Skip to main content

Privacy Policy

Last updated: February 22, 2026

GDPR / RGPD Compliance Statement

The AV Index respects your privacy and is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR / RGPD). We practice strict data minimization, meaning we only collect what is absolutely essential for the service to function.

1. Data Controller

For the purposes of the General Data Protection Regulation (GDPR), the Data Controller is The AV Index. If you have any questions about this Privacy Policy, you can contact us at hello@theavindex.com.

2. Information We Collect

We believe in data minimization. We only collect the following personal information when you register:

  • Email Address: Used strictly for account identification, transactional emails, and password resets.
  • Name: Used to personalize your dashboard experience.
  • Authentication Credentials: Passwords are cryptographically hashed using standard security protocols. We never store or see your plaintext password. If you use Google OAuth, we only receive a secure authentication token and your public Google profile data (Name, Email, Profile Image).

3. How We Use Your Information

Your personal data is used exclusively to provide and improve the AV Index service:

  • To create and maintain your account.
  • To remember your usage limits (Scout Credits).
  • To save your personal Bookmarks and generated AI Scout History.
  • To send system notifications (which you can opt out of).

We do not sell your personal data to third parties.

4. Data Storage and Third-Party Processors

To provide our service, we use industry-leading sub-processors that are strictly vetted for GDPR compliance:

  • Neon (Database): Your encrypted data is stored in secure, cloud-hosted PostgreSQL databases managed by Neon.
  • Render (Hosting): Our application code and APIs run on secure infrastructure provided by Render.
  • Resend (Email): Used strictly for sending requested transactional emails (e.g., password resets, alerts).

5. Use of Cookies

We use necessary session cookies to keep you logged in (via NextAuth). These are strictly necessary for the service to function and do not require consent under RGPD.

We may also use optional analytical cookies to understand how users interact with our site. We will never set these non-essential tracking cookies unless you explicitly click "Accept All" on our Cookie Consent Banner. You can revoke this consent at any time.

6. Your Data Rights (RGPD)

Under the GDPR, you have the following fundamental rights regarding your personal data:

  • The Right to Access: You can view your account data anytime within your Dashboard. You may also request a full copy of your data file.
  • The Right to Erasure ("Right to be Forgotten"): You have absolute control. You can permanently delete your account and all associated personal data instantly by navigating to Settings → Danger Zone → Delete Account. Actioning this will immediately purge your user record from our database.
  • The Right to Rectification: You can update your name and email addresses within your Settings.

7. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date.