Privacy Policy

Version 1.0 - Effective date: 12 January 2026

Article 1 – Introduction

1.1 This Privacy Policy explains how Prevector B.V. ("Prevector", "we", "us", or "our") collects, uses, stores, shares, and protects personal data in connection with our website, products, and services.

1.2 Prevector provides AI infrastructure solutions, including Model Context Protocol (MCP) servers that offer structured access to regulatory, accounting, tax, and sustainability reporting standards. Our services are exclusively provided to business clients (B2B).

1.3 We are committed to protecting your privacy and processing your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the Dutch GDPR Implementation Act (Uitvoeringswet Algemene Verordening Gegevensbescherming, "UAVG").

1.4 By using our website or services, you acknowledge that you have read and understood this Privacy Policy.

Article 2 – Data Controller

2.1 The data controller responsible for the processing of your personal data is:

Prevector B.V.

Registered Address: Van Sint Aldegondeplein 42, 2581 TP, The Hague, The Netherlands

Chamber of Commerce (KVK): 99409127

VAT Identification Number (BTW): NL868977202B01

2.2 For any questions or requests regarding this Privacy Policy or the processing of your personal data, you may contact us at:

Email: privacy@prevector.ai

Article 3 – Personal Data We Collect

3.1 Website Data

When you interact with our website, we may collect the following personal data:

  • Contact Form Submissions: name, email address, company name, and the content of your message when you submit an inquiry through our contact form.

  • Appointment Bookings: name, email address, and scheduling preferences when you book a meeting through our calendar integration.

  • Website Analytics: anonymised and aggregated usage data collected through privacy-friendly analytics that do not track individual users or use cookies requiring consent.

3.2 Product and Service Data

When you use our products (MCP Servers), we collect the following data:

  • Account Information: company name, contact person name, email address, and billing information necessary to provide our services.

  • API Credentials: authentication tokens and API keys required to access our products.

  • Usage Metrics: information about your use of the products, including API call volumes, timestamps, and feature usage, for purposes of monitoring usage limits, billing verification, performance optimisation, and service improvement.

  • Anonymised Query Logs: anonymised records of search queries submitted to our API, collected solely to improve our search algorithms. These logs are anonymised and cannot be linked to individual clients or users.

  • Error Logs: technical diagnostic information for troubleshooting purposes, which may temporarily include query context. Such logs do not contain your confidential business data or personal data of your end users.

3.3 Important Notice Regarding Client Data

Our products (MCP Servers) do not process, store, or have access to your confidential business data, client files, or personal data of your end users. The products function as infrastructure solutions that provide access to standardised regulatory and compliance content. Any data processed by your AI systems in connection with the use of our products remains solely within your systems and under your control.

Article 4 – How We Use Your Personal Data

4,1 We process your personal data for the following purposes:

  • Service Delivery: to provide, maintain, and improve our products and services, including processing your orders, managing your account, and providing technical support.

  • Communication: to respond to your inquiries, send service-related communications, and provide information you have requested.

  • Billing and Administration: to invoice for our services and maintain accurate financial records.

  • Service Improvement: to analyse usage patterns (using anonymised data) to improve our search algorithms and product functionality.

  • Security and Compliance: to protect the security and integrity of our services, detect and prevent fraud, and comply with applicable legal obligations.

  • Legal Obligations: to comply with applicable laws, regulations, and legal processes.

Article 5 – Legal Basis for Processing

5.1 Under the GDPR, we process your personal data based on the following legal grounds:

  • Performance of a Contract (Article 6(1)(b) GDPR): processing necessary to perform our contractual obligations to you, including providing our products and services, managing your account, and processing payments.

  • Legitimate Interests (Article 6(1)(f) GDPR): processing necessary for our legitimate business interests, including responding to inquiries, improving our services, ensuring security, and conducting business development activities, provided these interests are not overridden by your rights and freedoms.

  • Legal Obligation (Article 6(1)(c) GDPR): processing necessary to comply with legal obligations, such as tax and accounting requirements, or to respond to lawful requests from public authorities.

5.2 We do not rely on consent as our primary legal basis for processing. Where consent is required for specific processing activities, we will obtain your explicit consent and inform you of your right to withdraw consent at any time.

Article 6 – Data Sharing and Recipients

6.1 We may share your personal data with the following categories of recipients:

  • Service Providers: third-party companies that provide services on our behalf, including:

  • Google Workspace (Google Ireland Limited) for email and calendar services

  • Framer B.V. for website hosting and analytics

  • Professional Advisors: accountants, legal advisors, and other professional service providers as necessary for the operation of our business.

  • Public Authorities: government agencies, regulators, or other authorities where required by law or to protect our legal rights.

6.2 All service providers are contractually bound to process personal data only on our instructions and in accordance with applicable data protection laws. We have entered into data processing agreements with these providers where required under the GDPR.

6.3 We do not sell, rent, or trade your personal data to third parties for their marketing purposes.

Article 7 – Data Location and International Transfers

7.1 All personal data processed by Prevector is stored and processed within the European Union and the European Economic Area (EEA). Our infrastructure is hosted on Google Cloud Platform in the European Union, and our business applications use EU-based data centres.

