Privacy Policy

1. Introduction

Clevaura, Inc. ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered workspace platform, website, applications, and related services (collectively, the "Service").

This Privacy Policy applies to all users of our Service, including visitors to our website, registered users, and enterprise customers. By using our Service, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Information You Provide Directly

• Account Information: Name, email address, username, password, profile picture, and billing information
• Content Data: Documents, files, notes, tasks, projects, messages, and other content you create, upload, or store
• Communication Data: Messages, emails, chat conversations, video call recordings (when enabled), and support communications
• Preference Data: Settings, configurations, workspace customizations, and feature preferences
• Payment Information: Billing address, payment method details (processed securely through third-party providers)

2.2 Information Collected Automatically

• Usage Data: Feature usage, time spent in application, frequency of use, and interaction patterns
• Device Information: IP address, browser type, operating system, device identifiers, and hardware specifications
• Log Data: Access logs, error reports, performance metrics, and security events
• Location Data: General geographic location based on IP address (not precise location)
• Cookies and Tracking: Session cookies, preference cookies, and analytics data

2.3 Information from Third Parties

• Integration Data: Information from connected third-party services (with your explicit permission)
• Authentication Data: Single Sign-On (SSO) information from identity providers
• Public Sources: Publicly available information to enhance our services

3. How We Use Your Information

3.1 Service Provision

• Providing and maintaining our AI-powered workspace platform
• Processing and storing your content securely
• Enabling collaboration features and real-time synchronization
• Operating AI agents and automation features
• Facilitating search across your data and integrations

3.2 AI and Machine Learning

• Training and improving AI models (using aggregated, anonymized data only)
• Providing personalized AI assistance and recommendations
• Enhancing search relevance and accuracy
• Detecting and preventing security threats

3.3 Communication and Support

• Responding to your inquiries and providing customer support
• Sending service-related notifications and updates
• Communicating about new features and improvements
• Conducting user research and feedback collection

3.4 Business Operations

• Processing payments and managing subscriptions
• Monitoring usage and preventing abuse
• Analyzing platform performance and user engagement
• Complying with legal obligations and enforcing our terms

4. Legal Basis for Processing (GDPR)

For users in the European Union, we process your personal data based on the following legal grounds:

• Contractual Necessity: To perform our services under our Terms and Conditions
• Legitimate Interest: To improve our services, ensure security, and conduct business operations
• Consent: For marketing communications and optional features (which you can withdraw anytime)
• Legal Obligation: To comply with applicable laws and regulations

5. Information Sharing and Disclosure

5.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for monetary or other valuable consideration.

5.2 Limited Sharing

We may share your information only in the following circumstances:

• Service Providers: Trusted third-party vendors who assist in service delivery (under strict data processing agreements)
• Team Members: With other users in your workspace as necessary for collaboration
• Legal Requirements: When required by law, court order, or to protect our rights and safety
• Business Transfers: In case of merger, acquisition, or asset sale (with user notification)
• Consent: With your explicit permission for specific purposes

6. Data Security and Protection

6.1 Security Measures

• End-to-End Encryption: AES-256 encryption for data at rest and TLS 1.3 for data in transit
• Multi-Factor Authentication: Required by default for all user accounts
• Zero Trust Architecture: Role-based access controls with principle of least privilege
• Regular Security Audits: Penetration testing and vulnerability assessments
• SOC 2 Type II Compliance: Annual compliance audits for enterprise security standards
• Data Isolation: Logical separation of customer data with strict access controls

6.2 Data Retention

We follow a zero data retention policy where possible:

• Content data is retained only as long as you maintain an active account
• Account data is deleted within 30 days of account termination
• Log data is retained for 90 days for security and performance monitoring
• Billing records are retained as required by law (typically 7 years)
• Anonymized analytics data may be retained indefinitely for service improvement

7. Your Privacy Rights

7.1 General Rights

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your personal data
• Portability: Export your data in a standard format
• Objection: Object to certain processing activities

7.2 GDPR Rights (EU Residents)

• Right to Rectification: Correct incomplete or inaccurate data
• Right to Erasure: "Right to be forgotten" under specific circumstances
• Right to Restrict Processing: Limit how we process your data
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for consent-based processing

7.3 CCPA Rights (California Residents)

• Right to Know: Information about data collection and use
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt-out of sale of personal information (we don't sell data)
• Right to Non-Discrimination: Equal service regardless of privacy choices

7.4 Exercising Your Rights

To exercise your privacy rights, contact us at privacy@clevaura.com or through your account settings. We will respond within 30 days (or as required by applicable law).

8. Cookies and Tracking Technologies

8.1 Types of Cookies

• Essential Cookies: Required for basic functionality and security
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Help us understand usage patterns and improve our service
• Marketing Cookies: Used for targeted advertising (with consent)

8.2 Cookie Management

You can control cookies through your browser settings or our cookie preference center. Note that disabling essential cookies may affect service functionality.

9. International Data Transfers

We operate globally and may transfer your personal data to countries outside your residence. For transfers from the EU:

• We use Standard Contractual Clauses (SCCs) approved by the European Commission
• We implement additional safeguards such as encryption and access controls
• We conduct transfer impact assessments for high-risk transfers
• We maintain records of all international data transfers

10. Children's Privacy

Our Service is not intended for children under 16 years of age (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete such information promptly.

11. Third-Party Services and Links

Our Service may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to those external services. We encourage you to review their privacy policies before providing any personal information.

12. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

• Notify relevant supervisory authorities within 72 hours (where required)
• Inform affected users without undue delay
• Provide clear information about the nature and scope of the breach
• Outline steps we're taking to address the breach
• Recommend actions you can take to protect yourself

13. Privacy by Design

We implement privacy by design principles in our development process:

• Data Minimization: We collect only data necessary for our services
• Purpose Limitation: Data is used only for specified, legitimate purposes
• Storage Limitation: Data is retained only as long as necessary
• Privacy by Default: Highest privacy settings are applied automatically
• Transparency: Clear information about data processing activities

14. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Posting the updated policy on our website with a new effective date
• Sending email notifications to registered users
• Providing in-app notifications for significant changes
• Obtaining renewed consent where required by law

Your continued use of our Service after the effective date constitutes acceptance of the updated Privacy Policy.

15. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

16. Supervisory Authority

If you are located in the European Union and believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection supervisory authority.