Privacy Policy

Effective date: March 3, 2026

1. Introduction and Acceptance

This Privacy Policy constitutes a legally binding agreement between you ("you," "your," "User," "Data Subject") and Vinkius ("Vinkius," "we," "us," "our," "Company"), governing the collection, processing, storage, and disclosure of your personal information when you access or use the Vinkius platform, website, and related AI infrastructure services (collectively, the "Service").

By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with any provision of this Privacy Policy, you must discontinue use of the Service immediately.

This Privacy Policy should be read in conjunction with our Terms and Conditions, Security Policy, and any applicable Data Processing Agreement (DPA).

2. Data Controller and Contact Information

Data Controller:

GitScrum, Unipessoal Lda (d/b/a Vinkius)

Email: privacy[at]Vinkius.com

Customer Service: customer.service[at]Vinkius.com

Data Protection Officer (DPO):

For privacy-related inquiries, data subject access requests, or concerns about how we process your personal data, please contact our Data Protection Officer at: dpo[at]Vinkius.com.

EU Representative (if applicable):

For data subjects in the European Union, our EU Representative can be contacted for privacy-related matters.

3. Definitions

For the purposes of this Privacy Policy:

Personal Data: Information relating to an identified or identifiable natural person (Data Subject). An identifiable person is one who can be identified, directly or indirectly, by reference to an identifier such as name, identification number, location data, online identifier, or factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity.

Processing: Any operation performed on Personal Data, including collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, transmission, dissemination, restriction, erasure, or destruction.

Data Controller: The entity that determines the purposes and means of processing Personal Data. When you use Vinkius's Service, you typically act as the Data Controller for any personal data you input about your team members, contractors, clients, or other individuals.

Data Processor: An entity that processes Personal Data on behalf of the Data Controller. Vinkius acts as a Data Processor when providing services to you under a Data Processing Agreement.

Data Subject: An identified or identifiable natural person whose Personal Data is processed.

Service: The Vinkius.com website, Vinkius web application, Vurb.ts framework, SSE Edge Router, and all related AI infrastructure and governance services provided by Vinkius.

Usage Data: Information automatically collected from your use of the Service, including but not limited to device information, browser type, IP address, pages visited, and interaction patterns with AI agents and MCP servers.

Cookies: Small text files placed on your device to collect standard internet log information and visitor behavior patterns.

Third Country: A country outside the European Economic Area (EEA) that has not been deemed by the European Commission to provide adequate data protection.

4. Types of Data We Collect

We collect several categories of information to provide, maintain, protect, and improve our Service.

5. Legal Basis for Processing Personal Data

For Data Subjects in the European Economic Area (EEA), United Kingdom, and Switzerland, we process Personal Data only when we have a valid legal basis under the General Data Protection Regulation (GDPR):

6. How We Use Your Data

We process your Personal Data for the following purposes:

8. International Data Transfers

Vinkius operates globally and may transfer, store, and process your Personal Data in countries outside your country of residence, including countries that may not provide the same level of data protection as your home country.

9. Data Retention

We retain Personal Data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

10. Your Data Protection Rights

Under applicable data protection laws, including the GDPR and CCPA, you have the following rights regarding your Personal Data:

11. Data Security

We implement comprehensive technical and organizational measures to protect Personal Data against unauthorized access, alteration, disclosure, or destruction. Our security practices include:

12. Third-Party Services and Links

Our Service may contain links to third-party websites, applications, or services not operated by Vinkius. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services before providing them with your Personal Data.

13. Children's Privacy

Vinkius's Service is not directed to individuals under the age of 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect Personal Data from children.

If we become aware that we have collected Personal Data from a child without parental consent, we will take steps to delete that information promptly. If you believe we have collected information from a child, please contact us immediately at privacy[at]Vinkius.com.

14. Data Processing Agreement (DPA)

If you are a business customer using Vinkius to process personal data about your employees, clients, or other third parties, you act as the Data Controller and Vinkius acts as the Data Processor.

In this relationship:

You determine the purposes and means of processing

Vinkius processes data only according to your documented instructions

A Data Processing Agreement (DPA) governs this relationship in compliance with GDPR Article 28

Our standard DPA includes:

Subject matter, duration, nature, and purpose of processing

Types of personal data and categories of data subjects

Obligations and rights of the controller

Processor obligations (security, confidentiality, assistance with data subject rights)

Subprocessor engagement and notification procedures

Data breach notification timelines

Data deletion or return upon contract termination

Audit rights and compliance verification

To request our Data Processing Agreement, please contact: legal[at]Vinkius.com.

16. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other operational considerations.

Notification of Changes:

The "Last Updated" date at the top of this policy indicates when it was most recently revised
Material changes will be communicated via:
Email notification to registered users (at least 30 days before effective date for material changes)
Prominent notice on our website
In-app notifications
Continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy

We encourage you to review this Privacy Policy periodically. Previous versions are available upon request.

17. Supervisory Authority and Complaints

If you are located in the EEA, UK, or Switzerland, you have the right to lodge a complaint with your local data protection supervisory authority if you believe we have processed your Personal Data in violation of applicable data protection laws.

EU Supervisory Authorities: https://edpb.europa.eu/about-edpb/board/members_en

UK Information Commissioner's Office (ICO): https://ico.org.uk/

Swiss Federal Data Protection and Information Commissioner (FDPIC): https://www.edoeb.admin.ch/

We encourage you to contact us first at dpo[at]Vinkius.com so we can address your concerns directly.

18. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

General Privacy Inquiries: