Vivaryum
Beta

Effective 18 May 2026

Privacy Policy

This policy explains how Vivaryum Pty Ltd (“Vivaryum”, “we”, “us”) handles information when you use our research animal record-keeping platform at vivaryum.com.

1. Who we are

Vivaryum is a software-as-a-service platform for research animal record management, developed and operated by Vivaryum Pty Ltd, registered in Victoria, Australia.

Under data protection law, Vivaryum is a data processor: we handle data on behalf of the organisations that subscribe to the platform. Each subscribing organisation is the data controller for what its members enter into Vivaryum.

2. What we collect

We only collect what is needed to run the service:

  • Your email address, which we use to send login links and identify your account.
  • A display name, if you or your organisation administrator sets one.
  • Your organisation membership and role, so we know which data you can access.
  • A record of actions you take within the platform (creating, editing, or deleting records), attributed to your account in the audit log.
  • Payment details if your organisation is on a paid plan. Payments are processed by Creem.io; we do not store your card details.
  • Standard server logs (IP address, browser type, pages visited), kept for up to 90 days for security purposes.

The records your organisation creates are stored in our systems on your behalf. We do not read or use that content for any purpose other than running the service.

3. How we use your information

We use the information we collect to:

  • Authenticate you and give you access to the platform.
  • Attribute record actions to your account in the audit log.
  • Send transactional emails such as login links and billing receipts. We do not send marketing email without your explicit consent.
  • Investigate security incidents and enforce our Terms of Service.
  • Meet our legal obligations.

4. Storage and security

Your data is stored on servers in Australia. All data in transit is encrypted using TLS, and data at rest is encrypted at the storage level.

Record content is stored in a version-controlled, content-addressed format. User identifiers in the version history are opaque UUIDs with no name, email, or other personal details embedded. This means that if an account is deleted, the personal details are removed while the historical audit trail stays intact.

We run access controls, audit logging, and routine security reviews. If a confirmed personal data breach occurs, we will notify affected customers within 72 hours of becoming aware of it.

5. Who we share data with

We do not sell or rent your personal data. The only circumstances in which we share it are:

  • With service providers (hosting, databases, billing, transactional email), each bound by a data processing agreement.
  • Where required by law, regulation, or a valid legal order.
  • If Vivaryum is sold or merged with another entity, in which case you will be notified in advance.

6. Data retention

We keep your account data for as long as your account is active. If you close your account, we will delete your personal details (name and email) within 30 days. Your organisation's record history references you by UUID rather than by name or email, and may be retained indefinitely for compliance purposes under your organisation's subscription.

Organisation data is kept for 30 days after subscription cancellation, then permanently deleted. Please export your data before cancelling.

7. Your rights

Depending on where you are based, you may have rights to access, correct, or delete your personal data. Individual users should direct requests to their organisation administrator in the first instance, as the administrator is the data controller. Your administrator can contact us on your behalf.

For direct requests, email privacy@vivaryum.com. We will respond within 30 days.

8. Cookies

Vivaryum uses session cookies required for authentication. We do not use tracking, analytics, or advertising cookies.

9. Changes to this policy

If we make material changes to this policy, we will notify you by email and post a notice in the platform at least 14 days before the change takes effect. Continuing to use Vivaryum after that date means you accept the updated policy.

10. Contact

Privacy questions? Email us at privacy@vivaryum.com.

Terms of Service →