Aiven Privacy Policy

9 January, 2020

Personal Data File and Controller

Name of the Personal Data File User Register of Aiven Cloud Services
Controller Aiven Ltd, Business ID: 2795743-5 (the “Company”)


This Privacy Policy is applied to processing of personal data of the users (“User(s)”) of the Company’s cloud services (“Service(s)”) and processed in context of the User Register of Aiven Cloud Services (“User Register”). This Privacy Policy describes the relevant principles and purposes related to processing of the Users’ personal data by the Company.

Processing of personal data in the User Register is primarily based on the User’s consent. By signing up for the Service, by using the Service or providing his/her data the User consents to processing of his/her personal data by the Company as set out in this Privacy Policy. The primary source of the data is the data provided by the User itself when using the Services.

Collected data

According to law, personal data means any information on a private individual and any information on his/her personal characteristics or personal circumstances, where these are identifiable as concerning him/her or the members of his/her family or household.

The Company stores and processes the following data provided by the User:

  • Email address
  • Full name
  • Company name
  • Credit card number (last 4 digits only)
  • Credit card expiration date

Additionally, the Company automatically collects and processes the following data about the User:

  • User’s IP addresses
  • Geographical location based on the IP address
  • Service access times
  • Statistics on page views
  • Any other automatically collectible information

Furthermore, the Company may also collect anonymized statistics about the way the User uses the Services provided by the Company.

Purpose of data collection

The primary purpose of collecting personal data is to provide Services to the User and to issue accurate charges for the use of Services.

The Company stores personal data on servers located in the European Union on servers provided by Google and Amazon Web Services. Personal data may be stored and processed in other regions only if the User has requested Services in such regions.

The personal data stored in the User Register may also be used by the Company to provide, develop and customize the Service and to communicate with the User. Such communication may include direct marketing, market research or research polls. The Company may use subcontractors when providing any services.

When necessary and to the extent required for the provision of the Service, personal data may be transferred outside of the European Union or European Economic Area. In such occasion the Company shall comply with the requirements set by the applicable law for such transfer of personal data.

The Company provides the representations and information in this section in compliance with European privacy laws, in particular the European General Data Protection Regulation (GDPR). They are specific to Users located in EEA countries or Switzerland, so please don’t rely on the below, if you’re not a User in one of those countries.

If you are a User from the European Territories, the Company’s legal basis for collecting and using the personal data described above will depend on the personal information concerned and the specific context in which it is collected. “European Territories” mean the European Economic Area and Switzerland.

However, the Company will normally collect personal data from Users where the processing is in the Company’s legitimate business interests to, for example, administer Services and fulfill contractual obligations as a service provider. In some cases the Company may collect and process personal data based on consent.

Personal data communicated to third parties

The Company may communicate the Users’ personal data to its affiliates, cooperation partners or other third parties only to the extent as may be required and permitted by applicable laws, required for the purpose of providing the Service or defending the Company’s legitimate interests in accordance with the applicable law or required due to an acquisition or other corporate transaction.

CRM Provider/s

The Company provides the following data to the Company’s CRM provider/s (currently Hubspot and Intercom):

  • Email address
  • Full name
  • Company name
  • Communication history
  • Urchin Tracking Module (UTM) campaign tags

Payment processor

The Company provides the following data, provided by the User, to the Company’s payment processor (currently Stripe):

  • The items listed above
  • Credit card number (full)
  • Credit card security code

Website analytics providers

Google Analytics

The Company uses Google Analytics, a service which transmits anonymous website traffic data to Google servers. The Company uses reports provided by Google Analytics to help the Company understand website traffic and usage.

The Company also uses Google Analytics to send and receive data to/from Google Ads to improve the performance of the Company’s Google Ads campaigns and develop remarketing lists.

User-level and event-level is automatically deleted from Google Analytics servers after 38 months. However, the 38 month period will reset if Google Analytics detects new activity, such as a site visit.


The Company uses Hotjar, a service that helps the Company better understand user website behavior, e.g. how much time is spent on which pages, which links are clicked, what a user likes and doesn’t, etc.

Hotjar collects the following user behavior and device data:

  • Device IP address (captured and stored only in anonymized form)
  • Device screen size
  • Device type (unique device identifiers)
  • Browser information, geographic location (country only)
  • Preferred language used to display our website

Hotjar stores this information in a pseudonymized user profile. Neither Hotjar nor the Company will ever use this information to identify individual users or to match it with further data on an individual user. For further details, please see Hotjar’s privacy policy by clicking on this link.

You can opt-out to the creation of a user profile, Hotjar’s storing of data about your usage of the Company’s web properties and Hotjar’s use of tracking cookies on other websites by following this opt-out link.

