Legal

Privacy Policy

Last updated: May 2026

1. Who we are

CharvisAI is operated by Ved Dixit ("we", "us"), an individual sole proprietor. We act as the data controller for personal data processed in connection with the CharvisAI service and are responsible for determining the purposes and means of processing.

2. Categories of personal data we collect

  • Account data: name, email, login credentials.
  • Business inputs: prompts, configuration, and content you submit.
  • Usage & telemetry: agent activity logs, feature usage, device identifiers, IP address.
  • Support data: messages you send to support.
  • Transaction data: order references and subscription status (payment card data is collected directly by Paddle, not by us).

3. Purposes & legal basis

  • Provide and operate the service — performance of a contract.
  • Account creation and authentication — performance of a contract.
  • Security, fraud prevention, and abuse detection — legitimate interests.
  • Product improvement and analytics — legitimate interests.
  • Customer support — performance of a contract.
  • Marketing communications — consent, which you can withdraw at any time.
  • Tax, accounting, and legal compliance — legal obligation.

4. Who we share data with

We share personal data only with the following categories of recipients:

  • Paddle.com Market Limited — our Merchant of Record. Paddle handles payments, subscription billing, tax compliance, invoicing, and order-related customer service. Data shared includes name, email, billing address, and order details.
  • Service providers / subprocessors — hosting, database, analytics, email delivery, and customer support tooling, acting under contract on our behalf.
  • Professional advisers — legal, accounting, and tax advisers where required.
  • Authorities — when required by law, court order, or to protect rights and safety.

We do not sell personal data.

5. International transfers

Where personal data is transferred outside the UK/EEA, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

6. Data retention

We keep personal data only for as long as needed for the purposes above:

  • Account data: for the lifetime of your account, plus up to 90 days after closure to handle disputes and finalize billing.
  • Business inputs & agent logs: up to 24 months from creation, then deleted or anonymized.
  • Support correspondence: up to 36 months from the last interaction.
  • Transaction & invoice records: retained for up to 7 years to meet tax and accounting obligations.
  • Marketing data: until you unsubscribe or withdraw consent.

Deletion requests are honored within 30 days, except where retention is required by law.

7. Your rights

Subject to applicable law, you have the right to access, rectify, erase, restrict, or port your personal data, to object to processing, and to withdraw consent. You also have the right to lodge a complaint with your local supervisory authority. We respond to verified requests within one month.

8. Security

We apply appropriate technical and organizational measures including encryption in transit and at rest, access controls, and tenant isolation for stored embeddings.

9. Cookies

We use strictly necessary cookies for authentication and session management, and limited analytics cookies to improve the service. You can manage cookie preferences in your browser settings.

10. Contact

For privacy questions or to exercise your rights, contact us via the contact page on this site.