Privacy controls

Torvus Security provides comprehensive privacy controls that allow you to exercise your rights under GDPR and CCPA. This guide explains how to manage your data, consent preferences, and privacy requests.

Your privacy rights

Under GDPR (General Data Protection Regulation) and CCPA (California Consumer Privacy Act), you have the following rights:

Right to Access: Request a copy of all personal data we hold about you
Right to Erasure: Request permanent deletion of your account and data
Right to Rectification: Request correction of inaccurate personal data
Right to Object: Object to certain types of data processing
Right to Data Portability: Receive your data in a machine-readable format
Right to Withdraw Consent: Withdraw consent for optional data processing at any time

Accessing privacy settings

Navigate to Settings → Privacy & Data from the console menu to access all privacy controls.

Data export

Requesting a data export

Go to Settings → Privacy & Data
Find the Export your data section
Click Request data export
Your export will be generated within a few minutes (up to 72 hours for large accounts)
Once ready, the download link will be available on this page

What's included in exports

Your data export includes:

Account information: Name, email, profile details
Vault metadata: Vault names, descriptions, settings
Document metadata: File names, sizes, upload dates (not encrypted contents)
Check-in configurations: All check-in settings and history
Recipient information: Recipient contacts and configurations
Audit logs: Your last 1,000 actions
Consent history: All consent grants and withdrawals

Note: Encrypted document contents are not included in exports for security reasons. You can download documents directly from your vaults if needed.

Export expiration

Data export download links expire after 7 days. After expiration, you'll need to request a new export.

Go to Settings → Privacy & Data
Find the Consent preferences section
Toggle switches for:
- Usage analytics: Anonymous usage data to improve the product
- Marketing communications: Product updates and newsletters
- Third-party integrations: Optional service integrations

Changes take effect immediately. You can change these preferences at any time.

Usage analytics:

Page views and feature usage (anonymous)
Error tracking and performance metrics
No personal data shared with third parties
Powered by PostHog (privacy-friendly analytics)

Marketing communications:

Product update emails
Feature announcements
Educational content
You can unsubscribe from individual emails at any time

Third-party integrations:

Optional integrations with Slack, Zapier, etc.
Data only shared with services you explicitly connect
You can revoke integration access at any time

Core services (always enabled)

Some data processing is necessary for core service delivery and cannot be disabled:

Authentication and account management
Vault storage and encryption
Security monitoring and threat detection
Legal compliance and fraud prevention

These are based on our legitimate interest and contract with you under GDPR Article 6.

Account deletion

Requesting account deletion

Warning

Account deletion is permanent after the 30-day grace period. This action cannot be undone.

Go to Settings → Privacy & Data
Find the Delete your account section
Click Delete my account
Read the confirmation dialog carefully
Click Yes, delete my account
Save your recovery token - you'll need it to cancel the deletion

Deletion timeline

Immediate effects:

Your account is disabled
You cannot log in
All data remains in our system for recovery

30-day grace period:

Your data is preserved
You can cancel deletion using your recovery token
You'll receive reminder emails before permanent deletion

After 30 days:

All data is permanently deleted:
- All vaults and encrypted documents
- Check-in configurations
- Recipient information
- Account and profile data
Audit logs are anonymized (for compliance)
This action cannot be undone

Canceling account deletion

If you change your mind within 30 days:

Locate your recovery token (provided when you requested deletion)
Go to /privacy/cancel-deletion?token=YOUR_TOKEN
Or contact support at privacy@torvus.io with your recovery token
Your account will be restored immediately

tip

Save your recovery token in a secure location immediately after requesting deletion. Without it, you cannot cancel the deletion.

Privacy request portal (for staff)

Staff members with SECURITY_ADMIN or BREAK_GLASS roles can access the Privacy Request Portal at Console → Privacy Requests.

Viewing privacy requests

The portal displays:

All user privacy requests (export, deletion, rectification, objection)
Request status (pending, processing, completed, rejected)
Average response times
Compliance metrics

Response time requirements

GDPR: Respond within 72 hours (Article 15)
CCPA: Respond within 45 days (§ 1798.100)

Our system tracks response times and highlights overdue requests.

Privacy policy

For complete details about how we collect, use, and protect your data, see our Privacy Policy.

Need help?

If you have questions about your privacy rights or need assistance:

Email: privacy@torvus.io
Support Portal: support.torvus.io
Response time: Within 72 hours

For EU users, you can also contact your local data protection authority:

Ireland: Data Protection Commission (DPC)
EU: European Data Protection Board

For California users:

California Privacy Rights: oag.ca.gov/privacy

Your privacy rights​

Accessing privacy settings​

Data export​

Requesting a data export​

What's included in exports​

Export expiration​

Consent management​

Managing consent preferences​

What consent controls​

Core services (always enabled)​

Account deletion​

Requesting account deletion​

Deletion timeline​

Canceling account deletion​

Privacy request portal (for staff)​

Viewing privacy requests​

Response time requirements​

Privacy policy​

Need help?​