Corvena AI, Inc. ("Corvena AI," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at corvena-ai.com (the "Site"), use our platform and services (the "Services"), or interact with us in connection with our business. Please read this policy carefully. If you disagree with its terms, please discontinue use of our Site and Services.
Corvena AI is headquartered at 548 Market Street, Suite 12000, San Francisco, California 94104, United States. We operate as the data controller for personal data collected through our website and marketing activities, and as a data processor for personal data processed on behalf of our enterprise customers through the Corvena AI platform.
1. Information We Collect
1.1 Information You Provide Directly
We collect information that you voluntarily provide to us when you register for an account, request a product demonstration, subscribe to our newsletter, fill out a contact form, apply for employment, or otherwise interact with us. This information may include:
- Identity data: first name, last name, username or similar identifier, title, job function
- Contact data: business email address, telephone number, company name, business address
- Account data: login credentials (email and hashed password), account preferences, communication preferences
- Transaction data: details about purchases of our Services, billing contact information, payment method details (processed by our payment processor — we do not store full payment card numbers)
- Profile data: your preferences, feedback, survey responses, and other information you share with us
- Communications data: the content of any communications you send to us, including support requests and sales inquiries
1.2 Information Collected Automatically
When you visit our Site, we automatically collect certain technical data through cookies, log files, web beacons, and similar technologies. This information includes:
- Usage data: pages you visit, links you click, time spent on pages, referring URLs, search terms used to find our Site
- Device data: IP address, browser type and version, operating system type and version, device type, screen resolution
- Location data: general geographic location derived from IP address (country, state/region, city)
- Cookie data: identifiers stored in cookies on your device as described in our Cookie Policy
1.3 Information From Third Parties
We may receive information about you from third parties, including:
- Business partners, resellers, and referral partners who refer prospective customers to us
- Business data providers who enrich our customer records with company size, industry, and firmographic data
- Analytics providers who aggregate website usage data
- Background check providers, in connection with employment applications, subject to applicable law and your consent where required
1.4 Customer Data Processed Through the Platform
When enterprise customers use the Corvena AI platform to automate their workflows, they may submit data to our platform that includes personal data about their employees, customers, or other third parties. We process this data as a data processor under the instructions of our enterprise customers, who are the data controllers for such data. Our processing of customer data is governed by our Data Processing Agreement with each customer.
2. How We Use Your Information
We use the information we collect for the following purposes, relying on the legal bases indicated:
2.1 To Provide and Operate Our Services (Contract Performance)
- Create and manage your account
- Provide the features and functionality of the Corvena AI platform
- Process transactions and send related information including purchase confirmations and invoices
- Provide technical support and respond to service requests
- Authenticate your identity when you log into your account
- Monitor and maintain the security and integrity of our Services
2.2 To Communicate With You (Legitimate Interests or Consent)
- Respond to your inquiries and requests
- Send product updates, security alerts, and administrative messages
- Send marketing communications about our products and services (where you have consented or we have a legitimate interest)
- Conduct customer satisfaction surveys and gather product feedback
- Invite you to participate in user research, beta programs, or events
2.3 To Improve Our Services (Legitimate Interests)
- Analyze usage patterns to understand how customers use our platform and where to focus product development
- Monitor and improve the performance, security, and reliability of our infrastructure
- Develop new features and services based on customer needs
- Conduct internal research and analytics
- Train and improve our AI models (using only anonymized or aggregated data, or data from customers who have consented to training use)
2.4 To Comply With Legal Obligations
- Comply with applicable laws, regulations, and legal processes
- Respond to lawful requests from government authorities and law enforcement
- Enforce our Terms of Service and other policies
- Maintain records required by applicable tax, accounting, and regulatory requirements
- Investigate potential violations of our policies and protect against fraud and abuse
3. How We Share Your Information
We do not sell your personal data. We may share your information in the following circumstances:
3.1 Service Providers
We engage third-party service providers to perform services on our behalf, including cloud infrastructure providers, payment processors, email delivery services, customer support tools, analytics providers, and security monitoring services. These providers access your data only to the extent necessary to perform services on our behalf and are bound by contractual obligations to protect your data consistent with this Privacy Policy.
3.2 Business Partners
Where you have purchased Corvena AI through a reseller or technology partner, we may share necessary account information with that partner to facilitate your account management and support. We will inform you at the time of purchase if your information will be shared with a partner.
3.3 Professional Advisors
We may disclose your information to our legal counsel, accountants, auditors, and other professional advisors where necessary for them to provide services to us, subject to confidentiality obligations.
3.4 Legal Requirements and Protection of Rights
We may disclose your information if we believe in good faith that disclosure is necessary to comply with applicable law or legal process; to protect the rights, property, or safety of Corvena AI, our customers, or others; to prevent fraud or abuse; or to enforce our Terms of Service.
3.5 Business Transfers
If Corvena AI is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of its assets, your information may be transferred as part of that transaction. We will notify you via email or prominent notice on our Site of any such change in ownership and any material changes to how your data is used.
