R
RIVET
SECURITY
Features Pricing Docs Login →
Terms Privacy Refund
// LEGAL

Privacy Policy

Last updated: 1 January 2026 · GDPR-compliant

This Privacy Policy explains how ZYNTHECK, a company registered in the Netherlands, processes personal data in connection with the RIVET website and product. We are committed to the General Data Protection Regulation (GDPR) as it applies in the Netherlands. RIVET is self-hosted: your security data stays on your own server and is never sent to us.

1

Who we are

The data controller for personal data described in this policy is ZYNTHECK, a company registered in the Netherlands ("we", "us"). You can reach us at lukas@rivet-security.com for any privacy matter, including to exercise your rights.

>
2

What we collect

We deliberately collect as little as possible. The data we process falls into three groups:

Purchase data: when you buy RIVET, our payment provider Lemon Squeezy collects your name, email address, billing country, IP address and payment details, and shares with us the limited order information needed to issue and support your licence (name, email, order ID, country).
Website data: the marketing site sets no tracking or advertising cookies and does not profile visitors.
Dashboard data: the self-hosted dashboard sets a single, strictly-necessary session cookie when you log in, to keep you signed in. It contains no tracking identifiers.
Product data: all security data RIVET generates — logs, blocked IPs, alerts, scores — stays on your own server. We never receive, store or have access to it.
>
3

Legal basis

We rely on the following legal bases under Article 6 GDPR:

Performance of a contract (Art. 6(1)(b)) — to deliver your licence and provide support.
Legal obligation (Art. 6(1)(c)) — to keep invoices and tax records as required by Dutch law.
Legitimate interests (Art. 6(1)(f)) — to secure our systems and prevent fraud, balanced against your rights. The strictly-necessary session cookie relies on this basis and your request to log in.
>
4

How we use data

We use the limited data we receive to fulfil your order, deliver and activate your licence key, provide customer support, send essential service messages, and comply with our legal and accounting obligations. We do not sell your data, and we do not use it for advertising or automated decision-making.

>
5

Retention

We keep invoice and transaction records for 7 years, as required by Dutch tax law. Other personal data (such as support correspondence) is kept only as long as needed for the purpose collected and is deleted on request once we are no longer legally required to retain it.

>
6

Third parties

We share data only where necessary to run the business:

Lemon Squeezy — our merchant of record, which processes payments and handles VAT. Their processing is governed by their own privacy policy.
We do not share data with advertisers, data brokers or analytics networks. We use no third-party tracking on the website.
>
7

International transfers

Where a processor such as Lemon Squeezy transfers data outside the European Economic Area, that transfer is protected by appropriate safeguards under the GDPR, such as the EU Standard Contractual Clauses.

>
8

Your rights

Under the GDPR you have the right to:

Access — obtain a copy of the personal data we hold about you.
Rectification — have inaccurate data corrected.
Erasure — have your data deleted where no legal obligation requires us to keep it.
Portability — receive your data in a structured, machine-readable format.
Restriction — limit how we process your data.
Objection — object to processing based on legitimate interests.
Complaint — lodge a complaint with the Autoriteit Persoonsgegevens, the Dutch data-protection authority.
>
9

Cookies

The marketing website uses no cookies. The self-hosted dashboard uses one strictly-necessary session cookie to keep you logged in; if you tick "Trust this device" it lasts up to 30 days, otherwise it expires when you close your browser. No consent banner is required because we set no tracking or analytics cookies.

>
10

Children

RIVET is a professional tool intended for server administrators. It is not directed at children, and we do not knowingly collect data from anyone under 16 years of age.

>
11

Changes to this policy

We may update this policy as the product or the law evolves. The current version is always published at rivet-security.com. Material changes will be announced on the website and, where we hold your email, by email.

>
12

Contact & complaints

To exercise any right, email lukas@rivet-security.com and we will respond within one month as required by the GDPR. If you believe we have not handled your data properly, you may contact the Autoriteit Persoonsgegevens.

>
DATA CONTROLLER

ZYNTHECK · Netherlands · lukas@rivet-security.com. You have the right to lodge a complaint with the Dutch supervisory authority, the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).

R
RIVET
SECURITY
Self-hosted Linux server
security agent.
Made by ZYNTHECK · Netherlands.
PRODUCT
Features Pricing Documentation
LEGAL
Terms Privacy Refund
CONTACT
lukas@rivet-security.com rivet-security.com
© 2026 RIVET by ZYNTHECK v1.0.0