Privacy Policy
Last updated: April 1, 2026
1. Who We Are
Prevly ("we", "us", "our") operates the predictive maintenance platform available at prevly.org. We are committed to protecting your privacy and handling your data in accordance with the General Data Protection Regulation (GDPR) and applicable data protection laws.
Contact: hello@prevly.org
2. Data We Collect
2.1 Website Visitors
- Analytics data: When you consent to analytics cookies, we collect anonymized usage data via Google Analytics 4 (page views, referral source, device type). No personally identifiable information is sent to Google.
- Contact form submissions: Name, email, company, and number of machines — submitted via Formspree and stored for sales follow-up.
- Cookie preferences: Your consent choice is stored locally in your browser (localStorage).
2.2 Platform Users
- Account data: Email, name, company, role — required for authentication via Keycloak.
- Sensor/machine data: Time-series data from your industrial equipment (vibration, temperature, pressure, etc.). This data belongs to your organization and is isolated via row-level security.
- ML model outputs: Predictions, anomaly scores, and explanations generated from your data.
3. How We Use Your Data
- To provide and improve our predictive maintenance services
- To train and improve ML models (only on your tenant's data, never shared across tenants)
- To send service-related communications (alerts, reports, account notifications)
- To analyze website usage and improve our marketing (with consent)
- To respond to your inquiries and provide support
4. Cookies
| Cookie | Purpose | Type | Duration |
|---|---|---|---|
| prevly_cookie_consent | Stores your cookie preference | Necessary | Persistent |
| prevly_locale | Stores your language preference | Necessary | Persistent |
| _ga, _ga_* | Google Analytics 4 | Analytics | 2 years |
Analytics cookies are only set after you give explicit consent via our cookie banner.
5. Data Retention
- Sensor data: Hot storage for 90 days in TimescaleDB, then archived to cold storage (ClickHouse/S3). You can request deletion at any time.
- Account data: Retained while your account is active, deleted within 30 days of account closure.
- Analytics data: Anonymized, retained for 14 months per Google Analytics defaults.
- Contact form data: Retained for 12 months, then deleted unless a business relationship is established.
6. Data Sharing
We do not sell your data. We share data only with:
- Infrastructure providers: AWS (hosting), for service operation only.
- Analytics: Google Analytics 4 (anonymized, with consent).
- Form processing: Formspree (contact form submissions).
- Email: Resend (transactional emails only).
7. Multi-Tenancy & Data Isolation
Your sensor data and ML models are fully isolated from other customers using PostgreSQL row-level security (RLS). Each API request is scoped to your tenant via JWT claims. No cross-tenant data access is possible.
8. Your Rights (GDPR)
You have the right to:
- Access your personal data
- Rectify inaccurate data
- Erase your data ("right to be forgotten")
- Restrict processing
- Data portability — export your data in standard formats
- Object to processing
- Withdraw consent at any time (via cookie settings in the footer)
To exercise these rights, contact us at hello@prevly.org. We will respond within 30 days.
9. Security
We implement industry-standard security measures including TLS 1.3 encryption in transit, AES-256 encryption at rest, JWT-based authentication with JWKS key rotation, and comprehensive audit logging. See our Trust & Security section for details.
10. Changes to This Policy
We may update this policy periodically. Material changes will be communicated via email to registered users. The "last updated" date at the top reflects the most recent revision.