Privacy Policy

Last updated: December 2024

This Privacy Policy describes how Qivio ("we", "us", or "our") collects, uses, and shares information about you when you use our website and services (the "Service").

1. Information We Collect

1.1 Information You Provide

• Account Information: When you register, we collect your email address and password (stored securely using bcrypt hashing).
• Payment Information: Payment details are processed directly by Stripe. We do not store your credit card information.
• Content: Messages you send through our chat interface and YouTube video URLs you provide.

1.2 Information Collected Automatically

• Usage Data: We track your usage of the Service (number of videos loaded, messages sent) for billing and service improvement.
• Log Data: Server logs may include IP address, browser type, and timestamps for security and debugging purposes.

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Process transactions and manage your subscription
• Send you service-related communications
• Respond to your requests and support inquiries
• Detect and prevent fraud or abuse
• Comply with legal obligations

3. Data Processors and Third Parties

We share your information with the following third-party service providers who help us operate the Service:

All third-party providers are bound by data processing agreements that comply with GDPR requirements.

4. Data Retention

• Account Data: Retained while your account is active and for 30 days after deletion.
• Conversations: Stored indefinitely unless you delete them or your account.
• Usage Logs: Retained for 90 days for security and debugging.
• Payment Records: Retained for 7 years as required by tax regulations.

5. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the following rights:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate personal data
• Erasure: Request deletion of your personal data
• Portability: Receive your data in a structured, machine-readable format
• Restriction: Restrict processing of your personal data
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise these rights, contact us at privacy@qivio.app.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit (TLS/HTTPS)
• Secure password hashing (bcrypt)
• Session token security
• Regular security reviews

7. International Data Transfers

Your data may be processed outside the European Economic Area (EEA) by our third-party providers. We ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.

8. Cookies

We use essential cookies required for the Service to function:

• Session Cookies: To maintain your login state

We do not use tracking or analytics cookies without your consent.

9. Children's Privacy

The Service is not intended for children under 16. We do not knowingly collect personal information from children under 16. If you believe we have collected such information, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last updated" date.

11. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

• Email: privacy@qivio.app

12. Data Controller

The data controller responsible for your personal data is:

[Your Company Name]
[Your Address]
Poland
EU VAT: [Your VAT Number]