TCSR
English Türkçe Eesti

Privacy Policy

Last updated: June 2026

This Privacy Policy explains how Talivio Technology OÜ ("Talivio", "we") processes personal data in connection with the TCSR (Talivio Cyber Security Report) service. We are the data controller. For privacy questions, contact info@talivio.com.

1. Data we collect

  • Account data: name, email address, hashed password.
  • Asset data: domains you add and the ownership-verification records you publish.
  • Scan data: publicly observable information about domains you have verified (DNS, certificates, headers, etc.) and the findings derived from it.
  • Billing data: subscription status and identifiers. Card details are handled by Stripe; we never store card numbers.
  • Technical data: log and security information needed to operate the service.

2. How we use it

  • To provide the service: verify ownership, run scans, generate and store reports.
  • To process subscriptions and payments (via Stripe).
  • To secure, maintain and improve the service.
  • To send service-related communications.

3. Legal bases (GDPR)

We process data to perform our contract with you (Art. 6(1)(b)), to meet legal obligations (Art. 6(1)(c)), and for our legitimate interests in operating a secure service (Art. 6(1)(f)).

4. AI processing

To author report narratives we may send structured, non-personal scan findings to our AI provider (Google Gemini). We do not send your account credentials or payment data for this purpose.

5. Sharing & processors

We use trusted processors including our hosting provider, Stripe (payments) and Google (AI report generation). We do not sell personal data.

6. Retention

We keep account and report data for as long as your account is active and as required by law. You may request deletion at any time.

7. Your rights

Under GDPR and KVKK you may access, rectify, erase, restrict or port your data, and object to processing. To exercise these rights, email info@talivio.com.

8. Security

We apply technical and organizational measures appropriate to the risk, including encryption in transit, access controls, and the principle that scans run only against domains you have verified.

9. Changes

We may update this policy; material changes will be reflected by the "last updated" date above.

This document is a general template and does not constitute legal advice. Have it reviewed by counsel before relying on it.