Privacy Policy

Last updated: August 17, 2025

Averox Ltd ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, and safeguard your data when you use our PKI services at averox.com.

Privacy Commitment

We never sell your personal data. We implement enterprise-grade security measures and follow strict data protection standards to keep your information secure.

1. Information We Collect

Personal Information

Name, email address, and contact details
Company name and business information
Account credentials and authentication data
Payment and billing information
Job title and industry information

Technical Information

Certificate requests and metadata
API usage logs and access patterns
Device information and IP addresses
Browser type and operating system
Service usage analytics and performance metrics

Security and Audit Information

Login attempts and session data
Security events and threat detection logs
Certificate lifecycle events
Compliance and audit trail data

2. How We Use Your Information

Service Delivery

Process certificate requests and issuance
Manage your account and subscriptions
Provide customer support and technical assistance
Process payments and manage billing

Security and Compliance

Monitor for security threats and fraud prevention
Maintain audit logs for compliance requirements
Verify identity for certificate authentication
Ensure platform security and integrity

Service Improvement

Analyze usage patterns to improve our services
Develop new features and capabilities
Optimize performance and user experience
Conduct research and development

3. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share information in the following circumstances:

Service Providers

Third-party payment processors (PayPal, Stripe)
Cloud infrastructure providers (with data processing agreements)
Email service providers for communications
Analytics and monitoring services

Legal Requirements

When required by law or legal process
To protect our rights and property
To prevent fraud or security threats
For public safety and law enforcement cooperation

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction, subject to the same privacy protections.

4. Data Security Measures

Enterprise-Grade Security

All data is protected using industry-leading security measures including end-to-end encryption, HSM protection, and regular security audits.

Technical Safeguards

AES-256 encryption for data at rest
TLS 1.3 encryption for data in transit
Hardware Security Module (HSM) protection for cryptographic keys
Multi-factor authentication requirements
Regular penetration testing and security assessments

Operational Safeguards

Access controls and role-based permissions
Employee security training and background checks
Incident response and breach notification procedures
Regular security updates and patch management

5. Data Retention and Deletion

Retention Periods

Account Data: Retained for the duration of your subscription plus 2 years
Certificate Data: Retained according to CA/Browser Forum requirements (minimum 10 years)
Audit Logs: Retained for 7 years for compliance purposes
Payment Data: Retained according to financial regulations (typically 7 years)

Data Deletion

Upon account termination or retention period expiration, we securely delete your data using industry-standard methods. Certificate revocation records are maintained for security and compliance purposes.

6. Your Privacy Rights

Access and Control

Access and review your personal information
Update or correct inaccurate data
Export your data in portable formats
Request deletion of non-essential data

Communication Preferences

Opt out of marketing communications
Customize notification settings
Manage subscription preferences

Regional Rights

Depending on your location, you may have additional rights under GDPR, CCPA, or other privacy regulations. Contact us to exercise these rights.

7. International Data Transfers

Your data may be processed in countries outside your residence. We ensure adequate protection through:

Standard contractual clauses approved by relevant authorities
Certification under recognized adequacy frameworks
Implementation of appropriate technical and organizational measures

8. Cookies and Tracking Technologies

Essential Cookies

Session management and authentication
Security and fraud prevention
Platform functionality and user preferences

Analytics Cookies

Usage statistics and performance monitoring
Feature usage and user behavior analysis
Service optimization and improvement

You can control cookie settings through your browser preferences, though some features may not function properly if essential cookies are disabled.

9. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware of such collection, we will take steps to delete the information promptly.

10. Privacy Policy Updates

We may update this Privacy Policy to reflect changes in our practices or applicable laws. Material changes will be communicated via:

Email notification to account holders
Platform notifications and banners
Updated version posted on our website

Continued use of our services after changes take effect constitutes acceptance of the updated policy.

11. Contact Information

For privacy-related questions, requests, or concerns, please contact us:

Data Protection Officer: privacy@averox.com
Company: Averox Ltd
Website: averox.com
Email: info@averox.com
Phone: +44 207 193 3577 or +1302 476 2467
Mailing Address: 3rd Floor 86-90 Paul Street, London EC2A 4NE

Quick Contact

For urgent privacy matters or data breach reports, contact our 24/7 security hotline at security@averox.com