Privacy Policy

When you sign up for our waitlist or early access program, we collect your email address and optionally your name, company name, and job role. When you use the Qirvo platform, we collect:

Account Information: When you create an account, we collect your email address, name, company information, and any additional profile details you provide. This information is necessary to provide you with access to our services and to communicate with you about your account.

Usage Data: We collect information about how you interact with our platform, including the features you use, the workflows you create, the commands you execute, and the time and duration of your sessions. This helps us understand how our platform is being used and identify areas for improvement.

Execution Logs: When you use Qirvo to execute commands or workflows, we generate detailed logs that include the commands run, the results produced, any errors encountered, and the timestamps of each operation. These logs are essential for providing audit trails and troubleshooting support.

Configuration Data: We store your preferences, custom configurations, workflow definitions, agent settings, and any integrations you have set up. This data is necessary to personalize your experience and provide the services you've configured.

Communication Data: When you contact our support team or communicate with us through other channels, we collect the content of those communications, including any attachments you provide.

Technical Data: We automatically collect certain technical information when you access our platform, including your IP address, browser type, operating system, device information, and the pages you visit. This is collected through server logs and, with your consent, cookies and similar tracking technologies.

We use the information we collect for the following purposes:

Providing Services: We use your information to provide, maintain, and improve the Qirvo platform. This includes processing your commands, executing workflows, storing your configurations, and providing customer support.

Communication: We use your contact information to send you important notices, respond to your inquiries, provide updates about new features and improvements, and inform you about changes to our services. With your consent, we may also send you marketing communications about products and services we think may interest you.

Account Management: Your information helps us manage your account, verify your identity, process payments (if applicable), and provide customer support. It also enables us to maintain appropriate security measures and prevent unauthorized access.

Service Improvement: We analyze usage data and feedback to understand how our platform is being used and identify opportunities to improve our services. This includes debugging, troubleshooting, and optimizing performance.

Compliance and Legal Obligations: We may use your information to comply with applicable laws, regulations, and legal requests. This includes responding to lawful requests from authorities, enforcing our terms of service, and protecting our rights and the rights of our users.

We do not sell your personal information to third parties. We may share aggregated or anonymized information that does not identify you personally for research, analytics, or other business purposes.

Your data is stored securely using industry-standard security measures:

Encryption: All data is encrypted in transit using TLS 1.3 or higher. Data at rest is encrypted using AES-256 encryption. Your workflows, execution logs, and configuration data are stored in encrypted databases with separate encryption keys per customer where applicable.

Infrastructure: We use trusted cloud infrastructure providers (currently Amazon Web Services) with SOC 2 Type II certified data centers. Our infrastructure is designed to provide high availability and data redundancy.

Access Controls: We implement strict access controls to ensure that only authorized personnel can access your data. Our employees and contractors are bound by confidentiality agreements and are trained on data protection practices.

Data Isolation: Each customer's data is logically isolated using namespace separation. Execution logs and workflow data are isolated per account to prevent unauthorized access.

Network Security: Our infrastructure includes firewalls, intrusion detection systems, and DDoS protection. We conduct regular security assessments and vulnerability scans.

Security Certifications: We maintain compliance with industry-standard security frameworks and pursue relevant certifications. Our platform undergoes regular third-party security audits.

We retain your personal information for as long as necessary to provide our services and fulfill the purposes outlined in this policy:

Account Data: We retain your account information for the duration of your account relationship with us and for a period of up to 12 months after account deletion to comply with legal obligations and resolve disputes.

Waitlist Data: If you've signed up for our waitlist but haven't created an account, we retain your email address until you request removal, create an account, or we determine the waitlist is no longer active (typically after 24 months of inactivity).

Usage and Execution Logs: We retain execution logs for up to 12 months by default, though you may configure longer retention periods based on your needs. Logs can be exported or deleted earlier upon request.

Configuration Data: Your workflow configurations and agent settings are retained for the duration of your account and for up to 6 months after account deletion to allow for data export.

Marketing Data: We stop sending marketing communications to users who unsubscribe within 10 business days. We retain unsubscribe requests to prevent future marketing contact.

Legal Hold: We may retain information for longer periods when required by law, regulation, or legal proceeding, or when necessary to protect our legal rights.

You have the following rights regarding your personal information:

Right to Access: You have the right to request a copy of the personal information we hold about you. This includes the right to know what data we collect, how we use it, and with whom we share it.

Right to Rectification: You have the right to request correction of inaccurate or incomplete personal information. You can update most account information directly through your account settings.

Right to Erasure: You have the right to request deletion of your personal information, also known as the "right to be forgotten." This right is subject to certain exceptions, such as when we need to retain data for legal obligations or legitimate business purposes.

Right to Data Portability: You have the right to receive your personal information in a structured, commonly used, machine-readable format. You can request a copy of your data in this format at any time.

Right to Restrict Processing: You have the right to request restriction of processing in certain circumstances, such as when you contest the accuracy of your data or when processing is unlawful but you oppose deletion.

