Privacy Policy

Delvok ("we," "us," or "the Company") respects your privacy. This Privacy Policy explains what information we collect, how we use it, and the choices you have. It applies to our website at delvok.com, our client dashboard, and all related services.

Account information: Name, email address, and website URL provided when you request a rescue or sign up for hosting.

Payment information: Payment card details are collected and processed exclusively by Stripe, our PCI-DSS Level 1 compliant payment processor. We never store full card numbers on our servers.

Site credentials: WordPress admin, SFTP, and hosting credentials submitted for rescue work are encrypted with AES-256 in transit and at rest and automatically purged after work is complete.

Usage data: Basic analytics (page views, referrer) may be collected to improve our services. We do not use third-party advertising trackers.

• To provide, maintain, and improve our services.
• To process payments and manage billing.
• To communicate about your service, including rescue updates, hosting alerts, and support tickets.
• To send periodic service announcements (you may opt out).
• To detect and prevent fraud or abuse.

Account data and service metadata are stored in Supabase (hosted on AWS infrastructure) with row-level security policies enforcing strict access control. All connections use TLS encryption.

Payment data is handled entirely by Stripe under PCI-DSS Level 1 compliance. We receive only a tokenised reference and never handle raw card data.

Site backups and snapshots are stored in encrypted, access-controlled storage and retained for 90 days unless otherwise agreed.

We use essential cookies only, specifically those set by Supabase Auth to maintain your login session on the Delvok dashboard. We do not use advertising cookies or third-party tracking cookies.

We share data with the following third parties only as needed:

• Stripe — payment processing.
• Supabase — database and authentication.
• Resend — transactional email delivery.
• Vercel — hosting for our web application.

We do not sell, rent, or trade your personal information to any third party.

Account data is retained for the duration of your service and for up to 12 months after termination to facilitate potential reactivation and comply with tax/legal obligations.

Rescue credentials are purged immediately after work is complete. Backups are retained for 90 days. Payment records are retained as required by applicable tax law.

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data ("right to be forgotten").
• Object to or restrict processing of your data.
• Request a portable copy of your data.
• Opt out of the "sale" of personal information (we do not sell data, but you may exercise this right).

To exercise any of these rights, contact hello@delvok.com. We will respond within 30 days.

Our services are not directed to individuals under 18. We do not knowingly collect personal data from children. If you believe we have collected data from a minor, contact us and we will delete it promptly.

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on our website. The "Last updated" date at the top of this page reflects the latest revision.

Questions about this policy? Contact us at hello@delvok.com.