7.2 We do not transfer personal data to countries outside the EU/EEA. In the event that a transfer outside the EU/EEA becomes necessary in the future, we will ensure that appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, and we will update this Privacy Policy accordingly.

Article 8 – Data Retention

8.1 We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable laws. Our retention periods are as follows:

  • Contact Form Submissions: retained until the inquiry is resolved. If you become a client, contact data is retained for the duration of our business relationship plus seven (7) years thereafter for legal and tax purposes.

  • Client Account Data: retained for the duration of the contractual relationship plus seven (7) years thereafter, in accordance with Dutch statutory retention requirements.

  • Usage Metrics: retained for twenty-four (24) months for billing verification and capacity planning.

  • Anonymised Query Logs: retained for twelve (12) months for service improvement purposes.

  • Error Logs: retained for six (6) months for troubleshooting and diagnostic purposes.

8.2 After the applicable retention period expires, personal data is securely deleted or anonymised.

Article 9 – Your Rights

9.1 Under the GDPR, you have the following rights regarding your personal data:

  • Right of Access: You have the right to obtain confirmation as to whether we process your personal data and, if so, to request access to that data and information about how it is processed.

  • Right to Rectification: You have the right to request correction of inaccurate personal data and completion of incomplete personal data.

  • Right to Erasure: You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.

  • Right to Restriction: You have the right to request restriction of processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

  • Right to Object: You have the right to object to processing of your personal data based on legitimate interests, including direct marketing.

  • Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

9.2 To exercise any of these rights, please contact us at privacy@prevector.ai. We will respond to your request within one (1) month of receipt. In certain circumstances, this period may be extended by two (2) additional months, in which case we will inform you of the extension and the reasons for the delay.

9.3 We may request verification of your identity before processing your request to ensure the security of your personal data.

Article 10 – Cookies and Website Analytics

10.1 Our website uses privacy-friendly analytics provided by Framer that do not require cookie consent. These analytics:

  • Do not use tracking cookies or similar technologies that require consent

  • Do not track individual users across websites

  • Collect only anonymised and aggregated usage statistics

  • Are used solely to understand how visitors use our website and to improve our content

10.2 Our website may use strictly functional cookies that are essential for the operation of the website and do not require consent under applicable law. These may include cookies for session management and security purposes.

10.3 We do not use marketing cookies, advertising cookies, or third-party tracking technologies on our website.

Article 11 – Security Measures

11.1 We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption: All data in transit is protected using TLS/HTTPS encryption. Data at rest is encrypted using industry-standard encryption.

  • Access Controls: Access to personal data is restricted to authorised personnel on a need-to-know basis. API access is protected by secure authentication mechanisms.

  • Infrastructure Security: Our infrastructure is hosted on Google Cloud Platform in the European Union, which maintains industry-standard security certifications including ISO 27001 and SOC 2.

  • Incident Response: We maintain procedures to detect, investigate, and respond to security incidents and data breaches.

11.2 In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours of becoming aware of the breach, and we will notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms.

Article 12 – Business Contact Data

12.1 We may use business contact information obtained from public sources or professional networking to contact potential clients about our services. This processing is based on our legitimate interest in conducting business development activities.

12.2 You can opt out of such communications at any time by contacting us at privacy@prevector.ai or by using any unsubscribe mechanism provided in our communications.

Article 13 – Changes to This Privacy Policy

13.1 We may update this Privacy Policy from time to time to reflect changes in our data processing practices, legal requirements, or business operations.

13.2 Material changes to this Privacy Policy will be communicated to you via email (if we have your email address) and will be published on our website at least thirty (30) days prior to the effective date of the changes.

13.3 We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data. The date of the most recent revision is indicated at the top of this Privacy Policy.

Article 14 – Contact and Complaints

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us at:


Prevector B.V.

Email: privacy@prevector.ai

Website: www.prevector.ai


We will make every effort to resolve any complaints or concerns you may have regarding the processing of your personal data.

If you are not satisfied with our response, or if you believe that we are processing your personal data in violation of applicable data protection laws, you have the right to lodge a complaint with the competent supervisory authority. In the Netherlands, this is:


Autoriteit Persoonsgegevens

Postbus 93374

2509 AJ The Hague

The Netherlands

Website: www.autoriteitpersoonsgegevens.nl

Telephone: +31 (0)70 888 8500


Article 15 – Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of the Netherlands, without regard to its conflict of laws principles.


— End of Privacy Policy —

Prevector B.V.

Version 1.0 - Effective 12 January 2026

privacy@prevector.ai | www.prevector.ai

prevector

building blocks for verifiable AI

© 2026 Prevector B.V.

Solutions

Product

Services

Company

Insights

About

Contact

Legal

Terms of Service

Privacy Policy

prevector

building blocks for verifiable AI

© 2026 Prevector B.V.

Solutions

Product

Services

Company

Insights

About

Contact

Legal

Terms of Service

Privacy Policy

prevector

building blocks for verifiable AI

Solutions

Product

Services

Company

About

Insights

Contact

Legal

Terms of Service

Privacy Policy

© 2026 Prevector B.V.