Compliance
Authorix is built in Europe and committed to GDPR. Here is a plain-language overview of how we handle personal data and what rights you have.
Authorix is operated by Authorix B.V. (soon to be established), registered in the Netherlands. Our infrastructure runs within the EEA. GDPR is not an afterthought for us: it is the baseline we designed around.
Our Authority Index is built entirely from publicly available information. We do not scrape private messages, access non-public profiles, or combine public data with sensitive categories.
We process account holder data on the basis of contract. We process indexed person data on the basis of legitimate interest, which we have carefully assessed and documented.
All data is encrypted in transit and at rest. Access is restricted by role. We conduct regular security reviews and maintain an incident response process.
Authorix is operated by Authorix B.V. (soon to be established), a company registered in the Netherlands. We are a data controller under GDPR for the personal data we collect from account holders, and we act as both controller and processor in different contexts for indexed person data.
Account holders: email address, name, organization details, usage logs, and billing information (payment processing is handled by Stripe). We collect this to provide the service.
Indexed persons: publicly available information such as names, social handles, biographical data, and areas of expertise found across public platforms. We use this to compute authority scores.
Indexed persons: we retain indexed person data for as long as it remains publicly available and relevant to our authority index. We periodically review and remove profiles where the underlying public data is no longer accessible. You can also request erasure at any time (see below).
Account holders: we keep your account data for as long as your account is active, and delete it on account closure, except where we are legally required to retain certain records (such as financial data) for a defined period.
Even if you have never created an Authorix account, you may have a profile in our index based on your public online presence. Under GDPR you have the right to:
To exercise any of these rights, email contact@authorix.com. We will respond within one month. This period may be extended by two further months where necessary, in which case we will inform you within the first month. We may ask you to verify your identity before acting on a request.
Note: the right to data portability under Article 20 GDPR applies where processing is based on consent or contract. Since we process indexed person data on the basis of legitimate interest, this right does not apply in this context.
In addition to the rights above, account holders can also request portability of their account data and close their account at any time. Account closure triggers deletion of personal data, subject to legal retention requirements.
Authorix is hosted within the EEA. Where we use sub-processors outside the EEA (for example for email delivery), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.
If you are an EU-based business using the Authorix API, you are a data controller in your own right. We act as your data processor for any personal data you request via the API. A Data Processing Agreement (DPA) is available for you to review and execute. See our DPA page for details.
We have assessed our processing activities under Article 37 GDPR and determined that a Data Protection Officer appointment is not currently required. All data protection matters are handled by our privacy contact at contact@authorix.com.
If you are not satisfied with how we handle your data or your rights request, you have the right to lodge a complaint with the Dutch Data Protection Authority:
Autoriteit Persoonsgegevens
autoriteitpersoonsgegevens.nl
For any privacy or GDPR-related questions, contact us at contact@authorix.com. For the full details of our data practices, see our Privacy Policy.