Privacy Policy

1. Controller

Ryvion / Ryvion Books is the controller for personal data processed within Ryvion Boekr.

This policy applies to app.boekr.eu and the related SaaS accounting service.

2. Contact

For privacy questions, contact privacy@ryvion.nl.

Do not include passwords, API keys or other secrets in emails.

3. Data we process

We process data needed to provide the service, such as account data, company data, customer and invoice data, subscription state, technical logs and security information.

For payment features, payment references such as plan, amount, payment status and provider reference may be processed. Card or bank details are not stored locally by Ryvion Books.

4. Purposes

We process data for account management, secure access, accounting and invoicing features, customer management, subscription management, support, security, fraud prevention, legal obligations and service improvement.

Product development uses minimal or anonymised data where possible.

5. GDPR legal bases

The main legal bases are performance of a contract, legal obligation, legitimate interest for security and service improvement, and consent where required.

Non-essential cookies are not started without valid consent.

6. Retention

We do not keep personal data longer than necessary for the purpose for which it was collected.

Administrative and invoice data may be retained longer when tax or legal retention duties apply. Technical logs are kept as short as possible unless security investigation requires a longer period.

7. Hosting, processors and payment provider

The service may be hosted by Hetzner or a comparable European hosting provider.

Mollie may be used for payments. The payment provider is the source for payment status and processes payment data under its own terms and privacy documentation.

An email provider may be added later for transactional messages such as invitations or password reset. This will be documented when active.

8. Cookies

We use only necessary cookies for session, authentication, security and language preferences.

At this stage, only necessary session, security, and language-preference cookies are used.

9. User rights

You can request access, correction, deletion, restriction, portability or object to the processing of your personal data.

Send requests to privacy@ryvion.nl. We may ask for additional information to verify your identity.

10. Complaint to the Dutch DPA

If you believe we process your data incorrectly, you may complain to the Autoriteit Persoonsgegevens.

We prefer that you contact us first so we can investigate the issue.

11. Security

We use appropriate technical and organisational measures, such as access control, secure configuration, logging, backups and periodic verification.

No system is entirely risk-free. Recovery procedures, backup verification and security checks remain part of the production process.

12. Changes

We may update this policy when the service, legislation or processors change.

The current version is published on this page with a version and date.