Arva AI, Inc. (“Company”) respects the privacy of our customers and are strongly committed to keeping secure any information that the Company obtains from you or about you. This Privacy Policy describes our practices with respect to Personal Data collected from or about you when you use our website, applications and services (collectively, “Services”). 

This Privacy Policy does not apply to content that the Company processes on behalf of customers of our business offerings, such as our API. Our use of that data is governed by our customer agreements covering access to and use of those offerings.

Data Controller

The Company is the controller and is responsible for the processing of your Personal Data as described in this Privacy Policy.

Personal Data Collection

The Company collects personal data relating to you (“Personal Data”) as described below:

Personal Data You Provide: The Company collects the following Personal Data when you create an account or communicate with us:

• Account Information: When you create an account with us, the Company may collect information associated with your account, including your name, contact information such as email and mobile, account credentials, payment card information, transaction history and information related to the browser or device you use to access our website (collectively, “Account Information”). 

• User Content: When you use our Services, the Company collects Personal Data that is included in the input, file uploads, or feedback that you provide to our Services (“Content”). 

• Communication Information: If you communicate with us, the Company collects your name, contact information, and the contents of any messages you send (collectively, “Communication Information”).

Personal Data the Company Receives Automatically From Your Use of the Services: When you visit, use, or interact with the Services, the Company receives the following information (“Technical Information”):

• Log Data: Information that your browser or device automatically sends when you use our Services. Log data includes your Internet Protocol address, browser type and settings, the date and time of your request, and how you interact with our Services. 

• Single Sign-On Information. Single Sign-On allows you to sign in to the Service from another service you use and with which the Company partners. The Company will collect certain information for security purposes in order to verify your authorised access to the Service, including your username and password for the other service.

• Usage Data: The Company may automatically collect information about your use of the Services, such as the types of content that you view or engage with, the features you use and the actions you take, as well as your time zone, country, the dates and times of access, user agent and version, type of computer or mobile device, and your computer connection.

• Device Information: Includes name of the device, operating system, device identifiers, and browser you are using. Information collected may depend on the type of device you use and its settings.

• Cookies and Similar Technologies: The Company may use cookies, pixel tags, web beacons and other similar technologies to better understand how you interact with our Services, monitor aggregate usage by our users, and monitor web traffic routing to help us improve our Services. 

Personal Data the Company Receive From Other Sources: The Company may collect and receive information from other sources, like information that is publicly available on the internet, including personal information and financial account information, from financial institutions and other service providers, for identity verification, fraud protection, risk assessment and other purposes. The Company may collect your business information from credit bureaus for the foregoing purposes as well. In addition, the Company may receive demographic information about you from third parties to help us better understand our users and to improve and market our Service.

Third-Party Software, Cookies and Other Related Technologies: Most Internet browsers let you change the browser’s settings to stop accepting cookies or to prompt you before accepting a cookie from websites you visit. If you do not allow cookies, you may not be able to use some or all portions or functionality of the Site or Service.

How the Company Uses Personal Data

The Company may use Personal Data for the following purposes:

• To administer, provide, manage and maintain our Services.

• To monitor, analyse, improve and develop our Services and new features and conduct research.

• To provide a more customised experience to our Services and/or our partners’ or affiliates’ websites.

• To communicate with you, including to send you information or marketing about our Services and events.

• To prevent fraud, criminal activity, or misuses of our Services, and to protect the security of our systems and Services.

• To validate user information provided to us for fraud and risk detection purposes.

• For our marketing purposes, such as (i) informing you of our or our partners’ or affiliates’ products, services, features or offerings that may be of interest to you, (ii) providing you with newsletters, articles, reports, updates and announcements, as well as information about upcoming events, (iii) improving and tailoring our advertising and communications, (iv) analysing our marketing efforts, and (v) determining your eligibility for certain marketing programs, events and offers;

• To operate our business, which includes, without limitation, using your information (i) to process payments, (ii) to manage and enforce contracts with you or with third parties, (iii) to manage our corporate governance, compliance and auditing practices, and (iv) for recruitment purposes.

• To (i) comply with laws, rules and regulations, including any disclosure or reporting obligations, (ii) resolve disputes with users or third parties, (iii) respond to claims and legal process (including but not limited to subpoenas and court orders) as the Company deems necessary or appropriate, (iv) protect our property rights or those of third parties, (v) protect the safety of the public or any person, and (vi) prevent or stop any activity the Company may consider to be (or to pose a risk of being) illegal, unethical or legally actionable; and

• To comply with legal obligations and to protect the rights, privacy, safety, or property of our users, us, our affiliates, or any third party.

• For any other purpose for which you expressly authorise us to use your information.

Aggregated or De-Identified Information. The Company aggregates or de-identifies Personal Data so that it can no longer be used to identify you and use this information to analyse the effectiveness of our Services, to improve and add features to our Services, to conduct research and for other similar purposes. In addition, from time to time, the Company may share or publish aggregated information like general user statistics with third parties. The Company collects this information through the Services, through cookies, and through other means described in this Privacy Policy. The Company will maintain and use de-identified information in anonymous or de-identified form and the Company will not attempt to re-identify the information, unless required by law.

