AveyaAveya
Menu
Partner with AveyaBook a Demo

Privacy policy

How Aveya collects, uses, and protects information, with a focus on privacy, tenant isolation, and transparency.

Book a demo
Summary
  • Your documents and conversations are processed to answer your queries, not to train models.
  • Customer content stays isolated per tenant.
  • We use vetted infrastructure providers to run Aveya (including Azure).
  • You can request access, export, correction, or deletion.
Effective date
January 1, 2026
Last updated
January 1, 2026

This Privacy Policy explains how Brinkworks Limited trading as Aveya (“Aveya”, “we”, “our”, “us”) handles personal information and customer data when you use our website and services.

1. Who we are

Aveya is operated by Brinkworks Limited (Auckland, New Zealand).

In most customer deployments, we act as a data processor for customer content (documents, files, queries, and responses) and the customer acts as the data controller. For website visitors (e.g., demo requests), we typically act as the controller for that information.

2. Information we collect

2.1 Account and contact information

  • Name and email address
  • Organisation or company information
  • Authentication data needed to sign in and secure access
  • Billing and payment information (handled by third-party payment providers where applicable)

2.2 Customer content

We process the content you upload and submit in order to provide the service, which may include:

  • Documents, files, and images you upload
  • Questions and prompts you submit
  • Conversation history and assistant outputs inside the platform
  • Operational data you choose to connect or upload (e.g., inventory or knowledge sources)

2.3 Usage and technical data

  • Log and device data (such as IP address, browser type, OS)
  • Service usage patterns, feature utilisation, and performance metrics
  • Error logs and diagnostics (to maintain reliability and security)

We use usage and diagnostic data to improve reliability and security. We do not use customer content for advertising or behavioural profiling.

3. How we use information

3.1 Provide and operate the service

  • Provide, operate, and maintain the Aveya platform
  • Process your content to generate answers and outputs
  • Manage accounts, access controls, and customer support
  • Process billing and maintain required financial records

3.2 Improve reliability, safety, and performance

We use technical telemetry and aggregated analytics to keep Aveya secure, stable, and improving over time (for example: monitoring errors, performance, and abuse prevention).

3.3 Legal bases (where applicable)

Depending on your location and the context, we rely on one or more legal bases such as performing a contract (providing the service), legitimate interests (security and service improvement), compliance with legal obligations, and consent (where required, e.g., certain cookies).

4. No model training on your content

Your uploaded documents, conversations, and business data are not used to train Aveya models or any third-party foundation models. Your content is processed to deliver the service to you.

5. How we share information

5.1 No selling of customer content

We do not sell or rent customer content. We do not share customer content with third parties for their marketing purposes.

5.2 Subprocessors and service providers

We use trusted providers to run Aveya. Depending on your deployment and configuration, this may include:

  • Cloud infrastructure and hosting (e.g., Microsoft Azure)
  • Model processing providers (used for inference/processing only)
  • Payment providers (where applicable)
  • Website analytics providers (for site performance and usage insights)

We limit data shared with providers to what’s needed to operate and support the service. A current list of subprocessors is available on request.

5.3 Legal requirements

We may disclose information if required to do so by law or valid legal process, or where necessary to protect rights, safety, and security (including fraud and abuse prevention).

6. Security

6.1 Safeguards

  • Encryption in transit (TLS) and at rest (encryption at storage level)
  • Access controls and authentication requirements
  • Monitoring, logging, and security review practices
  • Secure development practices and change controls

6.2 Tenant isolation

Aveya is designed to isolate customer data from other customers, using tenant-aware access controls and separation patterns appropriate to the deployment model.

7. Retention and deletion

7.1 Retention periods

  • Account information: retained while your account is active and for a limited period after closure
  • Customer content: retained for as long as you keep it in the service (unless deleted)
  • Security and diagnostic logs: retained only as long as necessary for security and reliability
  • Billing records: retained as required for tax and accounting obligations

7.2 Deletion requests

You can request deletion of personal information and/or customer content. Where we can’t delete immediately (for example, due to legal obligations), we’ll restrict use and keep it only as required.

8. Your rights

Depending on your jurisdiction, you may have rights to:

  • Access and receive a copy of personal information
  • Correct inaccurate information
  • Request deletion (subject to legal/contractual constraints)
  • Object to or restrict certain processing
  • Data portability (where applicable)

9. Cookies and analytics

9.1 Cookies we use

  • Essential cookies for authentication and session management
  • Preference cookies (e.g., theme)
  • Analytics cookies to understand website performance and usage
  • Security-related cookies or similar mechanisms to prevent abuse

9.2 Google Analytics

We use Google Analytics to understand website usage and improve the site experience. You can control cookies through your browser settings.

10. International transfers

Data storage and processing location depends on your deployment model and chosen region. If information is transferred internationally, we use appropriate safeguards (such as contractual protections and technical measures).

11. Children’s privacy

Aveya is designed for business use and is not intended for children. We do not knowingly collect personal information from children under 16 (or under 13 where applicable by law).

12. Changes to this policy

We may update this Privacy Policy from time to time. We’ll update the “Last updated” date, and where changes are material we’ll take reasonable steps to notify customers (for example by email or within the product).

13. Contact

Privacy contact
General support
support@aveya.ai
Mailing address
Brinkworks Limited (trading as Aveya)
Privacy office
Auckland, New Zealand

Enterprise requests

For customers who require it, we can provide a Data Processing Addendum (DPA). Contact us at privacy@aveya.ai.

If you are a customer and believe Aveya is processing customer content on your behalf, you may also wish to contact your organisation’s administrator, who is typically the data controller for that content.