Privacy Policy

Last updated: January 2, 2026

At Aiva, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered inbox assistant service.

1. Information We Collect

Account Information

When you create an account, we collect your email address, name, and authentication credentials. For Shopify merchants, we also receive your store information through Shopify's OAuth system.

Communication Data

To provide our services, we access messages from connected channels (Gmail, Outlook, Slack) with your explicit permission. This data is used solely to power AI features like classification, drafting, and scheduling.

Usage Data

We collect information about how you interact with our service, including features used, messages processed, and preferences set. This helps us improve our AI and user experience.

2. How We Use Your Information
  • Provide and maintain our AI inbox assistant services
  • Process and classify your messages using AI
  • Generate draft replies and automate responses
  • Sync with your calendar for scheduling features
  • Personalize your experience based on your preferences
  • Send you service-related notifications
  • Improve our AI models and service quality
  • Ensure security and prevent fraud
3. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • OAuth Authentication: We never store your email passwords—only secure OAuth tokens
  • Row-Level Security: Database isolation ensures your data is only accessible to you
  • Regular Audits: We conduct security reviews and vulnerability assessments
  • SOC 2 Infrastructure: Our hosting providers maintain SOC 2 compliance
4. Data Sharing

We do not sell your personal information. We may share data only in these limited circumstances:

  • Service Providers: Third parties that help us operate (hosting, analytics) under strict confidentiality
  • AI Processing: OpenAI processes message content for AI features under their enterprise privacy terms
  • Legal Requirements: When required by law, subpoena, or to protect our rights
  • Business Transfers: In connection with a merger or acquisition (with notice)
5. Your Rights

You have the right to:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and data
  • Portability: Export your data in a machine-readable format
  • Opt-out: Disconnect channels or disable specific features at any time
  • Withdraw Consent: Revoke OAuth access to connected services

To exercise these rights, visit your account settings or contact us at privacy@tryaiva.io

6. Data Retention

We retain your data for as long as your account is active. Message data is stored for the duration of your subscription. When you delete your account, we remove your personal data within 30 days, except where retention is required by law or for legitimate business purposes.

7. Cookies & Tracking

We use essential cookies for authentication and session management. We also use analytics (privacy-respecting) to understand usage patterns and improve our service. You can control cookie preferences in your browser settings.

8. Children's Privacy

Aiva is not intended for use by children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us immediately.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through our service. Your continued use after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@tryaiva.io

Support: support@tryaiva.io

Website: www.tryaiva.io