Last Updated: 11.07.2025
At advox GmbH (“advox”, “we”, “our”, or “us”), we take the privacy of our users seriously. This Privacy Policy explains how we collect, use, and protect your personal data when you use our services or interact with the advox platform, available at https://www.advox.io.
This policy is issued in compliance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the Austrian Data Protection Act (DSG), and other applicable privacy legislation.
advox GmbH is an Austrian limited liability company based in Vienna. We operate a Software-as-a-Service (SaaS) platform that enables users to manage creative assets, campaign production, HTML5 ad streaming, approvals, and related digital marketing workflows. In most cases, advox acts as a data processor on behalf of its customers, who serve as data controllers. In certain cases, such as account registration or support inquiries, advox also acts as a controller.
For any data protection inquiries or rights requests, you may contact us at:
Email: dataprivacy@advox.io
The specific personal data we process depends on how you use the Platform. It may include:
We do not collect special categories of data (e.g. biometric, political, or health data) unless explicitly entered by the user in a free-text field, for which the user assumes full responsibility.
We use your personal data only to deliver, improve, and secure our services. Specifically:
To register and authenticate user accounts;
To provide access to the platform features under your plan;
To manage billing, payments, and invoicing obligations;
To communicate about product updates, service issues, and support;
To fulfill our legal obligations (e.g., tax and accounting records);
To detect, prevent, and investigate security incidents or misuse;
To improve our services through aggregated, pseudonymized usage analysis.
All processing is done in accordance with one or more legal bases as defined in Article 6 of the GDPR, such as the performance of a contract, legal compliance, legitimate interest, or — where applicable — your explicit consent.
advox app uses only strictly necessary cookies required for session management, authentication, and system security.
When you visit our website at https://www.advox.io, we use cookies and similar technologies to ensure technical functionality, analyze traffic patterns, and improve marketing performance. These technologies include:
Google Analytics 4 (GA4): Used to understand how users interact with the site, including engagement, navigation paths, and device usage. Data collected is anonymized and IP addresses are truncated.
Meta Pixel (Facebook): Helps us measure ad effectiveness and retarget website visitors across Meta platforms.
Google Ads (Conversion + Remarketing Tags): Allows us to evaluate the performance of advertising campaigns and display relevant ads to prior visitors.
YouTube Embedded Player: When used, YouTube may place tracking cookies and collect usage data, including from non-logged-in users.
All non-essential tracking technologies are only activated based on your explicit consent, which is collected via our Cookie Banner in compliance with the ePrivacy Directive and § 165 of the Austrian Telecommunications Act (TKG).
You can withdraw or change your consent preferences at any time by adjusting your cookie settings in the footer of our website.
For a full breakdown of the cookies and third-party trackers we use, please refer to our separate Cookie Policy [link to cookie policy page].
These tools may involve data transfers outside the European Union. Where such transfers occur, they are subject to safeguards under Chapter V of the GDPR, including Standard Contractual Clauses.
To operate the Platform efficiently, we rely on a limited number of trusted subprocessors. These may process personal data under our instructions and are subject to strict contractual safeguards. The core subprocessors include:
Hetzner Online GmbH (Germany) – Cloud hosting infrastructure
BunnyWay d.o.o. (Slovenia/EU) – CDN services and asset streaming
Stripe Payments Europe Ltd. (Ireland) – Payment processing
[Optional: email delivery provider if used]
Each provider is subject to a Data Processing Agreement (DPA) and, where applicable, Standard Contractual Clauses (SCCs) to ensure an adequate level of protection.
advox processes your data primarily within the European Union. However, some subprocessors may transfer data to jurisdictions outside the EU/EEA. In such cases, advox ensures that:
Transfers are based on approved legal mechanisms (e.g., SCCs),
Data is encrypted and access is role-restricted,
Transfers comply with Chapter V of the GDPR.
We retain personal data only for as long as necessary to fulfill the purpose of processing. Specifically:
Account data: retained for the duration of your subscription and for 12 months after termination
Billing and invoicing data: retained for 7 years in accordance with Austrian tax law
Preview/streaming links: retained as long as the workspace is active
Support and communication records: stored for up to 12 months after ticket resolution
System logs: stored for security reasons for up to 12 months
After the expiry of these retention periods, your data will be deleted or anonymized.
As a data subject under GDPR, you have the following rights:
To access your personal data and receive a copy thereof;
To correct inaccurate or incomplete data;
To request erasure (“right to be forgotten”) under certain conditions;
To restrict processing in limited scenarios;
To object to processing based on legitimate interest;
To withdraw your consent (where applicable);
To receive your data in a portable format.
You may exercise these rights by contacting us at dataprivacy@advox.io. If you believe your data rights have been violated, you also have the right to lodge a complaint with the Austrian Data Protection Authority (www.dsb.gv.at).
We implement appropriate technical and organizational measures (TOMs) to protect your data, including:
Encrypted data transmission (TLS/HTTPS)
Password hashing using modern standards (e.g., bcrypt)
Firewall and access controls at the server level
Role-based access to platform functions
Secure storage and regular security audits
No security system is perfect, but we continually monitor and improve our systems to guard against unauthorized access and misuse.
The advox platform is not designed for individuals under the age of 16. We do not knowingly collect personal data from children under the age of 13. If such data is inadvertently submitted, we will delete it without delay.
Our services are designed for B2B users within the European Union. At this time, advox does not meet the applicability thresholds of the California Consumer Privacy Act (CCPA) or California Privacy Rights Act (CPRA). However, we monitor legal developments and will amend this policy should our obligations under California law change.
This Privacy Policy may be updated from time to time. If we make material changes, we will notify you via the platform or by email, giving you at least 30 days to review the changes before they take effect.
advox GmbH
Anzengrubergasse 24/22
1050 Vienna, Austria
Company Register: FN 646527 a
VAT ID: ATU81709368
Email: dataprivacy@advox.io
(c) 2025 - advox GmbH