Privacy Policy

At Brinkworks Limited trading as Aveya ("Aveya," "we," "our," or "us"), we are committed to protecting your privacy and handling your personal information with transparency and respect. This Privacy Policy explains how we collect, use, share, and protect your information when you use our AI platform and services.

1. Information We Collect

1.1 Account Information

When you create an account or use our services, we collect:

• Name and email address
• Company or organization information
• Login credentials and authentication data
• Billing and payment information (processed by third-party payment providers)

1.2 Content Data

We process the content you upload to our platform, including:

• Documents, files, and images you upload
• Questions and queries you submit to our AI systems
• Conversations and responses within the platform
• Inventory data and operational information

1.3 Usage Information

We automatically collect information about how you use our services:

• Log data including IP addresses, browser type, and operating system
• Usage patterns, feature utilization, and performance metrics
• Error logs and system diagnostics
• Analytics data to improve our services

2. How We Use Your Information

2.1 Service Provision

We use your information to:

• Provide, operate, and maintain our AI platform services
• Process your documents and generate AI responses
• Manage your account and provide customer support
• Process payments and maintain billing records

2.2 Service Improvement

We may use aggregated, non-personal information to:

• Improve our AI models and platform performance
• Develop new features and services
• Conduct research and analytics
• Ensure security and prevent abuse

2.3 Important: We Do Not Train AI Models on Your Content

We want to be absolutely clear: your uploaded documents, conversations, and business data are never used to train our AI models or any third-party AI models. Your content is processed solely to provide you with responses and is not retained for model training purposes.

3. How We Share Your Information

3.1 No Content Sharing

We do not sell, rent, or share your content data with third parties for marketing or commercial purposes. Your business documents and conversations remain private to your organization.

3.2 Service Providers

We may share limited information with trusted service providers who help us operate our business:

• Microsoft Azure (hosting and infrastructure services)
• Model providers such as OpenAI (processing only, never for training)
• Payment processors (for billing purposes)
• Analytics providers (using anonymized data)

3.3 Legal Requirements

We may disclose information if required by law, regulation, or valid legal process, or to protect the safety and rights of Aveya, our users, or others.

4. Data Security

4.1 Protection Measures

We implement industry-standard security measures to protect your information:

• Encryption in transit (TLS 1.2+) and at rest (AES-256)
• Access controls and authentication requirements
• Regular security audits and monitoring
• Secure development practices and code reviews

4.2 Data Isolation

Your data is isolated from other customers through:

• Organization-level database partitioning
• Separate search indexes for each customer
• Role-based access controls
• Secure multi-tenant architecture

5. Data Retention

5.1 Retention Periods

We retain your information for different periods based on data type:

• Account Information: Retained while your account is active and for up to 90 days after account closure
• Content Data: Retained as long as you maintain your account, unless you delete specific content
• Usage Logs: Retained for up to 12 months for security and performance monitoring
• Billing Information: Retained for 7 years for tax and accounting purposes

5.2 Data Deletion

You can request deletion of your data at any time. Upon account closure or deletion request, we will:

• Delete your content data within 30 days
• Remove personal information from our systems
• Anonymize any remaining usage analytics
• Provide confirmation of deletion upon request

6. Your Rights and Choices

6.1 Access and Control

You have the right to:

• Access and download your personal information and content
• Correct or update your account information
• Delete your content or close your account
• Export your data in a portable format

6.2 Privacy Settings

You can control various privacy settings through your account:

• Manage which team members can access specific assistants
• Set data retention preferences where available
• Control usage analytics and diagnostics sharing
• Manage email communications and notifications

6.3 Marketing Communications

You can opt out of marketing communications at any time through:

• Unsubscribe links in our emails
• Your account settings
• Contacting our support team

7. International Data Transfers

7.1 Data Location

Your data is stored and processed in the region you select:

• SaaS customers: Data stored in New Zealand North (Azure)
• Self-hosted customers: Data stored in your chosen Azure region
• Data processing may involve OpenAI services (with privacy protections)

7.2 Cross-Border Transfers

If your data needs to be transferred internationally, we ensure appropriate safeguards through:

• Standard contractual clauses
• Adequacy decisions where applicable
• Additional technical and organizational measures

8. Cookies and Tracking

8.1 Cookies We Use

Our website uses cookies for:

• Authentication and session management
• User preferences (like theme settings)
• Analytics and performance monitoring (Google Analytics)
• Security and fraud prevention

8.2 Third-Party Analytics

We use Google Analytics to understand how our website is used. This service:

• Collects anonymized usage data
• Uses cookies to track visitor behavior
• Helps us improve our website and services
• Can be opted out through browser settings or opt-out tools

9. Children's Privacy

Our services are designed for business use and are not intended for children under 16 (or 13 where applicable by law). We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16 (or 13), we will take steps to delete such information.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make changes:

• We will update the "Last Updated" date at the top of this policy
• Material changes will be communicated via email or platform notifications
• Continued use of our services constitutes acceptance of the updated policy

11. Contact Information

12. Specific Rights by Jurisdiction

12.1 European Union (GDPR)

If you are in the EU, you have additional rights under GDPR including:

• Right to rectification and erasure
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to lodge complaints with supervisory authorities

12.2 New Zealand (Privacy Act)

As a New Zealand company, we comply with the Privacy Act 2020, including:

• Privacy principles for information handling
• Rights to access and correct personal information
• Mandatory breach notification procedures
• Right to complain to the Privacy Commissioner

12.3 Other Jurisdictions

We respect privacy rights in all jurisdictions where we operate and will work with you to address any specific requirements under local privacy laws.

13. Questions and Complaints

If you have questions about this Privacy Policy or wish to make a complaint about our privacy practices:

1. Contact us first: Email privacy@aveya.ai with your concerns
2. We will investigate: We aim to respond within 30 days and resolve issues promptly
3. External complaints: You may also contact relevant privacy authorities in your jurisdiction

Thank you for trusting Aveya with your information. We are committed to protecting your privacy and providing you with transparent, secure AI services.