Privacy Policy

Introduction

Welcome to Collectivu. We are an AI-powered SaaS platform designed to help teams and individuals work smarter. We take your privacy seriously — not just because the law requires it, but because we believe you deserve to know exactly what happens to your data.

This Privacy Policy explains what personal information we collect, why we collect it, how we use it, and what rights you have over it. It applies to all users of our web application, APIs, and related online services offered under the Collectivu brand (collectively, the "Platform").

Who we are: Collectivu operates as a remote-first digital company, with a distributed team serving users globally.

By accessing or using the Platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please discontinue use of the Platform.

Information We Collect

We collect information in the following ways:

2.1 Information You Provide Directly

• Account information: name, email address, password (stored hashed), profile photo, and company/organization details.
• Billing information: payment method details processed by our third-party payment provider. We do not store raw card data on our servers.
• Communications: messages, support tickets, feedback forms, and survey responses you send to us.
• Content you create: any text, files, prompts, outputs, or other materials you submit to or generate on the Platform.

2.2 Information Collected Automatically

• Usage data: pages and features accessed, actions taken, timestamps, session duration, clicks, and navigation paths.
• Device and technical data: IP address, browser type and version, operating system, device identifiers, screen resolution, and language settings.
• Log data: server logs, error reports, and performance data generated when you interact with the Platform.
• Location data: approximate geographic location derived from IP address (not GPS-level precision unless you explicitly grant permission).

2.3 Information from Third Parties

• Authentication providers: if you sign in via a third-party provider (Google, Microsoft, GitHub, etc.), we receive your name, email address, and profile picture as shared by that provider.
• Integrations and APIs: if you connect third-party services or use our API, we may receive information necessary to enable that integration.
• Analytics providers: aggregated behavioral signals from analytics tools we use to understand Platform usage.

How We Use Your Information

We use the information we collect to:

• Provide and operate the Platform: deliver the features and services you signed up for, including AI-powered processing of your content.
• Authenticate you: verify your identity and manage your sessions securely.
• Process payments: manage billing, subscriptions, and invoices.
• Improve the Platform: analyze usage patterns, diagnose issues, run A/B tests, and build new features.
• Communicate with you: send transactional emails (password resets, alerts) and, where you have opted in, marketing communications.
• Provide customer support: respond to requests, investigate issues, and troubleshoot problems.
• Ensure security: detect, prevent, and respond to fraud, abuse, or unauthorized access.
• Meet legal obligations: comply with applicable laws, respond to lawful requests from authorities, and enforce our Terms of Service.

Legal Basis for Processing (GDPR)

If you are located in the EEA, UK, or Switzerland, we process your personal data on the following legal grounds:

Where we rely on legitimate interests, we have balanced those interests against your privacy rights. You may object at any time. Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

Cookies & Tracking Technologies

We use cookies and similar technologies (local storage, pixels, session tokens) on our web application and online services.

5.1 Types of Cookies We Use

• Strictly necessary cookies: required for core functionality — authentication, session management, security. These cannot be disabled.
• Functional cookies: remember your preferences (language, theme) to improve your experience.
• Analytics cookies: help us understand how users interact with the Platform. Data is aggregated and anonymized where possible.
• Performance cookies: monitor Platform speed and reliability to identify and fix issues quickly.

5.2 Your Cookie Choices

When you first visit the Platform, a cookie consent banner lets you accept, reject, or configure optional cookies. You can update preferences anytime through cookie settings in your account panel.

5.3 Do Not Track

Our Platform currently does not respond to browser-level "Do Not Track" signals, but we honor consent-based opt-outs managed through our cookie preferences center.

Sharing of Information

We do not sell, rent, or trade your personal data. We share information only in the following circumstances:

6.1 Service Providers

We work with trusted vendors who process data on our behalf, including cloud infrastructure and hosting providers, AI model and API providers, payment processors, email delivery services, analytics and error-tracking tools, and customer support platforms. All service providers are contractually bound to process your data only as instructed and maintain appropriate security standards.

