Privacy Policy

We process your personal information for the following specific purposes:

• Providing the Service: To operate, maintain, and improve theCivraGlobal platform, process transactions, publish websites you build, and fulfill service requests.
• Account management: To create and manage your account, verify your identity, and provide customer support.
• Communications: To send you service-related notices (e.g., billing receipts, security alerts, downtime notifications), respond to your inquiries, and send product updates if you have opted in.
• Analytics and improvement: To analyze usage patterns, monitor performance, diagnose technical issues, and improve the features and usability of the Service.
• Content tools: To provide automated content suggestions and website drafting capabilities within your account.
• Legal compliance: To comply with applicable laws, respond to lawful requests from authorities, and enforce our Terms of Service.
• Safety and fraud prevention: To detect and prevent abuse, fraud, spam, and other harmful activities on the platform.

2.1 Our legal bases for processing your personal data under the GDPR and UK DPA are: (a) performance of a contract (providing the Service you signed up for), (b) legitimate interests (improving the Service, security monitoring, fraud prevention), (c) legal obligation (tax and financial reporting), and (d) consent (marketing communications and optional analytics, which you may withdraw at any time by contacting us or using the unsubscribe link in any marketing email).

3.1Your account data, website content, and application records are stored in a cloud database infrastructure hosted on Amazon Web Services (AWS). All data is encrypted at rest using AES-256 encryption and in transit using TLS 1.2 or higher. Database connections are pooled and authenticated through secure credential management—no plaintext credentials are stored in application code.

3.2 User-uploaded images and media files are stored using a secure cloud media management platform that applies its own encryption, access controls, and content delivery optimizations. Media assets are served over HTTPS and access is restricted to authenticated requests originating from your CivraGlobal account.

3.3 We implement appropriate technical and organizational security measures, including role-based access controls, audit logging, vulnerability scanning, and regular security reviews, to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

3.4 No method of transmission over the internet or electronic storage is 100% secure. While we protect your information using commercially reasonable and industry-standard means, we cannot guarantee absolute security.

3.5 In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users and relevant supervisory authorities within the timeframes required by applicable law (72 hours under GDPR, without unreasonable delay under other frameworks).

We share data with the following categories of third-party service providers only to the extent strictly necessary for them to perform their services on our behalf. Each provider is bound by a data processing agreement that limits their use of your data to the contracted purpose.

4.1 We do not sell, rent, or share your personal information with third parties for their own marketing or advertising purposes. Period.

4.2 We may disclose your information if required to do so by law, court order, or governmental authority, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Civra Group LLC, our users, or the public.

4.3 In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy and provide you with the opportunity to delete your account before the transfer takes effect.

5.1 CivraGlobal uses cookies and similar technologies (such as local storage and session tokens) to operate the Service, authenticate users, remember preferences, and understand usage patterns. We categorize cookies into the following types:

• Strictly Necessary: These cookies are essential for the Service to function. They handle authentication sessions, security tokens, and core platform operations. These cannot be disabled without breaking the Service.
• Functional: These cookies remember your preferences, language settings, and interface customizations so you do not need to reconfigure them each session.
• Performance: These cookies collect anonymized information about how you use CivraGlobal—which pages are visited most often, where errors occur—so we can improve the platform. We use privacy-respecting analytics tools that do not share data with advertising networks.

5.2 We do not use third-party advertising cookies or track you across other websites for advertising purposes. CivraGlobaldoes not participate in any ad-tech ecosystem.

5.3 You can control cookies through your browser settings. Note that disabling Strictly Necessary cookies will prevent you from using the Service. Disabling Functional or Performance cookies may degrade your experience but will not block access.

6.1 We retain your personal data for as long as your CivraGlobal account is active or as needed to provide the Service. We also retain data as necessary to comply with legal obligations, resolve disputes, and enforce our agreements.

6.2 After account deletion, we retain certain data (such as billing records and transactional logs) for up to 7 years as required by financial regulations and tax law in the jurisdictions where we operate.

