Privacy Policy

Last updated: December 2024

1. Introduction

PROVITZ ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered SaaS platform and services.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, password, company name
  • Payment Information: Billing address, payment method details (processed securely via Stripe)
  • Profile Information: Optional profile photo, preferences, settings
  • Content: Text, images, and other content you create using our tools
  • Communications: Messages you send us via contact forms or support channels

2.2 Automatically Collected Information

  • Usage Data: Tool usage, features accessed, token consumption
  • Device Information: IP address, browser type, operating system
  • Cookies and Similar Technologies: Session cookies, preference cookies
  • Analytics: Page views, time spent, navigation patterns

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve our services
  • Process payments and manage subscriptions
  • Generate AI-powered content as requested
  • Send transactional emails and notifications
  • Respond to customer service requests
  • Detect and prevent fraud or abuse
  • Comply with legal obligations
  • Analyze usage patterns to improve user experience

4. Data Sharing and Disclosure

4.1 We Share Data With:

  • Service Providers: Stripe (payments), Clerk (authentication), OpenAI (AI processing)
  • Cloud Infrastructure: Vercel (hosting), Neon/Supabase (database)
  • Analytics: Anonymous usage analytics for service improvement

4.2 We Do NOT:

  • Sell your personal data to third parties
  • Use your content to train AI models (your data remains private)
  • Share your information for marketing purposes without consent

5. Data Security

We implement industry-standard security measures:

  • Encryption in transit (TLS/SSL) and at rest (AES-256)
  • Regular security audits and penetration testing
  • Access controls and authentication (OAuth 2.0)
  • SOC 2 Type II compliant infrastructure
  • Regular backups and disaster recovery procedures

6. Data Retention

  • Account Data: Retained while your account is active
  • Generated Content: Stored for 90 days (Free), 1 year (Paid plans)
  • Usage Logs: Retained for 12 months for analytics
  • Payment Records: Retained for 7 years for tax/legal compliance

7. Your Rights (GDPR & CCPA)

You have the right to:

  • Access: Request a copy of your data
  • Correction: Update inaccurate information
  • Deletion: Request account and data deletion
  • Portability: Export your data in machine-readable format
  • Opt-out: Unsubscribe from marketing communications
  • Object: Object to certain data processing activities

To exercise these rights, contact us at privacy@provitz.com

8. Cookies and Tracking

We use the following types of cookies:

  • Essential: Required for authentication and core functionality
  • Functional: Remember your preferences and settings
  • Analytics: Understand how you use our platform (can be disabled)

You can control cookies through your browser settings.

9. International Data Transfers

Your data may be transferred to and processed in countries outside your residence. We ensure appropriate safeguards are in place, including:

  • EU-US Data Privacy Framework compliance
  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission

10. Children's Privacy

Our services are not directed to individuals under 16. We do not knowingly collect personal information from children. If we discover we have collected data from a child, we will delete it immediately.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or platform notification. Continued use after changes constitutes acceptance.

12. Contact Us

For privacy-related questions or concerns:

  • Email: privacy@provitz.com
  • Address: Keizersgracht 555, 1017 DR Amsterdam, The Netherlands
  • Data Protection Officer: dpo@provitz.com

13. Legal Basis for Processing (GDPR)

We process your data based on:

  • Contract: To provide services you've subscribed to
  • Consent: For marketing communications (opt-in)
  • Legitimate Interest: Service improvement, fraud prevention
  • Legal Obligation: Tax compliance, law enforcement requests