Privacy Policy

Effective Date: March 1, 2026 • Contact: privacy@preva.ai

Overview
Information We Collect
How We Use Information
How We Store and Protect Data
AI & Model Processing
Connected Accounts & OAuth
Cookies and Tracking
Data Retention and Deletion
Your Rights (GDPR)
Your Rights (CCPA)
Children's Privacy
International Transfers
Security Incident Notification
Changes to This Policy
Contact Us

1. Overview

PREVA provides AI personal assistants that remember context, manage email and calendar, and take actions on your behalf. We are committed to protecting your data and keeping it under your control.

Key principle: Each customer receives a dedicated, isolated server environment. No customer data is shared across customers.

2. Information We Collect

We collect only the data necessary to provide and improve the service.

2.1 Data You Provide

Conversations and messages sent to your assistant.
Preferences and instructions you provide to personalize your assistant.
Files or documents you upload or connect to the service.

2.2 Data From Connected Accounts (OAuth)

When you connect external services (e.g., Google Workspace), we may access:

Gmail: message metadata and content needed to read, draft, or send emails.
Google Calendar: event details needed to create, modify, or summarize events.
Google Drive: file metadata and content needed to read or manage documents.

The specific data depends on the permissions you approve.

2.3 Technical Data

Account identifiers and authentication data
Service usage logs (e.g., timestamps, feature usage)
IP address and device information for security and abuse prevention

3. How We Use Information

We use your data to:

Provide and operate the PREVA service
Personalize your assistant's memory and behavior
Connect to and act within your linked services (email, calendar, files)
Maintain security, prevent abuse, and ensure reliability
Provide customer support

We do not sell your data.

4. How We Store and Protect Data

4.1 Isolated Infrastructure

Each customer operates in a dedicated, isolated server instance (no shared infrastructure). Your data remains within that isolated environment.

4.2 Storage Architecture

Conversations and memory are stored in a vector database (Qdrant) within your isolated instance.
Files are stored on your customer-isolated server.

4.3 Encryption

In transit: TLS/HTTPS
At rest: Disk encryption (LUKS/FileVault) and encrypted storage where supported
Secrets: API keys and OAuth tokens are encrypted at rest

5. AI & Model Processing

PREVA uses third-party AI model providers to process your messages, including Anthropic (Claude), OpenAI, Google (Gemini), and others.

5.1 No Training on Your Data

Your conversations and data are not used to train models by PREVA or our AI providers.

5.2 Provider Retention Policies

We only use provider configurations that support zero retention / no training. Anthropic and OpenAI offer zero-retention API policies for enterprise use.

5.3 Data Stays in Your Instance

PREVA routes your data through your isolated server instance. Customer data does not leave your isolated environment except to the AI provider for immediate processing.

6. Connected Accounts & OAuth

6.1 Scopes & Permissions

We request only the minimum OAuth scopes needed to provide requested features. You can review and revoke permissions at any time via your provider account.

6.2 Token Storage

OAuth access tokens are stored encrypted within your isolated instance and are never shared across customers.

6.3 Examples of Access

Read and send email (Gmail)
Read and create calendar events (Google Calendar)
Read or manage documents (Google Drive)

7. Cookies and Tracking

We use minimal cookies for authentication and session security. We do not use advertising or tracking cookies.

8. Data Retention and Deletion

We retain your data until you request deletion.

Upon verified deletion request, we purge data from storage, including vector databases, within 30 days.
Backups associated with your instance are deleted or overwritten on a normal rotation schedule.

9. Your Rights (GDPR)

If you are in the European Economic Area or United Kingdom, you have the right to:

Access your data
Rectify inaccurate data
Erase your data
Restrict processing
Object to processing
Port your data to another provider

We provide a Data Processing Addendum (DPA) upon request.

10. Your Rights (CCPA)

If you are a California resident, you have the right to:

Know what personal information we collect and how it is used
Access your personal information
Request deletion
Not be discriminated against for exercising your rights

We do not sell personal information.

11. Children's Privacy

PREVA is not intended for children under 16. We do not knowingly collect data from children.

12. International Transfers

If your data is processed outside your jurisdiction, we use appropriate safeguards to protect it.

13. Security Incident Notification

In the event of a data breach affecting your information:

GDPR: We will notify appropriate regulators within 72 hours of discovery.
CCPA: We will notify affected users within a reasonable time.

14. Changes to This Policy

We may update this Policy from time to time. If changes are material, we will provide at least 30 days' notice.

15. Contact Us

For privacy questions or requests:

Email: privacy@preva.ai
Support: support@preva.ai
Mailing Address: 334 2nd Ave S #1103, Saint Petersburg, FL 33701