verification).
  • Contact data: If you contact us (e.g. via the contact form or email), we process the information you provide (name, email, message) to respond to your request.
  • Account and profile data: If you register, we process data you provide such as username, email address, name, phone, timezone, language, addresses, notification and display preferences, and Vexoris ID identifiers linked to your account.
  • Authentication and security data: Hashed passwords, email verification status, session records (device label, IP address, approximate location derived from IP, user agent, timestamps), login step-up verification events, magic-link tokens, password-reset tokens, and security audit log entries.
  • Client portal data: If you use the member dashboard or client area, we process project requests, domain and hosting records you maintain, billing preferences, support tickets and messages, and related metadata you submit through those features.
  • Cookies and local storage: See the cookies section and our Cookie Policy.

Purpose and legal basis

We process your data only for defined purposes and on a valid legal basis under the GDPR (or applicable law):

  • Website and platform operation: Providing, maintaining, and securing the public site, member dashboard, and client portal (contract performance, legitimate interest, or legal obligation).
  • Account management: Creating and administering your member account, authenticating you, managing sessions, and delivering settings you configure (contract performance).
  • Security and fraud prevention: Login verification from new devices or IPs, audit logging, rate limiting, and protecting our systems and users (legitimate interest or legal obligation).
  • Client services: Handling project requests, domains, hosting information, billing preferences, and support tickets you submit through the portal (contract performance or steps prior to contract).
  • Responding to enquiries: Processing contact data to answer your request (contract, legitimate interest, or consent where required).
  • Analytics and marketing: Optional analytics (e.g. Vercel Analytics) and any future marketing cookies run only with your consent, as described in our Cookie Policy.

Storage and retention

We keep your data only for as long as necessary for the purposes above or as required by law. Account data is retained while your member account is active and for a limited period thereafter where needed for legal obligations, dispute resolution, or security. Session and audit records are kept for security and troubleshooting for a defined period, then deleted or anonymised. Contact and support correspondence is retained for the duration of the matter and, where relevant, for follow-up or legal obligations. We delete or anonymise data when it is no longer needed.

Member account data is stored in our database (Turso/libSQL, hosted in the EU region where configured). Authentication tokens in your browser are httpOnly cookies with limited lifetimes; see our Cookie Policy.

Processors and hosting

We use carefully selected service providers to run the website and member platform. They process data on our instructions and under appropriate agreements where required:

  • Hosting and deployment: Vercel (and related infrastructure) for serving the application.
  • Database: Turso (libSQL) for member account and portal data.
  • Email: SMTP or transactional email providers configured for verification, login alerts, password reset, and support notifications.
  • Analytics (optional): Vercel Analytics, loaded only if you consent to analytics cookies.

Where providers are located outside the EEA, we rely on appropriate safeguards (such as Standard Contractual Clauses) where required by law. You can request more detail about specific subprocessors by contacting us.

Your rights

Under the GDPR (if it applies to you), you have the right to:

  • Access the personal data we hold about you
  • Have inaccurate data corrected
  • Request erasure of your data in certain cases
  • Restrict or object to certain processing
  • Data portability, where applicable
  • Withdraw consent at any time, where processing is based on consent (including cookie preferences via our cookie banner or settings)
  • Lodge a complaint with a supervisory authority (e.g. in your country of residence)

To exercise these rights, contact us at contact@vexorisdev.com. You can review and update much of your account data in Settings; you can revoke active sessions under Security. Account deletion requests are handled on request where legally permitted.

Further detail on GDPR rights is on our GDPR page.

Cookies and similar technologies

We use essential cookies and browser storage for authentication (vxa_token, vxa_refresh), language preference, cookie consent, and optional features such as remembered sign-in (only if you enable it). Optional analytics cookies (Vercel Analytics) are used only after you consent via our cookie banner or cookie settings.

A full list of cookies and storage keys, durations, and purposes is in our Cookie Policy. You can open cookie preferences at any time from the footer or that page.

Changes to this notice

We may update this data protection notice from time to time to reflect changes in our practices or the law (including the Vexoris member platform). The current version is always available on this page. We encourage you to review it periodically. If we make material changes, we will indicate the date of the last update below.

Last updated: 1 June 2026