Privacy Policy

Last updated: 5 July 2026

In plain words: we store your email address, your license key, your site's configuration, and aggregate usage counters; that's it. We set no cookies, build no visitor profiles, and keep no copy of your images or pages beyond Cloudflare's ordinary edge cache. Payment details never reach us; Stripe handles those.

1. Who is responsible

The Nivoli Edge service is operated under the trading name "Nivoli" by a Dutch private limited company (besloten vennootschap), KvK 82568650, De Grebbe 26, 3448 BV Woerden, the Netherlands (the controller for the personal data described below). Contact: support@nivoli.com.

2. Data we store about you (the customer)

3. Usage data

To meter quotas, render your dashboards, and send your reports, the service records per-request metadata: requested URL path, response status, cache outcome, response size, negotiated image format, and a bot/browser classification. This is stored in Cloudflare Analytics Engine for up to 90 days and is used in aggregate. We set no cookies, use no fingerprinting, and run no advertising or third-party analytics.

4. Your site's visitors

When visitors load your site through the service, we process their requests as a processor on your behalf. Visitor IP addresses are handled transiently by Cloudflare to route and answer requests; we do not store them or associate usage data with individual visitors. Copies of your images and pages exist only in Cloudflare's edge cache and expire under normal cache rules. A data processing agreement is available on request.

5. Email

We send transactional email only: license keys, magic links, quota warnings, monthly reports, and failure alerts, delivered via Twilio SendGrid. Report and alert emails can be disabled in the plugin (Managed Edge → Email & reports). We send no marketing email.

6. Subprocessors and third parties

PartyRoleWhat they process
Cloudflare, Inc. (US, global network)All service infrastructure: edge delivery, storage (KV), image processing, usage analyticsRequest metadata, tenant config, cached content, visitor IPs (transient)
Stripe, Inc. (US/IE)Payments: merchant of record (independent controller)Payment and billing data, your email
Twilio SendGrid (US)Transactional email deliveryYour email address, email content
Tinify B.V. (NL)Optional source-image compression, only if you enable itImage files you choose to compress. With your own Tinify key, your site talks to Tinify directly; nothing passes through us.

Transfers outside the EEA rely on the EU–US Data Privacy Framework and/or Standard Contractual Clauses maintained by these providers.

We process customer data to perform our contract with you (Art. 6(1)(b) GDPR), usage and abuse-prevention data under legitimate interest in operating and protecting the service (Art. 6(1)(f)), and billing records where the law requires retention (Art. 6(1)(c)).

8. Retention

9. Your rights

You have the GDPR rights of access, rectification, erasure, restriction, portability, and objection. Email support@nivoli.com and we will respond within one month. You can also lodge a complaint with the Dutch supervisory authority, the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).

10. Changes

We will update this policy as the service evolves and note the date at the top. Material changes affecting subscribers are announced by email.

Pricing  ·  Terms of Service  ·  Privacy Policy  ·  support@nivoli.com