Sign in Get in touch
Legal

Privacy policy.

We collect as little personal data as we can get away with, store only what we need to run the business, and never sell or share it. Plain English below — long version after.

Last updated: April 29, 2026

The short version

  • We use Plausible Analytics for website stats. It's cookieless, doesn't track you across sites, and doesn't collect personal data.
  • Customer billing and project records live in Odoo Cloud, hosted in the EU and operated under a GDPR-compliant data processing agreement.
  • We don't sell your data, don't share it with advertisers, and don't run third-party trackers on this site.
  • We're based in Antwerp, Belgium, and operate under the EU's GDPR.

Who we are

This privacy policy applies to the website at cloudnovi.com and the services we provide under the Cloudnovi name. The data controller is:

Cloudnovi BV
Kernenergiestraat 19
2610 Antwerpen, Belgium (visits by appointment only)
VAT BE0727 732 404
info@cloudnovi.com

Scope and sister brands

This policy covers cloudnovi.com and the services we sell under the Cloudnovi brand only. Cloudnovi BV operates other brands — including KGB Hosting (kgbhosting.com) and NETVPX (netvpx.com) — that serve a broader audience, including consumers, and may collect different data for different reasons.

Each of those brands publishes its own privacy policy on its own website. If you signed up there, that policy is the one that applies to you, not this one. Statements like "we sell B2B services only" or "we don't process consumer data" in this document apply to Cloudnovi specifically, not to the wider group.

What we collect

Three categories, depending on how you interact with us:

  1. Visitors to cloudnovi.com. Aggregate, anonymous usage statistics — pages viewed, referrer, country, device type. No cookies, no fingerprinting, no individual profiles. See website analytics.
  2. People who contact us. The information you choose to send through the contact form or by email — typically name, email, company, and a description of what you'd like help with.
  3. Customers. Whatever is needed to deliver the engagement and meet our legal obligations: company name, billing address, VAT number, contact persons, signed agreements, invoices, and project correspondence.

We do not collect special-category data (health, biometric, political opinion, etc.). If your project would require us to handle such data, that's a conversation we have explicitly and contractually before any data is shared.

Why we collect it

Each category has a specific legal basis under GDPR Article 6:

  • Visitor analytics — legitimate interest (running and improving the site). Because Plausible is cookieless and aggregate, no consent is required under the ePrivacy Directive.
  • Contact form and email — to respond to your enquiry. Legal basis: your request, or our pre-contractual interest in talking to you.
  • Customer records — to deliver the services we agreed to and to comply with Belgian tax, accounting, and contract law. Legal basis: contract performance and legal obligation.

Website analytics

We use Plausible Analytics, a privacy-friendly, EU-hosted analytics service. Plausible:

  • Does not use cookies and does not store anything in your browser.
  • Does not collect personal data or personally identifiable information.
  • Does not track you across other websites.
  • Generates anonymous, aggregate statistics — there is no individual user record to look up.

The Plausible script is loaded from our own subpath (/p/js/...) so we don't expose your IP to a third-party CDN. Because no personal data is processed, no consent banner is required for analytics on this site.

Contact form

When you submit the contact form, the data is verified by Cloudflare Turnstile (a privacy-respecting CAPTCHA alternative) and forwarded to a private internal channel where one of our engineers reads it. The form data is also stored as a CRM lead in our Odoo Cloud instance, which is hosted in the EU. We don't store form submissions in third-party marketing tools.

Cloudflare may briefly process your IP address and a Turnstile challenge token to determine whether the request looks human. Cloudflare acts as a processor and does not use this data for advertising. Their privacy notice: cloudflare.com/privacypolicy.

Customers and billing

If we sign a contract, the records that follow — proposals, invoices, project notes, signed agreements, support tickets — live in our Odoo Cloud instance, hosted in the EU and covered by a GDPR-compliant data processing agreement with Odoo S.A. (Belgium). Email exchanged during the engagement is hosted with our email provider, which acts as a processor.

Cloudnovi itself does not run a customer-facing platform that collects end-user data on your behalf. Anything we touch on your systems is governed by the Data Processing Agreement attached to your engagement.

Sharing and processors

We don't sell personal data. We don't trade it. We don't share it with advertisers. The only third parties that ever touch it are vendors strictly necessary to operate the business, each acting as a processor under written agreement:

  • Cloudflare — CDN, DNS, Turnstile (request handling and bot mitigation).
  • Plausible Analytics — anonymous, aggregate site statistics (EU-hosted).
  • Odoo S.A. — Odoo Cloud ERP/CRM, EU-hosted, where we keep customer records, leads, invoices, and project documentation.
  • Our email provider — to operate Cloudnovi's mailboxes and the email exchanged during engagements.
  • Our accountant and bank — to meet Belgian tax and accounting obligations.

Where any of these vendors process data outside the EU/EEA, we rely on the EU Standard Contractual Clauses or an adequacy decision.

How long we keep it

  • Analytics: aggregate forever; no individual records exist.
  • Contact-form messages: up to 24 months, then deleted unless they led to an engagement.
  • Customer records: for the duration of the engagement plus the retention periods required by Belgian law (currently 7 years for invoices and accounting).
  • Email: kept only as long as it's operationally relevant; older threads are archived or removed in line with our internal retention schedule.

Your rights

Under GDPR, you have the right to:

  • Access the personal data we hold about you.
  • Have it corrected if it's wrong.
  • Have it deleted, where we don't have a legal obligation to keep it.
  • Restrict or object to certain processing.
  • Receive your data in a portable format.
  • Withdraw any consent you previously gave.
  • Lodge a complaint with the Belgian Data Protection Authority (dataprotectionauthority.be).

Email info@cloudnovi.com and we'll respond within 30 days. We don't charge for routine requests.

Security

Infrastructure is what we do for a living, so we take our own as seriously as our customers'. TLS everywhere, encrypted backups, least-privilege access, audited admin actions, and patched, monitored systems. If we ever suffer a breach involving personal data, we'll notify the Belgian Data Protection Authority within 72 hours and tell affected people directly when required.

Children

Cloudnovi sells B2B infrastructure and DevOps services exclusively — there's no consumer signup, no individual account, nothing targeted at minors. The site isn't aimed at children, and we don't knowingly collect data from anyone under 16. (Our sister brands have a wider audience and address children separately in their own policies.)

Changes

If we update this policy materially, we'll change the "last updated" date at the top and, if it affects existing customers, notify them by email. Past versions are available on request.

How to reach us

For anything privacy-related — questions, requests, complaints — write to info@cloudnovi.com with "Privacy" in the subject line. A real engineer reads it.