Privacy Policy
Effective date: May 17, 2026 · Last updated: May 17, 2026
This Privacy Policy explains how Privora ("we," "us," or "our") collects, uses, stores, and shares information when you use our Answer Engine Optimization platform at privora.io. We are committed to protecting your privacy and handling your data transparently.
1. Information We Collect
Account Information
When you register, we collect your name, email address, and organization name. Authentication is handled by Descope; we store a reference to your Descope user ID rather than your password.
Usage Data
We collect information about how you use the Service, including queries you create and run, brand names and keywords you monitor, visibility scores and AI platform responses associated with your queries, and feature interaction logs.
Payment Information
Payment is processed by Paddle.com, our Merchant of Record. We do not store your full credit card number, CVV, or raw billing details. We receive only a subscription reference ID and subscription status from Paddle.
API Keys
If you provide API keys for OpenAI, Anthropic, or Perplexity, they are encrypted using AES-256 before being stored. The plaintext key is never stored in our database.
Technical Data
We collect standard server logs including IP address, browser type, operating system, referring URL, and timestamps. This data is used for security monitoring, debugging, and service improvement.
2. How We Use Your Information
- To provide, operate, and improve the Service
- To process subscriptions and send billing-related communications
- To send transactional emails (account alerts, visibility reports) when you opt in
- To detect and prevent fraud, abuse, and security incidents
- To comply with legal obligations
- To respond to your support requests
We do not sell your personal data to third parties. We do not use your brand queries or visibility data to train AI models or for advertising purposes.
3. Data Sharing
We share your data only with:
- Descope — identity and authentication provider. Processes authentication tokens and user identity data.
- Paddle.com — payment processor and Merchant of Record. Processes payment and billing information.
- AI Platform Providers — your queries are sent to OpenAI, Anthropic, and/or Perplexity to retrieve AI responses. Only the query text is sent; no personally identifiable information is included.
- Cloud Infrastructure — we host on servers in the European Union and/or India. Data is processed in these regions.
- Legal Requirements — we may disclose data when required by law, court order, or to protect our legal rights.
4. Data Retention
We retain your account data for as long as your account is active. Query run history is subject to per-plan storage limits (10 runs on Free, 50 runs on Starter, 500 runs on Agency); oldest runs are pruned when limits are exceeded.
When you delete your account, we delete your personal data within 30 days, except where retention is required by law (e.g., billing records retained for 7 years for tax compliance).
5. Security
We protect your data using TLS encryption in transit, AES-256 encryption at rest for sensitive fields, PostgreSQL row-level security to enforce tenant isolation, and regular security reviews. Access to production systems is restricted to authorized personnel.
6. Cookies
We use essential session cookies required for authentication. We do not use advertising cookies or third-party tracking cookies. You may disable cookies in your browser settings, but this will prevent you from logging in.
7. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data ("right to be forgotten")
- Object to or restrict certain processing
- Data portability (receive your data in a machine-readable format)
To exercise any of these rights, contact us at privacy@privora.io. We will respond within 30 days.
8. Children's Privacy
The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, please contact us immediately.
9. International Data Transfers
Your data may be processed in countries outside your country of residence, including India and the United States (for AI platform API calls). We take appropriate safeguards to ensure your data is protected in accordance with this Privacy Policy.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you via email or in-app notification for material changes. The updated policy will be posted at this URL with a revised effective date.
11. Contact
For privacy questions or requests, contact: privacy@privora.io