Privacy Policy.
What we collect, how we use it, and your rights — written in plain English. The shorter the better. Last updated April 2026.
If you don't want to read 10 sections, here's the gist:
- We collect only what we need to run AIVA — your account info, your conversation data, basic usage analytics.
- We never sell your data to third parties. Ever. Not even anonymized.
- Your conversation data is processed in the region you choose (Mumbai by default for India customers).
- You can export, delete, or correct your data anytime. It takes us under 7 days.
- We don't train AI models on your customer conversations without your explicit opt-in.
What we collect.
We collect three categories of data, and we'll be specific about each. If we don't list it here, we don't collect it.
Account information
When you sign up, we collect:
- Your name and email address (so we can identify you)
- Your company name (optional, used for billing)
- A password hash (we never see your actual password — only its salted bcrypt hash)
- Your billing details when you upgrade to a paid plan (handled by Stripe; we never store your card number)
Product usage data
When you use AIVA, we record:
- Conversation transcripts handled by your assistants (this is your customers' data, in your account)
- Configuration settings — your assistant prompts, escalation rules, integrations
- Aggregate metrics — total conversations per day, average response time, resolution rate
Analytics and diagnostics
To keep the product working, we collect:
- Browser type and IP address (used to debug issues and detect fraud — not for advertising)
- Page-load events on the dashboard (which features people use; we use Plausible, not Google Analytics)
- Error logs — when something breaks, we capture the stack trace
How we use it.
The data we collect is used only to provide and improve AIVA. Specifically:
- Run the product: deliver conversations, route to the right channel, store transcripts for your dashboard.
- Bill you: generate invoices, calculate overage, send receipts.
- Support you: when you email
support@aivachat.io, our team needs to look up your account. - Improve the product: aggregate analytics tell us which features are used and which break.
- Comply with the law: we keep certain logs for 90 days for fraud detection and legal obligations.
What we never use it for
- We do not train our AI models on your customer conversations without explicit, written opt-in from you.
- We do not share data with third parties for advertising or marketing purposes.
- We do not sell anonymized or aggregated data. Ever.
Who we share data with.
We share data with a small number of service providers that we need to run AIVA. We have signed Data Processing Agreements with all of them.
| Provider | What they get |
|---|---|
| Amazon Web Services | Hosts our infrastructure and stores conversation data (Mumbai / EU / US regions) |
| Stripe | Processes billing — receives card details directly, we never see them |
| Twilio | Voice and SMS routing — sees phone numbers and call audio in transit |
| OpenAI / Anthropic | AI model inference — receives conversation text in real time, does not store after the call ends |
| Plausible Analytics | Anonymous page-view analytics for our dashboard |
Beyond these processors, we will share your data only when required by law (a court order, a valid government request) or when you explicitly direct us to (e.g. when you connect AIVA to your Zendesk or Slack).
Where we store data.
Your conversation data is stored in the region closest to where your customers are. By default:
- India customers — Mumbai (AWS ap-south-1)
- EU customers — Frankfurt (AWS eu-central-1)
- US customers — Northern Virginia (AWS us-east-1)
Enterprise customers can specify a custom region. Data is encrypted in transit (TLS 1.3) and at rest (AES-256).
How long we keep data.
| Type | Retention |
|---|---|
| Conversation transcripts | As long as you keep your account active, plus 30 days after deletion |
| Account info | 30 days after account deletion, then permanent removal |
| Billing records | 7 years (required by Indian tax law) |
| Anonymized analytics | 2 years |
| Error logs | 90 days |
Your rights.
Whether you're in India, the EU, the US, or anywhere else — you have the same rights here. We don't tier privacy by jurisdiction.
- Access: request a copy of all data we hold about you. We'll deliver it in JSON or CSV within 7 business days.
- Correction: if anything we have is wrong, ask us to fix it. We'll update it within 48 hours.
- Deletion: request that we delete your account and all associated data. Done within 30 days.
- Portability: get your data in a machine-readable format to take to another service.
- Object to processing: ask us to stop processing your data for specific purposes (e.g. analytics).
- Complain: if you think we've handled your data badly, file a complaint with your local data protection authority.
To exercise any of these rights, email privacy@aivachat.io from the address on your account.
Cookies and tracking.
We use a small number of essential cookies on aivachat.io and our dashboard. We don't use advertising cookies, third-party tracking pixels, or remarketing tags.
aiva_session— keeps you logged in (expires after 30 days of inactivity)aiva_csrf— prevents cross-site request forgery (session only)aiva_prefs— remembers your dashboard preferences (1 year, easy to clear)
For our public marketing site, we use Plausible Analytics — a privacy-respecting alternative to Google Analytics that doesn't set cookies and doesn't track individual users.
See our full Cookie Policy for details.
Children's privacy.
AIVA is a B2B product. Our service is not intended for use by anyone under 16. We don't knowingly collect personal data from children. If you believe we've inadvertently collected data from a minor, email privacy@aivachat.io and we'll delete it within 7 days.
Changes to this policy.
We update this policy from time to time. When we do, we:
- Update the “Last updated” date at the top
- Email everyone 30 days in advance of any material change
- Keep all previous versions publicly accessible
Continued use of AIVA after the new policy takes effect means you accept the changes. If you don't, you can delete your account at any time.
How to reach us.
Email questions about this policy directly to privacy@aivachat.io. A real human reads everything that comes in — and we reply within four hours during business hours.
You can also write to us at:
Attn: Privacy Officer
3rd Floor, Race Course Road
Rajkot, Gujarat 360001 · India
Our Data Protection Officer is Priya Sharma. EU-based customers can also contact our EU representative.
Legal documents
Other things to read.
Have a legal question that's not covered? Email legal@aivachat.io or contact our Privacy Officer.