Privacy Policy
Effective date: 2026-05-24 Last updated: 2026-05-24
This Privacy Policy describes what data Teressoft Pty Ltd ("we", "us", "Phorvec") collects from users of the Phorvec software, the phorvec.com website, and related services, and how we use and protect it.
1. Scope
This policy applies to:
- The Phorvec license activation service (used when activating a commercial license key online)
- The Phorvec website at phorvec.com
- Payment and billing flows processed through Paystack
- Email and support correspondence with us (addresses on the
phorvec.comdomain route to the Teressoft Pty Ltd mail system)
This policy does not apply to:
- The Phorvec MCP Server when run locally on your own machine without commercial license activation — that instance processes data on your device only, and we never receive it.
- Your agents' memory data stored in
.avdbfiles — these never leave your machine unless you explicitly transmit them. - Third-party services you connect Phorvec to (e.g., embedding providers, IDEs, MCP clients).
2. What We Collect
2.1 License activation (commercial customers only)
When a commercial license key is activated online, our activation server receives:
- The license key string
- The machine fingerprint (a hash; not personally identifiable on its own)
- The software version
- The IP address of the activation request (for fraud detection)
- A timestamp
Air-gapped customers using offline license files do not transmit any of the above — their license is verified locally on-device.
2.2 Website, payments, and email
- Web server logs — IP address, user-agent, timestamp, requested URL — retained for 30 days for security and debugging
- Payment and billing data collected by Paystack on our behalf. Paystack handles card details; we do not see or store card numbers. We receive a transaction reference, plan, amount, and the billing email you provide.
- Email content and attachments sent to us by you.
- Account / subscription state (email, plan, subscription status, license keys issued) stored in our managed Postgres database.
2.3 What we do NOT collect
- The contents of
.avdbfiles or any agent memory data - Queries, embeddings, or search results processed by the local server
- Telemetry from the MCP server — telemetry is off by default and the current release has no telemetry endpoint. If we introduce opt-in telemetry in a future release, it will be disclosed here with 30 days' notice.
3. How We Use Collected Data
- License activation data: to verify license validity, enforce per-Device or per-Deployment limits from an executed Order Form, and detect fraudulent duplication.
- Web logs: security monitoring, debugging, and capacity planning.
- Payment data: to process your subscription, send receipts, and respond to billing disputes.
- Email: to answer your question, fulfil your request, and keep a record of support correspondence.
We do not sell or rent personal data to third parties. We do not use collected data for advertising. We do not perform automated decision-making with legal or similarly significant effects.
4. Sharing and Subprocessors
We use the following subprocessors:
| Category | Vendor | Purpose |
|---|---|---|
| Payments | Paystack | Subscription billing, card processing, receipts |
| Resend (via Teressoft Pty Ltd mail infrastructure) | Transactional email, license key delivery, support correspondence | |
| Hosting | Vercel (website) and Cloudflare R2 (binary distribution) | Serve the website, binaries, and license activation service |
| Database | Neon (serverless Postgres) | Store subscription and license state |
We will update this list when subprocessors change. Material changes are announced under §11.
5. Retention
| Data | Retention |
|---|---|
| License activation records | Duration of Subscription Term + 7 years (for audit) |
| Subscription / account records | Duration of relationship + 7 years (Australian tax law) |
| Web server logs | 30 days |
| Support email | 3 years |
| Payment records (held by Paystack) | Per Paystack's retention policy |
| Account data after deletion request | Deleted within 90 days of request, except where retained for legal obligation |
6. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion (subject to legal retention obligations such as billing and tax records)
- Object to or restrict processing
- Data portability
- Withdraw consent where processing relies on consent
- Lodge a complaint with a supervisory authority — in Australia this is the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au; in the EU/UK, your local data protection authority
To exercise any of these rights, email privacy@phorvec.com. We will respond within 30 days.
7. International Transfers
Teressoft Pty Ltd is based in Australia. The website and license activation service are hosted on Vercel with CDN endpoints worldwide. Binary downloads are served from Cloudflare R2. Our primary database (Neon) is provisioned in a region selected for latency and compliance fit; the current region is disclosed on request. Paystack is headquartered in Nigeria with data centres serving global merchants.
If you are outside Australia, your data may be transferred across borders as part of normal operation.
For EU/UK customers: Australia does not have a European Commission adequacy decision, so cross-border transfers of EU/UK personal data rely on Standard Contractual Clauses. We will execute SCCs on request from EU/UK enterprise customers as part of a Data Processing Addendum.
For Australian customers: processing is subject to the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).
8. Security
We use commercially reasonable measures including TLS in transit, encryption at rest for license activation records, least-privilege access controls, and audit logging. Card processing is delegated to Paystack; we never see card PAN or CVV. No system is perfectly secure; we report confirmed breaches per §9.
9. Breach Notification
If we discover a breach affecting your personal data, we will notify you without undue delay and consistent with applicable law, and in any event within 72 hours where required by GDPR or similar regulations. For Australian residents, eligible data breaches will be reported to the OAIC as required by the Notifiable Data Breaches scheme.
10. Children
Phorvec is not directed at children under 16, and we do not knowingly collect personal data from children. If we learn that a child under 16 has provided personal data, we will delete it.
11. Changes to This Policy
Material changes will be announced at least 30 days before taking effect, via email to active commercial customers and a notice on the Phorvec website. Non-material changes (clarifications, formatting, new subprocessor of an existing category) take effect on publication.
12. Legal Entity and Contact
Legal entity: Teressoft Pty Ltd (the operator of the Phorvec project) Privacy contact: privacy@phorvec.com General contact: hello@phorvec.com Licensing contact: licensing@phorvec.com
Data Protection Officer: Not appointed — Teressoft Pty Ltd is below the APP-16-required threshold. A DPO / EU Representative will be designated before signing EU enterprise customers who require one.