Aiven Privacy Policy

9 January, 2020

Personal Data File and Controller

Name of the Personal Data File: User Register of Aiven Cloud Services

Controller: Aiven Ltd, Business ID: 2795743-5 (the “Company”)



This Privacy Policy is applied to processing of personal data of the users (“User(s)”) of the Company’s cloud services (“Service(s)”) and processed in context of the User Register of Aiven Cloud Services (“User Register”). This Privacy Policy describes the relevant principles and purposes related to processing of the Users’ personal data by the Company.

Processing of personal data in the User Register is primarily based on the User’s consent. By signing up for the Service, by using the Service or providing his/her data the User consents to processing of his/her personal data by the Company as set out in this Privacy Policy. The primary source of the data is the data provided by the User itself when using the Services.

Collected data

According to law, personal data means any information on a private individual and any information on his/her personal characteristics or personal circumstances, where these are identifiable as concerning him/her or the members of his/her family or household.

The Company stores and processes the following data provided by the User:

  • Email address

  • Full name

  • Company name

  • Credit card number (last 4 digits only)

  • Credit card expiration date

Additionally, the Company automatically collects and processes the following data about the User:

  • User’s IP addresses

  • Geographical location based on the IP address

  • Service access times

  • Statistics on page views

  • Any other automatically collectible information

Furthermore, the Company may also collect anonymized statistics about the way the User uses the Services provided by the Company.

Purpose of data collection

The primary purpose of collecting personal data is to provide Services to the User and to issue accurate charges for the use of Services.

The Company stores personal data on servers located in the European Union on servers provided by Google and Amazon Web Services. Personal data may be stored and processed in other regions only if the User has requested Services in such regions.

The personal data stored in the User Register may also be used by the Company to provide, develop and customize the Service and to communicate with the User. Such communication may include direct marketing, market research or research polls. The Company may use subcontractors when providing any services.

When necessary and to the extent required for the provision of the Service, personal data may be transferred outside of the European Union or European Economic Area. In such occasion the Company shall comply with the requirements set by the applicable law for such transfer of personal data.

Legal basis for processing personal data (European Territory Users only)

The Company provides the representations and information in this section in compliance with European privacy laws, in particular the European General Data Protection Regulation (GDPR). They are specific to Users located in EEA countries or Switzerland, so please don’t rely on the below, if you’re not a User in one of those countries.

If you are a User from the European Territories, the Company’s legal basis for collecting and using the personal data described above will depend on the personal information concerned and the specific context in which it is collected. “European Territories” mean the European Economic Area and Switzerland.

However, the Company will normally collect personal data from Users where the processing is in the Company’s legitimate business interests to, for example, administer Services and fulfill contractual obligations as a service provider. In some cases the Company may collect and process personal data based on consent.

Personal data communicated to third parties

The Company may communicate the Users’ personal data to its affiliates, cooperation partners or other third parties only to the extent as may be required and permitted by applicable laws, required for the purpose of providing the Service or defending the Company’s legitimate interests in accordance with the applicable law or required due to an acquisition or other corporate transaction.

CRM Provider/s

The Company provides the following data to the Company’s CRM provider/s (currently Hubspot and Intercom):

  • Email address

  • Full name

  • Company name

  • Communication history

  • Urchin Tracking Module (UTM) campaign tags

Payment processor

The Company provides the following data, provided by the User, to the Company’s payment processor (currently Stripe):

  • The items listed above

  • Credit card number (full)

  • Credit card security code

Website analytics providers

Google Analytics

The Company uses Google Analytics, a service which transmits anonymous website traffic data to Google servers. The Company uses reports provided by Google Analytics to help the Company understand website traffic and usage.

The Company also uses Google Analytics to send and receive data to/from Google Ads to improve the performance of the Company’s Google Ads campaigns and develop remarketing lists.

User-level and event-level is automatically deleted from Google Analytics servers after 38 months. However, the 38 month period will reset if Google Analytics detects new activity, such as a site visit.


The Company uses Hotjar, a service that helps the Company better understand user website behavior, e.g. how much time is spent on which pages, which links are clicked, what a user likes and doesn’t, etc.

Hotjar collects the following user behavior and device data:

  • Device IP address (captured and stored only in anonymized form)

  • Device screen size

  • Device type (unique device identifiers)

  • Browser information, geographic location (country only)

  • Preferred language used to display our website

Hotjar stores this information in a pseudonymized user profile. Neither Hotjar nor the Company will ever use this information to identify individual users or to match it with further data on an individual user. For further details, please see Hotjar’s privacy policy by clicking on this link.

You can opt-out to the creation of a user profile, Hotjar’s storing of data about your usage of the Company’s web properties and Hotjar’s use of tracking cookies on other websites by following this opt-out link.

Urchin Tracking Module (UTM) tags

UTM tags are appended as part of the visible URL for marketing campaigns and reports can be viewed in platforms like Google Analytics. The Company sends UTM tag information to Google Google Analytics/Intercom to evaluate campaign performance.

For example, if a user visits the website via a link with UTM parameters attached. These details, such as campaign source, medium, and name, are collected at an aggregated level and sent to Google Analytics.

Moreover, if a user who clicks a campaign link with a UTM tag becomes a registered user, the UTM information will associated with the registration and sent to Intercom. This information helps the Company assess the utility of its marketing channels.

Quality of data

To the extent required by the applicable law, the Company corrects, erases or supplements at the request of a User, possibly erroneous, unnecessary, incomplete or obsolete data processed in the User Register. However, Users are responsible for the validity and quality of the personal data they provide to the Company.

A User also is responsible for notifying the Company of any possible changes in the personal data he/she has provided. In order to correct any possibly erroneous data, the Company recommends the User to contact the Company by using the contact information provided in this Privacy Policy.

Data security

The Company has carried out reasonable technical and organizational measures to secure the personal data processed in the User Register against unauthorized access, against accidental or unlawful destruction, manipulation, disclosure and transfer and against other unlawful processing. For instance, any physical data is stored in locked facilities and access to automatically processed data is limited by user rights and passwords within the Company’s organization.


Cookies are files which are received and transmitted by a User’s device when the User is using the Company’s Service. The Company uses cookies and similar techniques to provide the Service, to improve its quality and to enhance user experience.

The Company may also use cookies and similar techniques to track the User’s behavior on its marketing site to improve the site’s performance and user experience, as well as for ad campaign tracking, targeting and attribution.

By consenting to the use of cookies in the User’s browser settings or explicitly opting into them via the consent banner upon the User’s first visit, the User consents to the Company’s use of cookies.

Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Cookies used

  • OptanonConsent

  • OptanonAlertBoxClosed

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.

Subcontractors and Sub-processors

Aiven uses certain subcontractors (including Aiven subsidiaries) to assist in providing the Aiven Services for its customers. For more information click here.

Start your free 30 day trial

Test the whole platform for 30 days with no ifs, ands, or buts.

Aiven logo

Let‘s connect

Apache Kafka, Apache Kafka Connect, Apache Kafka MirrorMaker 2, Apache Cassandra, Elasticsearch, PostgreSQL, MySQL, Redis, InfluxDB, Grafana are trademarks and property of their respective owners. All product and service names used in this website are for identification purposes only and do not imply endorsement.