Torvus SecurityJoin the waitlist

Legal

Privacy Notice

Last updated 2024-10-01Zero-knowledge data handling by default

1. Who we are

Torvus Security Pty Ltd ("Torvus", "we", "us") provides policy-based secure storage and release services. We operate out of New South Wales, Australia and process information on infrastructure hosted in trusted regions.

2. The information we collect

We collect:

  • Account data such as names, email addresses, and role information provided by customers.
  • Vault artefacts encrypted client-side prior to upload. Torvus never sees plaintext contents.
  • Operational metadata needed to orchestrate conditional releases, approvals, and audit events.
  • Contact details submitted via our waitlist or contact forms, which we use solely to respond to you.

3. How we use information

We use information to:

  • Provide and improve Torvus services, honouring the policies you configure.
  • Authenticate administrators and recipients and to operate security controls such as duress pause.
  • Maintain audit evidence, compliance artefacts, and provenance records.
  • Communicate service updates, incident notifications, and product information.

4. Legal bases and retention

For customers in the European Economic Area, we process data under contract performance, legitimate interests (such as protecting the service), or consent where applicable. Policy metadata and audit records are retained for the duration of the customer relationship unless law or policy requires longer retention.

5. Sharing and transfers

We do not sell personal information. We share data with vetted subprocessors required to run the platform (e.g., infrastructure hosting, secure email). Where data leaves Australia, we adopt contractual safeguards aligned with the Australian Privacy Principles and GDPR requirements.

6. Your rights

Depending on your jurisdiction you may have rights to access, correct, or delete personal information, and to object or restrict certain processing. Administrators can manage most data directly in Torvus; otherwise contact us at privacy@torvussecurity.com.

7. Security

We apply layered controls including client-side encryption, hardware-backed key custody, passkeys, and continuous monitoring. Details are available on the Security page and via our trust portal for customers under NDA.

8. Contact

Questions about this notice or privacy rights can be sent to privacy@torvussecurity.com.

This notice may change as Torvus evolves. We will post updated versions with a revised date above.

Contact privacy teamView security commitments