Privacy Policy
This Privacy Policy explains how Accruex collects, uses, stores, and protects personal data in accordance with the General Data Protection Regulation (GDPR) and Portuguese data protection law.
Who We Are
Accruex is a GPU compute brokerage. We operate as the data controller for all personal data collected through our Platform and in connection with the provision of our Services.
- Privacy Contact: privacy@accruex.com
Where Accruex processes personal data on behalf of a Client as part of the Services (e.g., personal data contained in a Workload), Accruex acts as a data processor and the Client is the data controller. Such processing is governed by a separate Data Processing Agreement (DPA).
Data We Collect
We collect personal data in the following categories:
- Account & Identity Data: Name, job title, company name, email address, telephone number, and billing address provided during registration or in the course of placing an Order.
- Payment & Transaction Data: Invoice records, payment history, and billing contact details. We do not store full payment card numbers; card processing is handled by PCI-DSS compliant third-party processors.
- Technical & Usage Data: IP addresses, browser type, operating system, session logs, API request logs, and usage telemetry generated when interacting with the Platform.
- Communications Data: Records of correspondence with our team, including support tickets, emails, and contact form submissions.
- Contractual Data: Signed orders, statements of work, and other documentation forming part of the Client's service agreement.
We do not intentionally collect special-category personal data (such as health, racial or ethnic origin, or political views). If such data is incidentally transmitted as part of a Workload, the Client bears sole responsibility as the data controller for that processing.
How We Use Your Data
We use personal data for the following purposes:
- Service Delivery: To provision, manage, and support Compute Resources and associated Services.
- Account Management: To create and administer Client accounts, authenticate users, and manage access credentials.
- Billing & Finance: To issue invoices, process payments, and manage accounts receivable.
- Communications: To respond to enquiries, deliver service notifications, and provide technical support.
- Security & Compliance: To detect, investigate, and prevent fraudulent or unauthorised activity, and to comply with applicable legal obligations.
- Platform Improvement: To analyse usage patterns and improve the performance, reliability, and features of the Platform.
- Marketing: To send service updates and, where consent has been given, commercial communications. You may opt out at any time.
Legal Bases for Processing
We rely on the following legal bases under GDPR Article 6:
- Contract (Art. 6(1)(b)): Processing necessary to perform the Services under our Terms and Conditions, including account management, provisioning, and billing.
- Legal Obligation (Art. 6(1)(c)): Processing required to comply with applicable laws, including tax and financial regulations, anti-money laundering obligations, and regulatory requests.
- Legitimate Interests (Art. 6(1)(f)): Processing for fraud prevention, network security, service improvement, and direct marketing to existing customers (where permitted by applicable law).
- Consent (Art. 6(1)(a)): Where we send marketing communications to non-customers, or set non-essential cookies, we rely on your explicit consent, which may be withdrawn at any time.
Data Sharing
We do not sell, rent, or trade personal data. We share personal data only in the following circumstances:
- Infrastructure Partners: We share limited account and technical data with Infrastructure Partners to the extent necessary to provision and operate the Services. All Infrastructure Partners are bound by confidentiality obligations and, where applicable, data processing agreements.
- Service Providers: We engage third-party processors (e.g., payment processors, cloud monitoring tools, CRM providers) who act under our instructions and are contractually bound to comply with GDPR requirements.
- Legal & Regulatory: We may disclose personal data where required by Portuguese or EU law, court order, or a competent supervisory authority.
- Corporate Transactions: In the event of a merger, acquisition, or sale of assets, personal data may be transferred as part of that transaction. Affected individuals will be notified in advance.
International Data Transfers
Accruex primarily processes and stores data within the European Economic Area (EEA). Where data is transferred to a third country outside the EEA, we ensure an adequate level of protection through one of the following mechanisms:
- An adequacy decision by the European Commission;
- Standard Contractual Clauses (SCCs) approved by the European Commission;
- Binding Corporate Rules or other approved transfer mechanisms.
You may request a copy of the transfer safeguards in place by contacting us at privacy@accruex.com.
Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our standard retention periods are:
- Account & Contract Data: Retained for the duration of the service relationship and for 7 years thereafter, in accordance with Portuguese tax and commercial law.
- Technical & Usage Logs: Retained for up to 12 months for security and operational purposes.
- Support & Communications: Retained for 3 years from the date of the last interaction.
- Marketing Consent Records: Retained for as long as the consent remains active and for 3 years thereafter as evidence of consent.
Following the expiry of the applicable retention period, personal data is securely deleted or anonymised.
Your Rights
Under GDPR, you have the following rights in respect of your personal data:
To exercise any of these rights, contact us at privacy@accruex.com. We will respond within 30 days. We may request proof of identity before processing your request.
Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.
Cookies & Tracking
We use cookies and similar technologies on the Platform for the following purposes:
- Essential Cookies: Required for the Platform to function correctly, including authentication and session management. These cannot be disabled.
- Analytics Cookies: Used to understand how visitors interact with the Platform, enabling us to improve performance and usability. Deployed only with your consent.
- Preference Cookies: Used to remember your settings and preferences across sessions.
You can manage your cookie preferences through your browser settings or our cookie consent tool. Disabling non-essential cookies will not affect your ability to use the core Services.
Security
Accruex implements appropriate technical and organisational security measures to protect personal data against unauthorised access, disclosure, alteration, or destruction. These measures include:
- Encryption of data in transit using TLS 1.2 or higher;
- Access controls and role-based permissions for all internal systems;
- Regular security assessments and vulnerability management;
- Incident response procedures aligned with GDPR Article 33 notification requirements.
In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay in accordance with GDPR requirements.
Children
The Services are directed exclusively at business users and are not intended for individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that personal data has been submitted by a person under 18, we will delete such data promptly.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, the Services, or applicable law. Where a change is material, we will notify you by email to your registered address at least 30 days before the change takes effect.
The current version of this Privacy Policy is always available on our Platform. The "Effective Date" at the top of this page indicates when it was last updated.
Contact & Complaints
For any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact us:
- Data Controller: Accruex
- Privacy Email: privacy@accruex.com
If you are not satisfied with our response, you have the right to lodge a complaint with the Portuguese data protection supervisory authority:
- Comissão Nacional de Proteção de Dados (CNPD)
- www.cnpd.pt
You may also contact the supervisory authority in your country of residence or place of work within the EU.