6.3User Content—your website files, text, images, and design assets—is permanently deleted within 30 days of account closure, unless we are required to retain it by law or unless you have requested an export of your data prior to closure.

6.4 Anonymized and aggregated data derived from your use of the Service may be retained indefinitely for internal analytics purposes, as it can no longer be used to identify you personally.

Regardless of where you are located, we provide all CivraGlobal users with the following data rights. Certain jurisdictions grant additional protections, which are outlined in the region-specific sections below.

• Right of access: You have the right to request a copy of the personal data we hold about you, along with information about how it is processed.
• Right to rectification: You have the right to request that we correct inaccurate or incomplete personal data without undue delay.
• Right to erasure: You have the right to request deletion of your personal data, subject to our legal obligations to retain certain information (e.g., billing records).
• Right to data portability: You have the right to receive your data in a structured, commonly used, machine-readable format so that you can transfer it to another service.
• Right to restriction: You have the right to request that we restrict processing of your data in certain circumstances, such as while we verify the accuracy of data you have contested.
• Right to object: You have the right to object to processing of your data based on legitimate interests or for direct marketing.
• Right to withdraw consent: Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.

7.1 To exercise any of these rights, please contact our Data Protection Officer at info@civraglobal.com. We will acknowledge your request within 5 business days and provide a substantive response within 30 days (or within the timeframe required by your local law, if shorter). We may need to verify your identity before processing your request.

7.2 If you believe we have not handled your request appropriately, you have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction (see the region-specific sections below for details).

8.1 CivraGlobal is not directed to children under the age of 13 (or under 16 in jurisdictions where GDPR or UK DPA applies), and we do not knowingly collect personal information from children below the applicable age threshold. If we become aware that we have collected personal data from a child without verifiable parental consent, we will take steps to delete that information as quickly as possible.

8.2 Users between the ages of 13 and 18 may only use the Service with the consent and supervision of a parent or legal guardian. By permitting a minor to use the Service, the parent or guardian agrees to these Terms and this Privacy Policy on behalf of the minor.

8.3 If you believe we have inadvertently collected data from a child below the applicable age threshold, please contact us immediately at info@civraglobal.com.

9.1 Civra Group LLC is headquartered in the United States. Your data may be processed in the United States, European Union, and other jurisdictions where our service providers operate. These countries may have data protection laws that differ from those in your country of residence.

9.2 Our primary database infrastructure is hosted in the United States (AWS US-West-2), with backup and redundancy capacity in EU-based AWS regions. Content delivery is handled through a global CDN. By using the Service, you acknowledge that your information will be processed in these locations.

9.3 For users in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following lawful transfer mechanisms: Standard Contractual Clauses (SCCs) as adopted by the European Commission and the UK International Data Transfer Agreement (IDTA), and/or adequacy decisions where applicable.

9.4 For users in Brazil, international transfers are conducted in compliance with Article 33 of the LGPD, relying on standard contractual clauses or your explicit consent where required.

9.5 For users in Australia, we take reasonable steps under Australian Privacy Principle 8 to ensure that overseas recipients of your personal information handle it consistently with the Australian Privacy Principles.

11.1 CivraGlobal includes automated content generation tools that can draft website copy, suggest layouts, and generate text based on inputs you provide. When you use these tools, the content inputs you submit are sent to our content processing infrastructure for the sole purpose of generating a response within your editing session.

11.2 We do not use your content to train machine learning models or share it with third parties for model training purposes. Content inputs are processed in real time and are not retained by our content generation infrastructure beyond what is needed to deliver the response to you.

11.3 You retain full ownership of any content generated through these tools once it is saved to your CivraGlobal account. We claim no intellectual property rights over content created using our automated features.

12.1We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable laws. When we make material changes, we will notify you by email (at the address associated with your account) or by displaying a prominent notice within the Service at least 14 days before the changes take effect. We will also update the “Last updated” date at the top of this page.

12.2 Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated policy. We encourage you to review this policy periodically.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Data Protection Officer: