+ Privacy Policy

Preview

What we know, and what we don't.

Recover.is is built so that the answer to "who can read your data?" is "only you." This page describes how we treat the small amount of personal data we do collect to operate the service, and the technical mechanisms that keep customer object data outside of human reach.

Last updated · May 2026

This page is a plain-language summary. The formal, signature-grade text ships before the first commercial contract. Until then, this represents our binding intent — if anything below conflicts with eventual signed agreements, the signed document governs.

01 /

What we collect

  • +Account data: email, name, organization, locale.
  • +Authentication metadata: tenant ID, session timestamps, IP at login.
  • +Usage telemetry: stored bytes per tenant, API request counts, error events. Aggregated, never tied to object content.
  • +Billing identifiers: registered company name, VAT number, invoice address. Stored only for invoicing and tax compliance.
  • +Support correspondence: emails you send to support@recover.is and any attachments you choose to share.

02 /

What we don't collect

  • +Object content. We never see it. Customer-side encryption is supported on every tier; even where it isn't enabled, the gateway holds DEKs in memory only and KEKs live in OpenBao.
  • +Filenames, paths, or metadata in zero-knowledge mode.
  • +Behavioural advertising signals. We do not run ad pixels, third-party tracking, or session replay tools.

03 /

Why we collect it

  • +To operate the service: route API calls, meter usage, send invoices.
  • +To meet legal obligations: tax records, GDPR Article 30 records of processing, breach notification under Article 33.
  • +To provide support: respond when you contact us, diagnose service issues.

04 /

Where it lives

  • +Account, billing, and metadata: Iceland (Atlas-hosted Postgres).
  • +Object data: Iceland (Atlas object storage).
  • +Email delivery: Resend (US) — only the email body and recipient address. Object data and metadata never transit Resend.
  • +All systems are operated under Icelandic jurisdiction. We are not subject to the US CLOUD Act.

05 /

Your rights under GDPR

  • +Access — request a copy of personal data we hold about you.
  • +Rectification — correct inaccurate personal data.
  • +Erasure — see the Article 17 deep-dive on the Security page for how this interacts with WORM storage.
  • +Portability — export your data in a machine-readable format.
  • +Object — restrict processing where we rely on legitimate interest.
  • +Lodge a complaint — with Persónuvernd, the Icelandic Data Protection Authority (personuvernd.is).

06 /

How long we keep it

  • +Account data: while your account is active, plus 30 days after closure.
  • +Billing records: seven years (Icelandic tax law).
  • +Audit logs: minimum 12 months for compliance, configurable up to your contracted retention.
  • +Support correspondence: 24 months.

+ Questions?

Email legal@recover.is and we'll respond within one business day.

Back to recover.is