Privacy and Terms

Risk-App is operated by MVCS ApS (CVR DK-45438392), Copenhagen, Denmark. The two sections below cover how we handle your data and the terms under which you use the service.

Last updated: June 2026

Privacy policy

What we collect

We collect only the information needed to operate the Risk-App service and to communicate with you. That includes:

Account data - your name, email address and organization, plus the password hash for sign-in.
Tenant content - the risks, mitigations, decisions, reports and any related metadata you and your colleagues create inside your workspace.
Operational logs - request timestamps, IP address, user agent and the audit-log entries Risk-App writes on every mutation.
Correspondence - the content of emails you send us or replies to a demo request.

We do not use third-party analytics or advertising trackers on risk-app.com or inside the application.

How we use your data

Your data is used to deliver the service, secure the system, respond to support requests and meet our legal obligations as a Danish company. We do not sell personal data, and we do not share it with third parties for marketing purposes.

Sub-processors used to run the service (cloud hosting, database, email delivery) are listed below. Each is bound by a data-processing agreement that mirrors the protections described here.

Legal basis

Processing your account data and the content you put into Risk-App is necessary to perform our contract with the customer organization (GDPR Article 6(1)(b)). Processing operational logs is based on our legitimate interest in securing and operating the platform (Article 6(1)(f)). Processing emails you send us is based on your consent and our legitimate interest in responding (Article 6(1)(a) and (f)).

Retention

We keep your workspace content for as long as your organization is a Risk-App customer. After cancellation, the content is retained for ninety days so you can change your mind, after which it is permanently deleted. Audit-log entries are retained for the lifetime of your tenant because they are part of the workspace content.

Email correspondence is retained for up to twelve months unless a longer period is required to handle an ongoing support or billing matter.

Sub-processors

Cloudflare, Inc. - edge hosting, CDN and email routing for risk-app.com.
Supabase, Inc. - managed PostgreSQL hosting for tenant data, with infrastructure inside the EU.
Stripe Payments Europe Ltd. - subscription billing and invoicing when you purchase a paid plan.

Cookies

The marketing site (risk-app.com) does not set tracking cookies. The application sets a single, strictly necessary session cookie so you stay signed in.

Your rights

Under the GDPR you have the right to access the personal data we hold about you, to ask us to correct or delete it, to object to certain processing, and to receive a copy in a portable format. You also have the right to complain to the Danish Data Protection Authority (Datatilsynet).

To exercise any of these rights, email [email protected]. We respond within one calendar month.

External links

Pages on risk-app.com and inside the application may link to external sites. Those sites have their own privacy practices and we do not control or take responsibility for them.

Contact

For privacy-related questions, write to [email protected]. Postal mail can be addressed to MVCS ApS, Copenhagen, Denmark.

Terms of use

Acceptance

By accessing risk-app.com or by signing in to the Risk-App service, you agree to these terms. If you do not agree, do not use the website or the application.

The service

Risk-App is a software-as-a-service tool for managing risks, mitigations, decisions and related records. We provide the service to your organization under a written or click-through subscription agreement; the present terms govern your individual use as a user of that subscription.

Account responsibility

You are responsible for keeping your sign-in credentials secure and for activity performed under your account. Tell us immediately if you suspect unauthorised access. Administrators of a tenant are responsible for managing the users and roles inside their workspace.

Acceptable use

You agree not to misuse the service - including, but not limited to, attempting to access another tenant's data, reverse-engineering the application, uploading malicious content, or using Risk-App to violate applicable law. We may suspend access if we reasonably believe the service is being misused.

Intellectual property

Risk-App, the risk-app.com website and the underlying source code are owned by MVCS ApS and protected by Danish and international copyright law. The content you put into your workspace remains your organization's property; we hold it on your behalf and process it only to deliver the service.

No warranty

The service is provided on an "as is" and "as available" basis. We do not warrant that it will be uninterrupted, error-free, or fit for any particular purpose. We do not warrant that any output from the recommendations engine is correct - it is a tool to inform your judgement, not a substitute for it.

Limitation of liability

To the maximum extent permitted by law, MVCS ApS is not liable for any indirect, incidental, consequential or punitive damages arising from your use of, or inability to use, the service. Our total aggregate liability for direct damages will not exceed the fees paid by the customer organization in the twelve months preceding the event giving rise to the claim.

Changes to the service or terms

We may add, change or remove features, and we may revise these terms. Material changes will be communicated to the tenant's administrators at least thirty days before they take effect. Continued use after the effective date constitutes acceptance.

Governing law

These terms are governed by Danish law. Any dispute arising from or related to the service or these terms will be brought before the courts of Copenhagen, Denmark.

Contact

Questions about these terms can be sent to [email protected].