Disclosure of Personal Data

The Company may disclose your Personal Data in the following circumstances:

• Vendors and Service Providers: To assist us in meeting business operations needs and to perform certain services and functions, the Company may disclose Personal Data to vendors and service providers, including providers of hosting services, customer service vendors, cloud services, content delivery services, support and safety monitoring services, email communication software, web analytics services, payment and transaction processors, and other information technology providers. Pursuant to our instructions, these parties will access, process, or store Personal Data only in the course of performing their duties to us. 

• Business Transfers: If the Company is involved in strategic transactions, reorganisation, bankruptcy, receivership, or transition of service to another provider (collectively, a “Transaction”), your Personal Data may be disclosed in the diligence process with counterparties and others assisting with the Transaction and transferred to a successor or affiliate as part of that Transaction along with other assets.

• Group Companies: The Company may share your information with our group of companies for the purposes of business administration, maintaining security and regulatory compliance, providing support services to end users (including IT support, where relevant), marketing and analytics.

• Government Authorities or Other Third Parties: The Company may share your Personal Data, including information about your interaction with our Services, with government authorities, industry peers, or other third parties in compliance with the law (i) if required to do so to comply with a legal obligation, or in the good faith belief that such action is necessary to comply with a legal obligation, (ii) to protect and defend our rights or property, (iii) if the Company determines, in its sole discretion, that there is a violation of our terms, policies, or the law; (iv) to detect or prevent fraud or other illegal activity; (v) to protect the safety, security, and integrity of our products, employees, users, or the public, or (vi) to protect against legal liability.

• Other entities related to legal process and emergency situations: The Company may disclose personal information to third parties as permitted by, or to comply with, applicable laws and regulations. Examples include responding to a subpoena or similar legal process, protecting against fraud and cooperating with law enforcement or regulatory authorities.  Information disclosed for these purposes may include device and online identifiers, information about your internet, browser, and network activity, and location data.

• Affiliates: The Company may disclose Personal Data to our affiliates, meaning an entity that controls, is controlled by, or is under common control. Our affiliates may use this Personal Data in a manner consistent with this Privacy Policy.

• Business Account Administrators: Administrators may access and control your account, including being able to access your Content. In addition, if you create an account using an email address belonging to your employer or another organisation, the Company may share the fact that you have an account and certain account information, such as your email address, with your employer or organisation to, for example, enable you to be added to their business account.

• Relevant Entities: The Company may disclose information to banks, financial institutions, legal and financial advisors or auditors 

• Third-Parties: The Company is entitled to share with third-party agents, partners and service providers, who (i) are only permitted to use your information as the Company allows (which may include contacting you on our behalf), and (ii) are required under law or contract to keep your personal information confidential.

Information Security

The Company is committed to protecting the privacy and confidentiality of your personal information. The Company limits access to your personal information to authorised employees, contractors or agents and the third parties described above. The Company also maintains physical, electronic and procedural safeguards to protect the information against loss, misuse, damage or modification and unauthorised access or disclosure. Some of the other central features of our information security program dependent on the information may include:

• A dedicated group that designs, implements and provides oversight to our information security program.

• The use of specialised technology such as firewalls.

• Testing of the security and operability of products and services before they are introduced to the Internet, as well as ongoing scanning for publicly known vulnerabilities in the technology.

• Internal and external reviews of our Internet sites and services.

• Monitoring of our systems infrastructure to detect weaknesses and potential intrusions.

• Implementing controls to identify, authenticate and authorise access to various systems or sites.

• Protecting information during transmission through various means including, where appropriate, encryption.

• Providing personnel with relevant training and continually updating our security practices in light of new risks and developments in technology.

The Company encourages security professionals to practice responsible disclosure and let us know right away if a vulnerability is discovered on the site. The Company will investigate all legitimate reports and follow up if more details are required. 

Retention

The Company will retain your Personal Data for only as long as it needs in order to provide our Service to you, or for other legitimate business purposes such as resolving disputes, safety and security reasons, or complying with our legal obligations. How long the Company retains Personal Data will depend on a number of factors, such as:

• Our purpose for processing the data (such as whether the Company needs to retain the data to provide our Services).

• The amount, nature, and sensitivity of the data.

• The potential risk of harm from unauthorised use or disclosure of the data.

• Any legal requirements that the Company is subject to.

In some cases, the length of time the Company retains data depends on your settings.

Your Rights

You have the following statutory rights in relation to your Personal Data:

• Access your Personal Data and information relating to how it is processed.

• Delete your Personal Data from our records.

• Rectify or update your Personal Data.

• Transfer your Personal Data to a third party (right to data portability).

• Restrict how the Company processes your Personal Data.

• Withdraw your consent - where the Company relies on consent as the legal basis for processing at any time.

• Lodge a complaint with your local data protection authority (see below).

You have the following rights to object:

• Object to how the Company processes your Personal Data when our processing is based on legitimate interests.

You can exercise some of these rights through your account. If you are unable to exercise your rights through your account, please submit your request to privacy@arva.ai.

The Company hopes that it is able to address any questions or concerns you may have. If you have any unresolved complaints with us or our Data Protection Officer.

Legal Bases and Data Transfers

When the Company processes your Personal Data for the purposes described above, the Company relies on the following legal bases: