Privacy Policy

Last updated: March 1, 2026

This policy explains how Valdrics collects, processes, stores, and protects personal and organization data when you use our cloud and software spend governance platform.

1. Data We Collect

  • Account identity data such as name, work email, and role.
  • Tenant metadata such as workspace identifiers, plan, and ownership mappings.
  • Usage, telemetry, and governance events required to provide anomaly detection, approvals, and audit trails.
  • Optional marketing lead information submitted through public forms (for example, newsletter signup).

2. Why We Process Data

  • Deliver platform functionality, including routing, approvals, and reporting.
  • Secure the service, detect abuse, and maintain operational reliability.
  • Provide customer support, incident response, and service communications.
  • Improve product quality through bounded analytics and controlled experimentation.

3. Legal Bases (GDPR)

Where GDPR applies, Valdrics processes data under one or more of: contract performance, legitimate interests, legal obligations, and consent (for optional analytics/marketing where required).

4. Data Retention

We retain customer data only as long as needed for contractual service delivery, security requirements, and legal obligations. Operational logs and telemetry are retained according to documented service retention schedules and deleted or anonymized when no longer required.

5. Sharing and Sub-processors

We use vetted infrastructure and service providers to operate the platform. Sub-processors are bound by contractual confidentiality and security obligations. We do not sell customer personal data.

6. Security Controls

  • Encryption in transit and encryption at rest for managed data stores.
  • Tenant isolation controls and role-scoped access.
  • Audit logging, approval lineage, and incident response procedures.
  • Security monitoring and access review processes.

7. Data Subject Rights

Subject to applicable law, you may request access, correction, deletion, restriction, portability, or objection to processing. Enterprise customers may also request Data Processing Addendum (DPA) documentation and support for rights requests through designated workspace administrators.

8. Cookies and Local Storage

Our public landing experience uses optional analytics and experiment telemetry in local storage. Visitors can accept or decline analytics tracking through the cookie preferences prompt.

9. Contact

For privacy, DPA, or deletion requests, contact privacy@valdrics.com. General support requests can go to support@valdrics.com. For security-related disclosure or incident coordination, contact security@valdrics.com.

10. Enterprise Privacy Review

Public privacy materials are meant to answer the first diligence questions without inventing a universal deployment or processor answer. DPA requests, sub-processor review, and residency-specific questions move into enterprise and legal review when a buyer needs scoped answers.

  • DPA and privacy review requests route through privacy and legal contacts.
  • Residency-specific and deployment-specific questions route through enterprise review.
  • Security disclosure and incident coordination stay on the security contact path.
Deployment and Residency Proof Enterprise Review Talk to Sales