1. Introduction
Vynix Systems ("Vynix," "we," "us," or "our") operates the Vynix Cortex website (cortex.vynixsys.com). We are committed to protecting your privacy and handling your data transparently.
This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information. It applies to:
- Visitors to the Vynix Cortex website
- Individuals who contact us via email or contact forms
- Prospective and current clients
Vynix Systems is operated by Vinicius Libero Moreira, based in Ciudad del Este, Paraguay. For privacy-related inquiries, contact: [email protected].
2. What Information We Collect
2.1. Information You Provide Voluntarily
| What | When | Why |
|---|---|---|
| Name & Email | When you contact us via email or form | To respond to your inquiry |
| Company name & details | During the sales/onboarding process | To prepare proposals and scope services |
| Payment information | When paying for services | Processed via Lemon Squeezy/Stripe — we never see full card numbers |
| Any information in your message | When you reach out to us | To understand your needs and respond appropriately |
2.2. Information Collected Automatically
| What | How | Why |
|---|---|---|
| IP address | Server logs | Security, abuse prevention |
| Browser type & version | Server logs | Debugging compatibility issues |
| Pages visited & time on site | Analytics (if enabled) | Understanding which content is useful |
| Referring URL | Server logs | Understanding how visitors find us |
2.3. What We Do NOT Collect
- We do not use tracking cookies for advertising purposes
- We do not build user profiles for ad targeting
- We do not sell, rent, or trade your personal information
- We do not collect sensitive personal data (health, religion, political views, etc.)
- We do not collect data from children under 16
3. How We Use Your Information
| Purpose | Legal Basis |
|---|---|
| Responding to your inquiries and communicating with you | Legitimate interest / your request |
| Providing and improving our services | Legitimate interest |
| Sending proposals, invoices, and service-related communications | Contractual necessity (for clients) |
| Ensuring the security and stability of our website | Legitimate interest |
| Complying with legal obligations | Legal obligation |
We do not use your information for automated decision-making or profiling.
4. Third-Party Services We Use
To operate our business, we use the following third-party services that may process your data:
| Service | Purpose | Data Processed | Privacy Policy |
|---|---|---|---|
| Vercel / Cloudflare Pages | Website hosting | IP address, browser data | Depends on hosting choice |
| Lemon Squeezy / Stripe | Payment processing | Payment details, name, email | stripe.com/privacy |
| Google Workspace / Zoho | Email communication | Email content, attachments | Provider-dependent |
| Cal.com (if used for booking) | Appointment scheduling | Name, email, selected time | cal.com/privacy |
| Youform (if used for forms) | Contact form submissions | Form field responses | youform.com/privacy |
| Baserow (for clients) | CRM data storage | Client business data | Self-hosted — data stays on your VPS |
| OpenRouter (for clients) | AI processing | Prompt text (not PII by design) | openrouter.ai/privacy |
For clients: once your AI infrastructure is deployed, your data resides on your own Virtual Private Server. We do not have ongoing access to your customer data unless you grant it for support purposes.
4.1. Analytics
We use privacy-friendly analytics (such as Plausible) that does not use cookies and does not collect personal data. If we add analytics in the future, this policy will be updated.
Currently: no analytics are active on the Vynix Cortex website.
5. Data Retention
| Type of Data | Retention Period |
|---|---|
| Email correspondence | Duration of relationship + 2 years |
| Proposals and SOWs | Duration of relationship + 5 years |
| Payment records | As required by tax law (typically 5-7 years) |
| Server logs | 30 days (rotated automatically) |
| Client infrastructure data | Until project completion + 30 days (then deleted from our systems) |
We delete or anonymize data when it is no longer needed for the purposes described in this policy.
6. Data Security
We implement appropriate technical and organizational measures to protect your data:
- Encryption: All website traffic is encrypted via HTTPS (SSL/TLS)
- Access control: Only Vinicius (sole proprietor) has access to client communications
- Email security: We use reputable email providers with 2FA enabled
- No client data on our devices: Client infrastructure data is deployed directly to client VPS. We do not retain copies of client databases, lead lists, or customer information after project completion
- Password management: All credentials are stored in encrypted password managers, never in plain text
7. Your Rights
Depending on your jurisdiction, you may have the following rights:
| Right | What It Means |
|---|---|
| Access | Request a copy of personal data we hold about you |
| Rectification | Correct inaccurate or incomplete data |
| Erasure | Request deletion of your data ("right to be forgotten") |
| Restriction | Limit how we process your data |
| Portability | Receive your data in a machine-readable format |
| Objection | Object to processing based on legitimate interest |
To exercise any of these rights, email us at [email protected]. We will respond within 30 days.
7.1. EU/EEA Users (GDPR)
If you are in the European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR), including the right to lodge a complaint with your local data protection authority.
Our legal bases for processing are: contractual necessity (for clients), legitimate interest (for website operation and security), and consent (where explicitly given, such as for marketing communications — which we do not currently send).
7.2. Brazilian Users (LGPD)
If you are in Brazil, you have rights under the Lei Geral de Proteção de Dados (LGPD), including the right to request confirmation of processing, access, correction, anonymization, and portability of your data.
7.3. California Users (CCPA/CPRA)
If you are a California resident, you have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information.
8. International Data Transfers
Vynix Systems is based in Paraguay. If you are located outside Paraguay, your data may be transferred to and processed in Paraguay.
We ensure adequate protection for international transfers through:
- Only transferring data necessary for the service
- Using service providers with adequate security measures
- Not storing client production data on our local systems
For EU users: Paraguay is not currently subject to an EU adequacy decision. By using our services, you consent to the transfer of your data to Paraguay for the purposes described in this policy.
9. Cookies
The Vynix Cortex website currently uses no cookies for tracking or advertising.
We may use a single essential cookie in the future for:
- Remembering your cookie consent preference
- Maintaining session state if we add a client portal
Any future cookie usage will be disclosed here and, where required by law, presented for your consent before being set.
10. Children's Privacy
Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, contact us immediately and we will delete it.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. For material changes, we will make reasonable efforts to notify clients via email.
12. Contact Us
For any privacy-related questions, requests, or complaints:
Email: [email protected]
Postal: Vinicius Libero Moreira, Calle Lima, Km 7, Ciudad del Este, Alto Paraná, Paraguay
We aim to respond to all privacy inquiries within 5 business days.
This Privacy Policy was drafted with reference to GDPR, LGPD, and CCPA/CPRA requirements. It is not legal advice — consult a qualified attorney for jurisdiction-specific compliance review.