Legal

Privacy Policy

This policy explains what personal data Vikka processes when you use our website and platform, why, and what rights you have. It covers only what Vikka itself provides; it does not cover the products or websites of our customers.

Last updated: 8 July 2026

Who we are

Vikka provides a compliance platform for the EU Battery Regulation 2023/1542, based in the Netherlands. For the personal data described here, Vikka acts as the data controller for its website and account data, and as a data processor for the product data our customers upload.

For privacy questions or to exercise your rights, contact privacy@vikka.io.

What this policy covers

This policy applies to the Vikka marketing site, the Vikka application (dashboard and chat), and the Vikka API. Public battery passport pages show only the data a customer has chosen to publish under the regulation; the underlying product data belongs to that customer.

Data we collect

We keep data collection to what the service needs:

  • Account data: your email address, used for passwordless sign-in, and your organization membership and role.
  • Product and passport data: the battery data you upload or enter (which may include manufacturer and supplier details). This is customer content, processed on your behalf.
  • Uploaded files: documents you submit for data extraction (PDF, Excel, CSV, Word or images).
  • Communications: messages you send us and the transactional emails we send you (access requests, team invites, supplier requests).
  • Technical data: IP address and basic request metadata, used only for security, abuse prevention and rate limiting.

How we use data, and our legal basis

We use data to provide and secure the service (performance of our contract with you), to prevent abuse and keep the platform safe (our legitimate interest), to send transactional messages you have asked for, and to meet legal obligations. We do not sell your data, and we do not use it for advertising.

Public passports and what stays private

A battery passport is designed to be scanned. When a customer publishes a passport, Vikka shows only a defined public tier of fields on the public QR page; sensitive commercial fields are masked or withheld. Which fields are public is set by the regulation and Vikka's field classification, not by ad-hoc choices.

Automated data extraction

When you upload a document, Vikka uses automated (AI-assisted) extraction to read battery data from it and map it to the regulation's fields. Files submitted to the public sandbox scanner are processed once to produce a result and are not stored afterwards. Extraction supports your review; it does not make legal or compliance decisions on your behalf.

Service providers

Vikka relies on a small number of vetted service providers to run the platform: cloud hosting and database infrastructure, automated data-extraction processing, and transactional email delivery. These providers act on Vikka's instructions under data-processing agreements and may only use the data to provide their service. A current list of sub-processors is available on request.

International transfers

Vikka aims to process and store data within the European Economic Area. Where a service provider processes data outside the EEA, we rely on an approved transfer mechanism (such as the European Commission's Standard Contractual Clauses) to keep the same level of protection.

How long we keep data

We keep account and passport data for as long as your organization has an active account, and afterwards only as long as needed for legal, accounting or security reasons. Security and rate-limiting records (such as IP-based counters) are short-lived. You can ask us to delete your account data, subject to any legal retention duties.

Security

Access to data is scoped per organization and enforced at the database. API keys are stored only as hashes, never in plaintext. Secrets are held in the server environment, not exposed to browsers. Public endpoints are rate-limited and access to the application requires authentication. No system is perfectly secure, but we design Vikka so that a customer's data is isolated and least-exposed by default.

Your rights

If you are in the EU/EEA, you have the right to access, correct, delete, restrict or object to the processing of your personal data, and the right to data portability. To exercise any of these, email privacy@vikka.io. You also have the right to complain to your data protection authority; in the Netherlands this is the Autoriteit Persoonsgegevens.

Where Vikka processes data on behalf of a customer (product and passport data), we will refer your request to that customer as the controller.

Cookies and local storage

Vikka uses only essential cookies needed to keep you signed in. We store small preferences (such as your theme and pinned cards) in your browser's local storage. We do not use advertising cookies or third-party tracking or analytics.

Changes to this policy

We may update this policy as the platform evolves. The date at the top shows the last change. Material changes will be communicated through the service.

Contact

Questions about this policy or your data: privacy@vikka.io.