Privacy Policy
Last updated: March 2026
1. Who we are
Onvanta is an employee onboarding and knowledge retention platform. This privacy policy explains how we collect, use, and protect your personal data when you use our services. Our platform is operated from the Netherlands and we are subject to Dutch and European data protection law (GDPR).
2. What data we collect
We collect the following personal data: name and work email address (required to create an account), company name and team size (provided during signup), usage data such as login timestamps, onboarding progress, quiz scores, and flashcard review results, and technical data such as IP address, browser type, and device information.
3. How we use your data
We use your data to provide and improve the Onvanta service, to send transactional emails such as magic link login emails and onboarding notifications, to give managers and admins visibility into onboarding progress, and to analyse usage patterns to improve the product. We do not sell your data to third parties. We do not use your data for advertising purposes.
4. Data storage and security
Your data is stored in Supabase (PostgreSQL) on servers located in Frankfurt, Germany (EU). We use industry-standard security measures including encrypted connections (HTTPS), hashed tokens for authentication, and role-based access controls. We retain your data for as long as your account is active. After account deletion, data is removed within 30 days.
5. Third-party services
We use the following third-party services: Supabase (database and authentication, EU servers), Resend (transactional email), Vercel (hosting and deployment), and Stripe (payment processing). Each of these services has their own privacy policy and data processing agreements in place.
6. Your rights (GDPR)
Under GDPR, you have the right to access your personal data, correct inaccurate data, request deletion of your data, export your data in a portable format, and object to or restrict processing. To exercise any of these rights, contact us at hello@onvanta.io. We will respond within 30 days.
7. Cookies
We use a session cookie (next-auth.session-token) to keep you logged in. This cookie is strictly necessary for the service to function and does not track you across other websites. We do not use advertising or analytics cookies.
8. Contact
If you have questions about this privacy policy or how we handle your data, contact us at hello@onvanta.io.