Urchin Tracking Module (UTM) tags

UTM tags are appended as part of the visible URL for marketing campaigns and reports can be viewed in platforms like Google Analytics. The Company sends UTM tag information to Google Google Analytics/Intercom to evaluate campaign performance.

For example, if a user visits the website via a link with UTM parameters attached. These details, such as campaign source, medium, and name, are collected at an aggregated level and sent to Google Analytics.

Moreover, if a user who clicks a campaign link with a UTM tag becomes a registered user, the UTM information will associated with the registration and sent to Intercom. This information helps the Company assess the utility of its marketing channels.

Quality of data

To the extent required by the applicable law, the Company corrects, erases or supplements at the request of a User, possibly erroneous, unnecessary, incomplete or obsolete data processed in the User Register. However, Users are responsible for the validity and quality of the personal data they provide to the Company.

A User also is responsible for notifying the Company of any possible changes in the personal data he/she has provided. In order to correct any possibly erroneous data, the Company recommends the User to contact the Company by using the contact information provided in this Privacy Policy.

Data security

The Company has carried out reasonable technical and organizational measures to secure the personal data processed in the User Register against unauthorized access, against accidental or unlawful destruction, manipulation, disclosure and transfer and against other unlawful processing. For instance, any physical data is stored in locked facilities and access to automatically processed data is limited by user rights and passwords within the Company’s organization.


Cookies are files which are received and transmitted by a User’s device when the User is using the Company’s Service. The Company uses cookies and similar techniques to provide the Service, to improve its quality and to enhance user experience.

The Company may also use cookies and similar techniques to track the User’s behavior on its marketing site to improve the site’s performance and user experience, as well as for ad campaign tracking, targeting and attribution.

By consenting to the use of cookies in the User’s browser settings or explicitly opting into them via the consent banner upon the User’s first visit, the User consents to the Company’s use of cookies.

Limiting and opting out of cookies

The User may limit the use of performance, functional, and targeting cookies by the Company through changing the browser or cookie settings. The User may also update his/her cookie consent at any time via the Cookie Settings under the Terms and Policies section of’s footer

Lastly, the User can utilize industry opt-out tools provided by the member bodies below. By using these tools, the User can limit personalized ads from member companies, such as AdRoll:

Users’ rights

A User has the right to prohibit the Company from processing personal data stored on him/her in the User Register for the purposes of direct advertising, distance selling, other direct marketing, market research and opinion polls. In order to prohibit such processing, the Company recommends the User to contact the Company by using the contact information provided in this Privacy Policy.

A User also has the right to access the data stored on him/her in the User Register and upon request obtain a copy of the data. In order to access the data, the User shall provide sufficient search criteria and submit a personally signed request to the Company by using the contact information provided in this Privacy Policy.

Information for European Territory residents

If the User is a resident of a European Territory, he/she has the following enhanced rights under the EU data protection law:

  • If the User wishes to access, correct, update or request deletion of the User’s personal information, the User can contact the Company using the contact details provided under the “Personal Data File and Controller” heading at the top of the Privacy Policy.

  • The User can object to the processing of the User’s personal information and ask the Company to restrict processing of the User’s personal information. Again, the User can exercise these rights by contacting the Company using the contact details provided under the “Personal Data File and Controller” heading at the top of the Privacy Policy.

  • Similarly, if the Company has collected and processed the User’s personal information with the User’s consent, the User can withdraw your consent at any time. Withdrawing consent will not affect the lawfulness of any processing the Company conducted prior to the User’s withdrawal, nor will it affect processing of the User’s personal information conducted in reliance on lawful processing grounds other than consent.

  • Additionally, the User can withdraw consent for the Company to drop cookies by clicking the Cookie Settings link in the footer of the Company’s marketing site or by withdrawing consent for the Company when the User sees the “consent banner”.

  • The User has the right to complain to a data protection authority about the Company’s collection and use of the User’s personal information. For more information, the User can contact his/her local data protection authority. Contact details for data protection authorities in the European Territories are available here. However, if the User has any questions about the Company’s collection and use of his/her personal information, the User can contact the Company first at

Information For California residents

The Company does not operate within the scope of the California Consumer Privacy Act of 2018 (CCPA). However, NextRoll, one of the Company’s service providers does. The User can go here) to review NextRoll’s CCPA-mandated notices and disclosures.

Changes to the Privacy Policy

The Company may amend this Privacy Policy and the related information. The Company recommends that Users regularly access the Privacy Policy to obtain knowledge of any possible changes made thereto. The Company aims at informing the Users of possible changes by using reasonable and available channels.

Start your free 30 day trial

Test the whole platform for 30 days with no ifs, ands, or buts.