Privacy Policy
Last updated: 14 May 2026 · Applies to planxis.com and all Planxis services
Planxis ("we", "us", "our") is committed to protecting your personal data. This policy explains what we collect, why we collect it, how we use it, and your rights under the General Data Protection Regulation (GDPR).
The data controller is Planxis. For any privacy-related questions, contact us at privacy@planxis.com.
1. What data we collect
We collect personal data only when you actively provide it — we run no behavioural tracking, advertising pixels, or third-party analytics on this site.
| Data | When collected | Why |
|---|---|---|
| Name, work email, company, role | Demo request form | To contact you and prepare your demo session |
| Message / use-case description | Demo request form (optional) | To tailor the demo to your planning cycle |
| Name, work email, company, message | Enterprise enquiry form | To scope an enterprise engagement |
| IP address, browser type, page visits | Server logs (Vercel) | Security monitoring and fraud prevention; retained for 30 days |
We do not use cookies for tracking or analytics. We do not use Google Analytics, Meta Pixel, or any similar third-party tracking. The only cookies set are strictly necessary session cookies used by the Next.js runtime — these do not require consent under GDPR.
2. Legal basis for processing
| Purpose | Legal basis |
|---|---|
| Responding to demo and enterprise enquiries | Legitimate interest (Art. 6(1)(f)) — you initiated the contact |
| Sending a confirmation email after your request | Legitimate interest / pre-contractual steps (Art. 6(1)(b)) |
| Security and fraud monitoring via server logs | Legitimate interest (Art. 6(1)(f)) |
| Sending product updates (if you opt in) | Consent (Art. 6(1)(a)) — we will ask separately |
3. Who we share data with
We share your data with the following sub-processors only to the extent necessary to operate this website and the Planxis platform:
| Sub-processor | Purpose | Location |
|---|---|---|
| Vercel Inc. | Website & application hosting, serverless compute, CDN, and AI Gateway request routing | EU compute region; global edge/CDN |
| Supabase Inc. | Application database, authentication, and file storage (Planxis platform) | EU (hosted on AWS) |
| Anthropic PBC (via Vercel AI Gateway) | Generates the prose of AI executive briefings from S&OP metrics (Planxis platform) | US and/or EU (SCCs / UK IDTA as applicable) |
| Resend Inc. | Transactional email delivery | US (SCCs / EU Data Transfer Agreement in place) |
| Upstash Inc. | Rate limiting and abuse prevention (Planxis platform) | EU |
| Amazon Web Services (AWS) | Underlying cloud infrastructure — eu-central-1 | EU (Frankfurt) |
We do not sell, rent, or trade your personal data to any third party.
4. Data retention
Demo and enterprise enquiry data is retained for up to 24 months from the date of your request, or until you ask us to delete it — whichever is sooner. If you become a customer, your data is retained for the duration of the contract plus 12 months. Server logs are retained for 30 days.
5. Data security
All data is transmitted over TLS 1.3 and stored encrypted at rest (AES-256). Our infrastructure is hosted on ISO 27001-certified cloud (AWS eu-central-1). We are currently pursuing SOC 2 Type II certification (target H2 2026). Access to personal data is restricted to authorised Planxis personnel on a need-to-know basis.
6. Your rights under GDPR
If you are in the EU or UK, you have the following rights:
- Access — Request a copy of the personal data we hold about you.
- Rectification — Ask us to correct inaccurate or incomplete data.
- Erasure — Ask us to delete your data ("right to be forgotten").
- Restriction — Ask us to restrict processing in certain circumstances.
- Portability — Receive your data in a structured, machine-readable format.
- Objection — Object to processing based on legitimate interests.
- Withdraw consent — Where processing is based on consent, you may withdraw it at any time.
To exercise any right, email privacy@planxis.com. We will respond within 30 days. You also have the right to lodge a complaint with your national supervisory authority — in the Netherlands, this is the Autoriteit Persoonsgegevens.
7. International transfers
Your data is processed primarily within the EU (AWS eu-central-1, Frankfurt). Where we transfer data to processors outside the EU/EEA (specifically Resend for email delivery, and Anthropic for AI executive-brief generation, which may process in the US), we rely on Standard Contractual Clauses (SCCs) approved by the European Commission — and the UK International Data Transfer Addendum where applicable — to ensure an adequate level of protection.
8. Changes to this policy
We may update this policy when our data practices change. Material changes will be communicated to active users by email. The "last updated" date at the top of this page reflects the most recent revision.
9. Contact
For any questions about this policy or how we handle your data:
Planxis
privacy@planxis.com