Privacy Policy

1. Information We Collect

We collect information you voluntarily provide when interacting with the Rackvio website and services. This includes:

• Demo request form: name, work email address, company name, and job title.
• Waitlist signup: email address.
• Cloud signup: email address, password (stored as a salted hash only), and company name. No payment information is collected at signup.
• Analytics data: page views, referral source, device type, browser type, and approximate geographic region. We use privacy-respecting analytics that do not track individuals across websites or use personal identifiers.

We do not collect sensitive personal information such as financial data, government identifiers, or biometric data through the marketing website.

2. Cloud Tenant Data

When you subscribe to Rackvio Cloud (Cloud Starter, Cloud Growth, or Enterprise), we store the data you upload into your tenant organization on our cloud infrastructure. This data is owned by your organization and is never shared across tenant boundaries.

Data stored in a Rackvio Cloud tenant typically includes:

• Asset inventory: sites, rooms, racks, devices, power distribution, IP prefixes, cables, and any attributes you import via CSV or API.
• User accounts: email addresses, password hashes, roles, SSO identifiers, and audit-log events associated with your users.
• Billing metadata: company name, billing address, tax identifier, and subscription status. Payment card data is handled exclusively by Stripe and never stored on Rackvio infrastructure.
• Operational telemetry: IP addresses, user-agent strings, and access logs retained for security and audit purposes.

Tenant data is logically isolated via database row-level security (RLS) and every API call is scoped to the authenticated organization.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To provide and operate the Rackvio Services for your tenant organization.
• To respond to demo requests and schedule product demonstrations.
• To send waitlist updates when new features or tiers become available.
• To improve the Rackvio product based on aggregate usage patterns.
• To communicate product updates, security notices, billing notices, and service announcements relevant to your account.
• To bill, collect, and provide customer support for paid subscriptions.

We will never sell your personal information to third parties or use it for advertising purposes unrelated to Rackvio.

4. Third-Party Services (Sub-processors)

We engage a limited number of sub-processors to operate the Rackvio website and cloud services:

• Amazon Web Services: hosts the Rackvio Cloud application, primary database (Amazon Aurora PostgreSQL Serverless v2), object storage, and backups in the United States. Static assets are served via Amazon CloudFront with TLS certificates managed by AWS Certificate Manager (ACM) and DNS managed by Amazon Route 53.
• Stripe: processes subscription payments, manages billing history and invoices, and handles tax calculation. Payment card data flows directly from your browser to Stripe and is never persisted by Rackvio.
• Cloudflare: provides bot-protection challenges (Cloudflare Turnstile) on the signup form and CDN acceleration for the marketing website.
• Sentry: receives application error reports and performance traces so we can detect and fix reliability issues. Error reports may include stack traces and a user's organization ID for correlation.
• Resend: delivers transactional email (verification links, billing notifications, password resets).
• Anthropic: powers optional AI features — the read-only AI assistant and photo-based equipment recognition. When you use these features, the relevant prompt or image content is sent to Anthropic's API for processing. Anthropic does not train its models on data submitted through its commercial API.
• Privacy-respecting analytics: We plan to deploy a privacy-respecting analytics service (such as Plausible or Umami) that does not use cookies for tracking, does not collect personal identifiers, and processes data in compliance with GDPR and CCPA.

Each sub-processor is selected with data minimization and privacy as key evaluation criteria. A complete and current list is maintained in the Data Processing Agreement.

5. Data Retention

Contact form submissions and demo request data are retained for the duration of the business relationship or prospective relationship. If you do not become a customer, we retain your contact information for up to 24 months after your last interaction, after which it is deleted.

Cloud tenant data follows a trial-aware retention lifecycle:

• Day 0 — Day 30 (active trial): full read/write access to your tenant. A payment method is collected at signup; you are not charged until the trial ends.
• Day 30 (trial ends): your subscription converts to the paid plan. If payment succeeds, full access continues uninterrupted.
• Grace period (7 days after a failed payment or cancellation): the tenant enters a read-only state. All data remains readable; writes, new users, and imports are blocked while we retry payment and email you.
• After the grace period: full lockout. Login redirects to a reactivation page. Your data remains in place and is not deleted.
• 30 days after lockout: the tenant is flagged for deletion review. Data is never purged automatically — you can reactivate at any point beforehand to restore full access.

On voluntary cancellation via the Stripe Customer Portal, the subscription remains active through the end of the current billing cycle and the same read-only → lockout → purge schedule applies starting from the cycle-end date, with a 30-day export/readable window before purge. Backups are retained according to the applicable industry standard and purged no later than 90 days after production deletion, subject to retention required by applicable law.

Analytics data is aggregated and anonymized. We do not retain individual-level analytics data beyond the processing window required by our analytics provider.

6. Your Rights

You have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete personal data.
• Delete your personal data from our systems.
• Export your tenant data via the in-product CSV export pipeline.
• Withdraw consent for communications at any time.

To exercise any of these rights, contact us at contact@rackvio.com. We will respond to all data rights requests within 30 days.

7. Cookies

The Rackvio website uses a strictly-necessary-by-default cookie model. A site-wide consent banner captures your choice between:

• Strictly-necessary cookies: required for basic site functionality, session management, and CSRF protection. These are loaded without consent because the site cannot function without them.
• Analytics cookies (opt-in only): loaded only after you click "Accept analytics". We do not load any advertising, cross-site-tracking, or social media cookies on rackvio.com.

Your consent choice is stored in your browser under rackvio_cookie_consent. You can clear it from your browser settings at any time to be re-prompted.

8. Data Processing Agreement

Customers subscribing to Rackvio Cloud who act as Controllers of personal data (under the GDPR, UK GDPR, or equivalent laws) may enter into our Data Processing Agreement (DPA). The DPA includes the applicable Standard Contractual Clauses for international data transfers, a current list of sub-processors, and the security measures we apply to Customer Personal Data.

9. Data Controller

The data controller for information collected through the Rackvio website is CalRen Solutions LLC, a limited liability company organized under the laws of the Commonwealth of Pennsylvania, United States, trading as Rackvio.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. When we make changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.