Privacy Policy

We use the information we collect for the following purposes:

• Providing the Service: To operate, maintain, and improve the platform, process transactions, and fulfill any orders or service requests.
• Account management: To create and manage your account, verify your identity, and provide customer support.
• Communications: To send you service-related notices (e.g., billing receipts, security alerts), respond to your inquiries, and send product updates if you have opted in.
• Analytics and improvement: To analyze usage patterns, monitor performance, diagnose technical issues, and improve the features and usability of the Service.
• AI features: To generate website content and suggestions using AI models. Your content may be used to personalize AI responses within your account context.
• Legal compliance: To comply with applicable laws, respond to lawful requests from authorities, and enforce our Terms of Service.
• Safety and fraud prevention: To detect and prevent abuse, fraud, spam, and other harmful activities.

2.1 Our legal bases for processing your personal data under GDPR are: (a) performance of a contract (providing the Service), (b) legitimate interests (improving the Service, fraud prevention), (c) legal obligation, and (d) consent (marketing communications, which you may withdraw at any time).

3.1 Your data is stored on Supabase, a managed cloud database infrastructure hosted on AWS. All data is encrypted at rest using AES-256 encryption and in transit using TLS 1.2 or higher.

3.2 User-uploaded images and media files are stored using Cloudinary, a secure cloud media management service. Cloudinary applies its own security controls and access restrictions.

3.3 We implement appropriate technical and organizational security measures, including access controls, audit logging, and regular security reviews, to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

3.4 No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information using commercially reasonable means, we cannot guarantee absolute security.

3.5 In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and relevant supervisory authorities as required by applicable law.

We share data with the following third-party service providers only to the extent necessary for them to perform their services on our behalf. Each provider is bound by appropriate data processing agreements.

4.1 We do not sell, rent, or share your personal information with third parties for their own marketing purposes.

4.2 We may disclose your information if required to do so by law, court order, or governmental authority, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Civra Group LLC, our users, or the public.

4.3 In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you before your data is subject to a different privacy policy.

5.1 We use cookies and similar tracking technologies (such as local storage and session tokens) to operate the Service, authenticate users, remember preferences, and analyze usage.

5.2 Essential cookies are required for the Service to function (e.g., authentication session cookies). These cannot be disabled without disrupting your use of the Service.

5.3 Analytics cookies help us understand how users interact with the Service. We use privacy-respecting analytics tools that do not share data with advertising networks.

5.4 We do not use third-party advertising cookies or track you across other websites for advertising purposes.

5.5 You can control cookies through your browser settings. Note that disabling certain cookies may limit your ability to use some features of the Service.

6.1 We retain your personal data for as long as your account is active or as needed to provide the Service. We also retain data to comply with legal obligations, resolve disputes, and enforce our agreements.

6.2 After account deletion, we retain certain data (such as billing records and transactional logs) for up to 7 years as required by financial regulations and tax law.

6.3 User Content is deleted within 30 days of account closure, unless we are required to retain it by law or unless you have requested an export of your data.

6.4 Anonymized and aggregated data derived from your use of the Service may be retained indefinitely for analytics purposes, as it can no longer be used to identify you.

Depending on your location, you may have the following rights regarding your personal data:

• Right of access: You have the right to request a copy of the personal data we hold about you.
• Right to rectification: You have the right to request that we correct inaccurate or incomplete personal data.
• Right to erasure: You have the right to request deletion of your personal data, subject to our legal obligations to retain certain information.
• Right to data portability: You have the right to receive your data in a structured, machine-readable format so that you can transfer it to another service.
• Right to restriction: You have the right to request that we restrict processing of your data in certain circumstances.
• Right to object: You have the right to object to processing of your data based on legitimate interests or for direct marketing.
• Right to withdraw consent: Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.

7.1 To exercise any of these rights, please contact our Data Protection Officer at info@civraglobal.com. We will respond to your request within 30 days (or within the timeframe required by applicable law). We may need to verify your identity before processing your request.

7.2 If you are a resident of the European Economic Area and believe we are not processing your data in accordance with GDPR, you have the right to lodge a complaint with your local supervisory authority.

8.1 The Service is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we become aware that we have collected personal data from a child under 13 without verifiable parental consent, we will take steps to delete that information as quickly as possible.

8.2 Users between the ages of 13 and 18 may only use the Service with the consent and supervision of a parent or legal guardian. By permitting a minor to use the Service, the parent or guardian agrees to these Terms and this Privacy Policy on behalf of the minor.

8.3 If you believe we have collected data from a child under 13, please contact us immediately at info@civraglobal.com.

9.1 Civra Group LLC operates globally, and your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country.

9.2 Our primary data infrastructure is hosted in the United States (AWS us-east-2). By using the Service, you consent to the transfer of your information to the United States and other countries where our service providers operate.

9.3 For users in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following lawful transfer mechanisms: Standard Contractual Clauses (SCCs) adopted by the European Commission, and/or the adequacy decisions where applicable.

10.1 If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information, including the right to know what categories of personal information we collect, the right to delete your personal information, and the right to opt out of the “sale” of your personal information.

10.2 We do not sell personal information as defined by the CCPA. We do not discriminate against you for exercising your CCPA rights.

10.3 To submit a request under CCPA, contact us at info@civraglobal.com. We will respond within 45 days.

11.1 We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. When we make material changes, we will notify you by email or by displaying a prominent notice within the Service, and update the “Last updated” date at the top of this page.

11.2 Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated policy. We encourage you to review this policy periodically.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Data Protection Officer: