Privacy Policy
Last updated: March 2026
1. Data Controller
The data controller responsible for the processing of your personal data is:
Anchorant GmbH
Vienna, Austria
Email: hello@nuvelo.io
2. Data We Collect
2.1 Leads (Free Readiness Check)
- Email address
- Company name and information
- Readiness check answers and results
2.2 Clients (Paid Services)
- All data collected for leads
- Questionnaire responses
- AI system documentation and technical data
- Billing and payment information (processed by Stripe)
2.3 Website Visitors
- Session cookies (functional only, no tracking)
- Server logs (IP address, browser type, access time) retained for 7 days
3. Purposes of Processing
- Performing AI Act compliance analysis using AI-powered tools
- Managing client relationships (CRM)
- Processing payments and billing
- Sending transactional and service-related emails
- Improving our services and methodology
4. Legal Basis for Processing
| Activity | Legal Basis (GDPR) |
|---|---|
| Free readiness check | Consent (Art. 6(1)(a)) |
| Paid compliance services | Performance of contract (Art. 6(1)(b)) |
| Marketing communications | Legitimate interest (Art. 6(1)(f)) |
| Billing record retention | Legal obligation (Art. 6(1)(c)) |
5. Sub-Processors
We share your data with the following sub-processors:
| Processor | Purpose | Location | Safeguards |
|---|---|---|---|
| Anthropic | AI-powered compliance analysis | United States | EU Standard Contractual Clauses (SCCs) |
| HubSpot | CRM and lead management | European Union | EU data processing |
| Stripe | Payment processing | European Union | EU data processing |
| Resend | Transactional email delivery | United States | EU Standard Contractual Clauses (SCCs) |
| Hetzner | Website and application hosting | Germany | EU data processing |
6. International Data Transfers
Where data is transferred to sub-processors outside the European Economic Area (specifically Anthropic and Resend in the United States), we ensure adequate protection through EU Standard Contractual Clauses (SCCs) as approved by the European Commission.
7. Data Retention
| Data Category | Retention Period |
|---|---|
| Client data (questionnaires, reports, AI system data) | Duration of the contract + 30 days |
| Lead data (readiness check, contact info) | 12 months from collection |
| Billing and invoicing records | 7 years (per Austrian tax law, BAO) |
8. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
- Right of access (Art. 15) -- request a copy of the data we hold about you
- Right to rectification (Art. 16) -- correct inaccurate or incomplete data
- Right to erasure (Art. 17) -- request deletion of your data ("right to be forgotten")
- Right to restriction (Art. 18) -- restrict the processing of your data
- Right to data portability (Art. 20) -- receive your data in a structured, machine-readable format
- Right to object (Art. 21) -- object to processing based on legitimate interest, including direct marketing
To exercise any of these rights, contact us at hello@nuvelo.io. We will respond within 30 days.
9. Data Protection Officer
For data protection inquiries, contact our DPO at hello@nuvelo.io.
10. Complaints
If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Austrian Data Protection Authority:
Datenschutzbehörde
Barichgasse 40-42
1030 Vienna, Austria
Website: www.dsb.gv.at
11. Cookies
We use only minimal, strictly necessary session cookies to ensure the proper functioning of our website. We do not use tracking cookies, analytics cookies, or advertising cookies. No consent banner is required as these cookies are exempt under Art. 5(3) of the ePrivacy Directive.
12. Changes to This Policy
We may update this privacy policy from time to time. Significant changes will be communicated via email to registered users. The latest version will always be available on this page.