Right to Object: You have the right to object to processing based on legitimate interests or direct marketing. We will stop processing unless we have compelling legitimate grounds that override your rights.

Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, contact us at privacy@qirvo.ai. We will respond to your request within 30 days.

We use cookies and similar tracking technologies to enhance your experience and collect certain information:

Essential Cookies: These cookies are necessary for the platform to function properly. They enable core features like account authentication, secure login, and load balancing. Without these cookies, our services cannot be provided. These cookies do not require your consent.

Functional Cookies: These cookies remember your preferences and settings, such as language preference, theme settings, and previously viewed content. They help personalize your experience but are not essential to core functionality.

Analytics Cookies: With your consent, we use analytics cookies to understand how visitors navigate and use our website. We use privacy-respecting analytics tools that minimize data collection and do not track you across unrelated websites. We use anonymized and aggregated data that cannot be used to identify you personally.

Managing Cookies: You can control or disable cookies through your browser settings. Please note that disabling essential cookies may impact the functionality of our services. Most browsers accept cookies by default, but you can adjust your settings to decline non-essential cookies.

Do Not Track: We respect Do Not Track signals and do not engage in cross-site tracking. However, please note that some third-party analytics providers we use may not respond to Do Not Track signals.

We may share your information with third-party service providers who assist us in operating our platform:

Cloud Infrastructure: We use Amazon Web Services (AWS) for hosting and infrastructure services. Data processed by AWS is stored in their secure data centers, and we have appropriate data processing agreements in place.

Analytics Providers: With your consent, we use analytics tools to understand website traffic and usage patterns. These providers are contractually obligated to handle data in accordance with our privacy policy and applicable data protection laws.

Authentication Services: We use third-party authentication providers (such as Auth0 or similar services) to provide secure authentication. When you log in using a third-party service, that provider may collect information according to their own privacy policies.

Payment Processors: If you make purchases through our platform, payment information is processed by our payment processor. We do not store your full payment card details; they are handled directly by our PCI-DSS compliant payment processor.

Customer Support: We use customer support tools to manage support requests and communicate with you. These providers have access to account information solely for the purpose of providing support services.

We do not sell, trade, or otherwise transfer your personal information to outside parties. All third-party service providers are contractually bound to maintain the confidentiality and security of your information.

Our services are not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are under 16, please do not use our platform or provide any personal information to us.

If we become aware that we have collected personal information from a child under 16 without verification of parental consent, we will take steps to delete that information as quickly as possible. If you believe we might have any information from or about a child under 16, please contact us at privacy@qirvo.ai.

Qirvo is based in the United States, and we primarily process data in the United States. However, we may transfer your information to other countries where our service providers operate:

Cross-Border Transfers: When we transfer personal information to countries outside your jurisdiction, we ensure appropriate safeguards are in place. This includes using Standard Contractual Clauses approved by the European Commission, or equivalent legal mechanisms for other jurisdictions.

Privacy Frameworks: We comply with applicable data protection laws regarding international data transfers. For users in the European Economic Area (EEA), transfers are conducted in compliance with the GDPR.

Data Processing Agreements: We have data processing agreements with all third-party service providers that include standard contractual clauses and ensure adequate protection of your personal information.

You may request more information about our international data transfer practices by contacting us at privacy@qirvo.ai.

In the event of a data breach that affects your personal information, we have procedures in place to respond appropriately:

Incident Response: We maintain an incident response plan that outlines the steps we take in the event of a security incident. Our security team will investigate any potential breaches promptly.

Notification: If we determine that a data breach has occurred and your personal information is at risk, we will notify you and relevant authorities within 72 hours in accordance with applicable data protection laws, such as the GDPR.

Remediation: We will take immediate steps to contain the breach, assess the impact, and implement measures to prevent future incidents. We will provide you with information about the nature of the breach and the steps we are taking to address it.

Cooperation: We will cooperate fully with any regulatory investigation or legal request related to a data breach.

We may update this privacy policy from time to time to reflect changes in our practices, technology, or legal requirements:

Notification of Changes: We will notify you of any material changes to this policy by posting a prominent notice on our website and/or sending you an email notification at least 30 days before the changes take effect.

Effective Date: The effective date of this policy is displayed at the top of this page. All changes become effective as of the posted effective date.

Your Rights: If you do not agree to the new policy, you may close your account before the changes take effect. Continued use of our services after the effective date constitutes acceptance of the updated policy.

Historical Versions: We will maintain archived versions of this privacy policy for your reference. Previous versions are available upon request by contacting privacy@qirvo.ai.

If you have any questions, concerns, or requests regarding this privacy policy or our data practices, please contact us:

Email: privacy@qirvo.ai

Mailing Address: Qirvo, Inc. [Address to be provided upon request]

Data Protection Officer: For GDPR-related inquiries from EEA users, you may contact our Data Protection Officer at dpo@qirvo.com.

We are committed to resolving any privacy concerns you may have. We will respond to your inquiry within 30 days of receipt. If you are not satisfied with our response, you may have the right to file a complaint with a data protection authority in your jurisdiction.