Privacy Policy

Sivvy AI ("Sivvy," "we," "us," or "our") operates the Sivvy.ai platform, an AI-powered service that transforms resumes and professional information into personal websites. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services at sivvy.ai (the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Information You Provide

• Account information: Email address, name, and password when you create an account.
• Resume and professional data: Resumes, CVs, cover letters, and other professional documents you upload (PDF, Word, PowerPoint, or pasted text).
• Profile photos: Images you upload for use on your generated website.
• Professional history: Work experience, education, skills, certifications, portfolio links, and other career-related information.
• Payment information: Billing details processed through Stripe. We do not store your full credit card number on our servers.
• Communications: Messages you send to us via email or support channels.

1.2 Information Generated by AI

• Enriched content: AI-generated descriptions, summaries, and enhancements of your professional information.
• AI headshots: Artificially generated profile images based on photos you provide.
• Chat agent responses: AI-generated responses delivered through the chat agent embedded on your generated website.
• Website content: The complete generated website, including layout, copy, and design elements.

1.3 Information Collected Automatically

• Usage data: Pages visited, features used, time spent, click patterns, and interaction data.
• Device information: Browser type, operating system, device type, screen resolution, and language preferences.
• Log data: IP address, access times, referring URLs, and server logs.
• Cookies and similar technologies: See Section 8 below.

2. How We Use Your Information

We use the information we collect to:

• Provide the Service: Generate your personal website, AI headshots, enriched content, and chat agent.
• Process payments: Complete transactions and manage your subscription through Stripe.
• Improve the Service: Analyze usage patterns to enhance features, performance, and user experience.
• Communicate with you: Send account-related notifications, respond to inquiries, and provide support.
• Ensure security: Detect and prevent fraud, abuse, and unauthorized access.
• Comply with legal obligations: Meet applicable legal, regulatory, and compliance requirements.

3. AI Processing of Your Data

3.1 How AI Processes Your Information

When you upload a resume or provide professional information, our AI systems process this data to:

• Parse and extract structured information from your documents.
• Enrich and enhance your professional content (e.g., improving descriptions, suggesting summaries).
• Generate AI headshots based on photos you provide.
• Power the chat agent on your generated website to answer visitor questions about your professional background.

3.2 Third-Party AI Providers

We use multiple AI model providers to deliver our Service. Your data may be sent to these providers for processing:

We select providers based on performance, cost, and availability, and may route requests to different providers at our discretion. Each provider processes data under their respective data processing agreements with us.

3.3 No Training on Your Data

3.4 AI-Generated Content Ownership

AI-generated content (enriched text, headshots, website designs) created through the Service is generated for your use. See our Terms of Service for full details on intellectual property rights.

4. How We Share Your Information

We do not sell your personal information. We share data only in the following circumstances:

4.1 Service Providers

4.2 Public Display

Your generated website, including your name, professional information, AI headshot, and chat agent, is publicly accessible at your assigned subdomain (e.g., name.sivvy.ai). You control what information appears on your public site.

4.3 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Sivvy, our users, or others.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

5. Data Retention

• Active accounts: We retain your data for as long as your account is active and as needed to provide the Service.
• Starter tier (one-time purchase): If your account is inactive for 30 consecutive days, your data — including your generated website, uploaded documents, and AI-generated content — will be archived and subsequently purged.
• Subscription tiers (Enhanced, Premium): Data is retained for the duration of your active subscription plus 30 days after cancellation.
• Deleted accounts: Upon account deletion, we will remove your personal data from our active systems within 30 days. Some data may persist in encrypted backups for up to 90 days before being permanently deleted.
• Waitlist data: Email addresses collected via the waitlist are retained until you unsubscribe or the waitlist closes.
• Anonymized data: We may retain anonymized, aggregated data that cannot identify you for analytical purposes indefinitely.
• Legal obligations: We may retain certain data longer if required by law (e.g., tax records, fraud prevention).

6. Your Rights and Choices

6.1 All Users

Regardless of your location, you have the right to:

• Access the personal information we hold about you.
• Correct inaccurate or incomplete information.
• Delete your account and associated data.
• Export your data in a portable format.
• Withdraw consent for optional data processing at any time.

To exercise any of these rights, contact us at hello@sivvy.ai. We will respond within 30 days.

6.2 European Economic Area (EEA) Residents — GDPR

If you are in the EEA, you have additional rights under the General Data Protection Regulation:

• Legal basis for processing: We process your data based on (a) your consent, (b) performance of a contract, (c) our legitimate interests (improving the Service, preventing fraud), and (d) legal obligations.
• Right to restrict processing: You may request that we limit how we use your data.
• Right to object: You may object to processing based on legitimate interests.
• Right to data portability: You may request your data in a structured, machine-readable format.
• Right to lodge a complaint: You may file a complaint with your local data protection authority.
• Data transfers: Your data may be transferred to and processed in the United States. We ensure appropriate safeguards are in place, including standard contractual clauses where required.

6.3 California Residents — CCPA/CPRA

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to know: You may request details about the categories and specific pieces of personal information we collect, the purposes of collection, and the categories of third parties with whom we share it.
• Right to delete: You may request deletion of your personal information, subject to certain exceptions.
• Right to correct: You may request correction of inaccurate personal information.
• Right to opt out of sale/sharing: We do not sell or share your personal information for cross-context behavioral advertising.
• Right to non-discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.
• Authorized agents: You may designate an authorized agent to make requests on your behalf.

To submit a request, email hello@sivvy.ai. We will verify your identity before processing any request.

7. Data Security

We implement industry-standard security measures to protect your data, including:

• Encryption of data in transit (TLS/SSL) and at rest.
• Access controls and authentication for internal systems.
• Regular security assessments and monitoring.
• Row-level security on database records to ensure data isolation between users.

No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. We commit to promptly notifying affected users in the event of a data breach.

8. Cookies and Tracking Technologies

8.1 What We Use

• Essential cookies: Required for the Service to function (authentication, session management). These cannot be disabled.
• Analytics cookies: Help us understand how users interact with the Service. These are anonymized where possible.
• Preference cookies: Remember your settings and preferences across sessions.

8.2 Your Cookie Choices

You can manage cookie preferences through your browser settings. Disabling essential cookies may prevent the Service from functioning properly. We honor Do Not Track (DNT) browser signals where technically feasible.

9. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected data from a child under 16, we will delete it promptly. If you believe a child has provided us with personal information, please contact us at hello@sivvy.ai.

10. Third-Party Links

Your generated website may contain links to third-party websites or services (e.g., LinkedIn, GitHub, portfolio sites). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

11. International Data Transfers

Your data may be transferred to and processed in countries outside your own, including the United States, where our servers and service providers are located. We ensure appropriate safeguards are in place for international transfers, including standard contractual clauses where required by GDPR.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last Updated" date above. For significant changes, we will notify you by email or through the Service. Your continued use of the Service after changes constitutes acceptance of the revised policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us: