Privacy Policy
Armadillo ApS Last updated: January 2026
1. Who We Are
Armadillo provides AI governance software for organizations.
| Company | Armadillo ApS |
| Address | Copenhagen, Denmark |
| Contact | privacy@armadillo.dk |
2. What Data We Collect
2.1 Website Visitors
| Data Category | Purpose | Legal Basis |
|---|---|---|
| IP address | Security, DDoS protection | Legitimate interest |
| Browser information | Debugging | Legitimate interest |
| Contact form | Responding to inquiries | Consent |
We use no cookies for tracking or marketing.
2.2 Platform Users
| Data Category | Purpose | Legal Basis |
|---|---|---|
| Account details | Service provision | Contract |
| AI inventory data | Core platform functionality | Contract |
| Usage data | Service improvement | Legitimate interest |
3. How We Process Your Data
Armadillo processes your AI inventory data to provide governance insights. Key points:
- Your data stays yours: We don't sell or share your data
- EU-hosted infrastructure: All data stored in European data centers
- Encrypted at rest: All data encrypted using AES-256
- Encrypted in transit: TLS 1.3 for all connections
4. Data Transfers
EU-Based Services
| Service | Location | Purpose |
|---|---|---|
| Hetzner | Germany | Server hosting |
| Database | Germany | Data storage |
Transfers Outside EU
Some services may process data outside the EU. All transfers are protected by Standard Contractual Clauses (SCCs) or adequacy decisions.
5. Retention Periods
| Data Type | Retention Period |
|---|---|
| Account data | Account lifetime + 30 days |
| AI inventory data | Account lifetime + 30 days |
| Website logs | 90 days |
| Invoices | 5 years (Danish law) |
6. Your Rights
Under GDPR, you have the right to:
| Access | Obtain a copy of your data |
| Rectification | Correct inaccurate information |
| Erasure | Have data deleted ("right to be forgotten") |
| Restriction | Restrict processing |
| Data portability | Receive data in machine-readable format |
| Object | Object to processing |
Contact us at privacy@armadillo.dk to exercise your rights. Response within 30 days.
7. Security
We protect data with:
- Encrypted connections (TLS 1.3)
- Encrypted data at rest (AES-256)
- Access control (need-to-know basis)
- Regular security audits
- Incident response procedures
8. Complaints
You may file a complaint with the Danish Data Protection Agency:
| Authority | Datatilsynet |
| Address | Carl Jacobsens Vej 35, 2500 Valby, Denmark |
| dt@datatilsynet.dk | |
| Website | datatilsynet.dk |
9. Changes
We update this policy when significant changes occur. The latest version is always available at this URL.