Legal

Privacy Policy

Last updated: 14 May 2026 · Applies to planxis.com and all Planxis services

Planxis ("we", "us", "our") is committed to protecting your personal data. This policy explains what we collect, why we collect it, how we use it, and your rights under the General Data Protection Regulation (GDPR).

The data controller is Planxis. For any privacy-related questions, contact us at privacy@planxis.com.


1. What data we collect

We collect personal data only when you actively provide it — we run no behavioural tracking, advertising pixels, or third-party analytics on this site.

DataWhen collectedWhy
Name, work email, company, roleDemo request formTo contact you and prepare your demo session
Message / use-case descriptionDemo request form (optional)To tailor the demo to your planning cycle
Name, work email, company, messageEnterprise enquiry formTo scope an enterprise engagement
IP address, browser type, page visitsServer logs (Vercel)Security monitoring and fraud prevention; retained for 30 days

We do not use cookies for tracking or analytics. We do not use Google Analytics, Meta Pixel, or any similar third-party tracking. The only cookies set are strictly necessary session cookies used by the Next.js runtime — these do not require consent under GDPR.


2. Legal basis for processing

PurposeLegal basis
Responding to demo and enterprise enquiriesLegitimate interest (Art. 6(1)(f)) — you initiated the contact
Sending a confirmation email after your requestLegitimate interest / pre-contractual steps (Art. 6(1)(b))
Security and fraud monitoring via server logsLegitimate interest (Art. 6(1)(f))
Sending product updates (if you opt in)Consent (Art. 6(1)(a)) — we will ask separately

3. Who we share data with

We share your data with the following sub-processors only to the extent necessary to operate this website and the Planxis platform:

Sub-processorPurposeLocation
Vercel Inc.Website & application hosting, serverless compute, CDN, and AI Gateway request routingEU compute region; global edge/CDN
Supabase Inc.Application database, authentication, and file storage (Planxis platform)EU (hosted on AWS)
Anthropic PBC (via Vercel AI Gateway)Generates the prose of AI executive briefings from S&OP metrics (Planxis platform)US and/or EU (SCCs / UK IDTA as applicable)
Resend Inc.Transactional email deliveryUS (SCCs / EU Data Transfer Agreement in place)
Upstash Inc.Rate limiting and abuse prevention (Planxis platform)EU
Amazon Web Services (AWS)Underlying cloud infrastructure — eu-central-1EU (Frankfurt)

We do not sell, rent, or trade your personal data to any third party.


4. Data retention

Demo and enterprise enquiry data is retained for up to 24 months from the date of your request, or until you ask us to delete it — whichever is sooner. If you become a customer, your data is retained for the duration of the contract plus 12 months. Server logs are retained for 30 days.


5. Data security

All data is transmitted over TLS 1.3 and stored encrypted at rest (AES-256). Our infrastructure is hosted on ISO 27001-certified cloud (AWS eu-central-1). We are currently pursuing SOC 2 Type II certification (target H2 2026). Access to personal data is restricted to authorised Planxis personnel on a need-to-know basis.


6. Your rights under GDPR

If you are in the EU or UK, you have the following rights:

  • AccessRequest a copy of the personal data we hold about you.
  • RectificationAsk us to correct inaccurate or incomplete data.
  • ErasureAsk us to delete your data ("right to be forgotten").
  • RestrictionAsk us to restrict processing in certain circumstances.
  • PortabilityReceive your data in a structured, machine-readable format.
  • ObjectionObject to processing based on legitimate interests.
  • Withdraw consentWhere processing is based on consent, you may withdraw it at any time.

To exercise any right, email privacy@planxis.com. We will respond within 30 days. You also have the right to lodge a complaint with your national supervisory authority — in the Netherlands, this is the Autoriteit Persoonsgegevens.


7. International transfers

Your data is processed primarily within the EU (AWS eu-central-1, Frankfurt). Where we transfer data to processors outside the EU/EEA (specifically Resend for email delivery, and Anthropic for AI executive-brief generation, which may process in the US), we rely on Standard Contractual Clauses (SCCs) approved by the European Commission — and the UK International Data Transfer Addendum where applicable — to ensure an adequate level of protection.


8. Changes to this policy

We may update this policy when our data practices change. Material changes will be communicated to active users by email. The "last updated" date at the top of this page reflects the most recent revision.


9. Contact

For any questions about this policy or how we handle your data:
Planxis
privacy@planxis.com