Privacy Policy

Appvergence LLC ("Company," "we," "us," or "our") operates the PrivaiShield service. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are committed to protecting your privacy. Our privacy-first architecture is designed to minimize exposure of your sensitive data. We use multiple layers of detection to redact personal information before it reaches AI providers. You control how your chat history is stored — locally in your browser or encrypted on our servers — and can change your preference at any time.

Account Information: When you create an account, we collect your name, email address, and profile picture via OAuth providers (Google or GitHub).

Billing Information: If you subscribe to a paid plan, our payment processor (Stripe) collects your payment details. We do not store your full credit card number on our servers.

Usage Metadata: We collect anonymized usage metrics such as feature usage frequency, session duration, and error rates to improve the Service. These metrics never contain PII or content data.

Device & Log Data: We collect standard log data including IP address, browser type, and operating system for security monitoring and abuse prevention.

Chat History (Server Storage — Opt-In): If you enable server-side chat storage in your Account Settings, we store your chat messages, session titles, and associated metadata on our servers. This data is encrypted at rest using AES-256-GCM with AWS KMS customer-managed keys, and in transit using TLS 1.3. If you use local storage (the default), no chat data is stored on our servers.

During PII detection processing, we do not permanently store or log the following, even when it is processed transiently through our servers for enhanced detection:

• Your original text or documents submitted for PII detection
• The content of your AI prompts before or after redaction
• The specific sensitive information detected in your text
• The mapping between redacted tokens and original values
• AI provider responses

When enhanced detection is enabled, your text may pass through our servers for additional analysis. This processing is transient — the data is discarded after detection is complete and is never written to persistent storage.

Note on Chat Storage: If you opt into server-side chat storage, your chat messages and session titles are stored encrypted on our servers to provide cross-device access and automatic backups. This stored chat data is separate from the transient detection processing described above. You may delete your server-stored chat data at any time by switching to local storage in your Account Settings, or by deleting individual chat sessions.

We use third-party services to operate the Service. These subprocessors are listed on our Subprocessors page.

AI Providers: When you use PrivaiShield to interact with AI services (OpenAI, Anthropic, Google AI), your text goes through our redaction process before being sent to those providers. While this significantly reduces the amount of personal information shared, no automated detection system is perfect, and some sensitive data may not be caught.

Payment Processing: Stripe processes payments on our behalf. Stripe's use of your data is governed by Stripe's privacy policy.

Essential Cookies: We use essential cookies for authentication and session management. These cookies are strictly necessary for the Service to function.

Analytics: We may use anonymized analytics cookies to understand how users interact with the Service. You can opt out of analytics cookies through your browser settings.

We do not use advertising cookies or share cookie data with third-party advertisers.

Content Data (Detection): Not permanently stored. Your text may be processed transiently through our servers for enhanced PII detection, but it is discarded after processing and is never written to persistent storage or logs.

Chat History (Server Storage): If you opt into server-side chat storage, your encrypted chat messages and session titles are retained for the duration of your account or until you delete them. Switching to local storage deletes all server-stored chat data. Upon account termination, server-stored chat data is deleted within 30 days.

Chat History (Local Storage): If you use local storage (the default), chat data is stored only in your browser and is never sent to our servers. We have no access to or control over locally stored data.

Account Data: Retained for the duration of your account. Upon account deletion, we remove your personal data within 30 days, except where retention is required by law.

Billing Records: Retained for 7 years as required by tax and financial regulations.

Log Data: Security and access logs are retained for 90 days, then automatically purged.

Depending on your location, you may have the following rights regarding your personal data:

• Right to Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate personal data.
• Right to Erasure: Request deletion of your personal data ("right to be forgotten").
• Right to Data Portability: Receive your data in a structured, machine-readable format.
• Right to Object: Object to processing of your personal data for specific purposes.
• Right to Restrict Processing: Request that we limit how we process your data.
• Right to Opt-Out of Sale: We do not sell your personal data. There is nothing to opt out of.

To exercise any of these rights, contact us at privacy@privaishield.com. We will respond within 30 days (or sooner if required by applicable law).

PrivaiShield is operated from the United States. If you access the Service from outside the US, your account information may be transferred to, stored, and processed in the US.

For transfers from the EEA/UK, we rely on Standard Contractual Clauses (SCCs) as approved by the European Commission. Our Data Processing Agreement includes the applicable SCCs.

Content submitted for PII detection is processed transiently through US-based servers and discarded after processing. If you opt into server-side chat storage, your encrypted chat data is stored on US-based AWS infrastructure. This data is encrypted at rest with AWS KMS customer-managed keys and encrypted in transit with TLS 1.3.

For privacy-related questions or to exercise your data rights, contact us at:

privacy@privaishield.com