Privacy Policy

We collect information you provide directly to us and information generated through your use of the Services.

Account information. When you create an account we collect your name, email address, and any other information you provide during registration.

Workspace data. When you connect integrations (such as Mattermost, Slack, GitHub, Sentry, PagerDuty, or LaunchDarkly), we receive and process data from those services as necessary to provide the AI co-responder functionality. This includes incident channel messages, commit metadata, error payloads, on-call schedules, and feature flag states.

Usage data. We collect information about how you interact with the Services, including pages visited, features used, AI queries submitted, and actions taken inside incident channels.

Technical data. We collect IP addresses, browser type, device identifiers, and log data as part of operating the Services.

We use the information we collect to:

• Provide, operate, and improve the Services
• Process AI queries and return responses in incident channels
• Authenticate users and manage access controls
• Send transactional emails (account verification, billing receipts, incident summaries)
• Detect and prevent fraud, abuse, and security incidents
• Comply with legal obligations
• Communicate with you about product updates, if you have opted in

We do not sell your personal information to third parties. We do not use your workspace data to train our AI models without your explicit consent.

We share your information only in the following circumstances:

Service providers. We work with third-party vendors to operate the Services (cloud infrastructure, payment processing, email delivery, error monitoring). These providers process data on our behalf and are contractually required to protect it.

Integrations. When you connect a third-party service, data is exchanged between Serv and that service as necessary to fulfil your requests. We only read or write data from connected integrations in response to explicit actions taken by your team.

Legal requirements. We may disclose information if required to do so by law, regulation, legal process, or governmental request.

Business transfers. In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.

We retain your information for as long as your account is active or as needed to provide the Services. You may delete your account at any time through workspace settings, which will schedule deletion of your personal data within 30 days. Incident channel logs and postmortems stored in your workspace are deleted along with the workspace.

Some information may be retained longer where required by law or for legitimate business purposes such as fraud prevention.

Depending on your location, you may have the following rights regarding your personal data:

• Access. Request a copy of the personal data we hold about you.
• Rectification. Request correction of inaccurate or incomplete data.
• Erasure. Request deletion of your personal data, subject to certain exceptions.
• Portability. Request a machine-readable export of your personal data.
• Restriction. Request that we restrict processing of your data in certain circumstances.
• Objection. Object to processing of your data for direct marketing purposes.
• Withdraw consent. Where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact us at privacy@serv.so. We will respond within 30 days. If you are located in the European Economic Area you may also lodge a complaint with your local supervisory authority.

We use cookies and similar tracking technologies to operate the Services. These include:

Strictly necessary cookies. Required for authentication, session management, and security. Cannot be disabled.

Analytics cookies. Used to understand how visitors interact with our website (page views, feature usage). You may opt out via our cookie settings.

We do not use third-party advertising cookies or share data with advertising networks.

We implement industry-standard security measures to protect your information, including encryption at rest and in transit (TLS 1.2 or higher), role-based access controls, regular security reviews, and monitoring for unauthorised access.

No method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. If you believe your account has been compromised, contact us immediately at security@serv.so.

Serv is operated from the Netherlands. If you are located outside the European Economic Area, your information may be transferred to and processed in countries that do not have the same data protection laws as your jurisdiction. Where required, we rely on Standard Contractual Clauses approved by the European Commission to govern such transfers.

The Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, contact us at privacy@serv.so and we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by placing a notice on our website at least 14 days before the change takes effect. Continued use of the Services after the effective date constitutes acceptance of the updated policy.

If you have any questions about this Privacy Policy or our data practices, contact us at:

Twarix (handelsnaam: Serv) privacy@serv.so

For Data Processing Agreement requests, contact dpa@serv.so.