3.6 Consent
We may share your information with other third parties when you have given us your explicit consent to do so.
4. International Data Transfers
Corvena AI is headquartered in the United States. If you are located outside the United States, your data will be transferred to and processed in the United States, which may not provide the same level of data protection as your home jurisdiction. We implement appropriate safeguards for international data transfers, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission for transfers from the European Economic Area
- The UK International Data Transfer Agreement for transfers from the United Kingdom
- Adequacy decisions where applicable
- Binding Corporate Rules and other transfer mechanisms as appropriate
5. Data Retention
We retain your personal data for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required by law or necessary to resolve disputes, enforce our agreements, or comply with our legal obligations.
- Account data: retained for the duration of your account plus 3 years following account closure, unless a longer period is required by law
- Transaction records: retained for 7 years following the transaction date for accounting and tax purposes
- Marketing data: retained until you unsubscribe or request deletion, plus a period necessary for us to demonstrate compliance with applicable consent requirements
- Website usage logs: retained for up to 13 months and then aggregated or deleted
- Customer platform data: retained as specified in the applicable customer agreement; upon termination, customer data is deleted within 90 days unless a different retention schedule is agreed
6. Your Privacy Rights
Depending on your location, you may have the following rights with respect to your personal data:
6.1 Rights for All Users
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate or incomplete personal data
- Deletion: Request deletion of your personal data, subject to certain exceptions (for example, data we are required to retain by law)
- Opt-out of marketing: Unsubscribe from marketing communications at any time by clicking the unsubscribe link in our emails or contacting us at privacy@corvena-ai.com
6.2 Additional Rights Under GDPR (EEA and UK Residents)
- Restriction: Request restriction of processing of your personal data in certain circumstances
- Portability: Receive your personal data in a structured, commonly used, machine-readable format
- Objection: Object to processing of your personal data where we rely on legitimate interests as the legal basis
- Automated decisions: Not to be subject to solely automated decision-making, including profiling, that produces legal or similarly significant effects
- Lodge a complaint: You have the right to lodge a complaint with a supervisory authority in the EU member state of your habitual residence, place of work, or place of an alleged infringement
6.3 Additional Rights Under CCPA (California Residents)
- Know: Know what categories of personal information we have collected, the sources, the business purpose, and the categories of third parties with whom we have shared it
- Delete: Request deletion of personal information we have collected from you, subject to certain exceptions
- Non-discrimination: We will not discriminate against you for exercising your CCPA rights
- Opt-out of sale: We do not sell personal information. If this practice changes, we will update this policy and provide opt-out mechanisms as required
To exercise any of your rights, please submit a request to privacy@corvena-ai.com or write to us at the address below. We will respond to verified requests within the timeframes required by applicable law (generally 30 days, with the ability to extend by an additional 60 days for complex requests with advance notice).
7. Cookies and Tracking Technologies
We use cookies and similar tracking technologies on our Site. Cookies are small text files placed on your device when you visit our Site. For detailed information about the cookies we use, why we use them, and how you can control them, please see our Cookie Policy.
8. Security
We implement technical and organizational security measures designed to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. Our security measures include:
- Encryption of data in transit using TLS 1.2 or higher
- Encryption of data at rest using AES-256
- Access controls with role-based permissions and multi-factor authentication requirements for all employee access to production systems
- Regular security assessments and penetration testing by independent security firms
- SOC 2 Type II certification covering security, availability, and confidentiality trust service criteria
- Vendor security assessments for all third-party service providers with access to personal data
- Incident response procedures with notification processes compliant with applicable breach notification laws
No security system is impenetrable. While we take reasonable precautions, we cannot guarantee that unauthorized parties will never be able to defeat our security measures. In the event of a data breach affecting your personal data, we will notify you as required by applicable law.
9. Children's Privacy
Our Services are not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that a child under 16 has provided us with personal data without parental consent, we will take steps to delete that data. If you believe we may have collected data from a child under 16, please contact us at privacy@corvena-ai.com.
10. Links to Third-Party Websites
Our Site may contain links to third-party websites and services. This Privacy Policy does not apply to third-party websites, and we are not responsible for the privacy practices of those websites. We encourage you to review the privacy policies of any third-party websites you visit.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by updating the "Last updated" date at the top of this policy and, where required by applicable law, by providing additional notice (for example, by adding a notice to our Site or by sending you an email). Your continued use of our Site or Services after the effective date of the updated policy constitutes your acceptance of the changes.
12. Contact Us
If you have questions, concerns, or requests related to this Privacy Policy or our privacy practices, please contact us:
- Email: privacy@corvena-ai.com
- Mail: Corvena AI, Inc., Attn: Privacy Team, 548 Market Street, Suite 12000, San Francisco, California 94104, United States
For data subject requests from EEA residents, our EU representative can be contacted at: eu-privacy@corvena-ai.com
We are committed to working with you to obtain a fair resolution of any complaint or concern. If you are not satisfied with our response, you have the right to contact the relevant data protection authority in your jurisdiction.