6.2 Business Transfers

If Collectivu is involved in a merger, acquisition, or asset sale, your data may be transferred. We will notify you before your data is transferred and becomes subject to a materially different privacy policy.

6.3 Legal Requirements

We may disclose your information when required by law, court order, or lawful government request, or when necessary to protect the rights, safety, or property of Collectivu, our users, or the public.

6.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

Data Retention

We retain your personal data only as long as necessary to fulfill the purposes described in this Policy.

• Active accounts: data is retained for as long as your account is active or needed to provide the Platform.
• After account deletion: we delete or anonymize your data within 30–90 days of a verified deletion request. Certain data may be retained for legal, audit, or fraud-prevention obligations.
• Billing records: retained for up to 7 years in accordance with applicable tax and accounting laws.
• Support communications: retained for up to 2 years to allow for follow-up and audit purposes.
• AI-generated outputs: retained as described in our Terms of Service and subject to your in-app content management controls.

When data is no longer needed, we securely delete or anonymize it in a manner that prevents recovery.

Data Security

We implement robust, layered security measures to protect your data:

• Encryption in transit: all data transmitted between your device and our servers uses TLS 1.2 or higher.
• Encryption at rest: stored data is encrypted using industry-standard algorithms.
• Access controls: strict role-based access controls (RBAC) limit employee access on a need-to-know basis.
• Authentication security: we support multi-factor authentication (MFA) and enforce secure password policies.
• Infrastructure security: enterprise-grade cloud infrastructure with regular penetration testing and vulnerability scanning.
• Incident response: we maintain a documented incident response plan and will notify affected users and authorities of a breach as required by law, including within 72 hours under GDPR where applicable.

No system is completely secure. We encourage you to use strong, unique passwords and report any suspected security issues to contactus@collectivu.com.

International Data Transfers

Collectivu operates globally with a distributed, remote team. Your data may be processed in countries outside your country of residence. When transferring personal data from the EEA, UK, or Switzerland to third countries, we rely on one or more of the following safeguards:

• Standard Contractual Clauses (SCCs): approved by the European Commission for transfers to third-party processors.
• Adequacy decisions: where the destination country provides adequate data protection as determined by the European Commission.
• Other appropriate safeguards as permitted under applicable data protection law.

For more information about specific transfer mechanisms, contact us at contactus@collectivu.com.

Your Privacy Rights

10.1 Rights Under GDPR (EEA / UK / Switzerland)

• Right of access: request a copy of the personal data we hold about you.
• Right to rectification: request correction of inaccurate or incomplete data.
• Right to erasure: request deletion of your data ("right to be forgotten"), subject to legal retention obligations.
• Right to restriction: request that we limit processing of your data in certain circumstances.
• Right to data portability: receive your data in a structured, machine-readable format.
• Right to object: object to processing based on legitimate interests or for direct marketing.
• Right to withdraw consent: withdraw previously given consent at any time.
• Right not to be subject to automated decisions: see Section 13 on AI and Automated Processing.

10.2 Rights Under CCPA (California Residents)

• Right to know: request disclosure of the categories and specific pieces of personal information collected about you.
• Right to delete: request deletion of personal information we hold, subject to certain exceptions.
• Right to correct: request correction of inaccurate personal information.
• Right to opt out of sale/sharing: we do not sell or share personal information for cross-context behavioral advertising.
• Right to limit use of sensitive personal information.
• Right to non-discrimination: we will not discriminate against you for exercising any of your privacy rights.

10.3 How to Exercise Your Rights

To submit a data access, correction, deletion, or portability request, contact us directly:

• By email: send your request to contactus@collectivu.com with subject line "Privacy Request". Please include your name, account email, and a description of your request.

We will respond to verified requests within 30 days (GDPR) or 45 days (CCPA). We may ask you to verify your identity before processing a request.

Children's Privacy

The Platform is not directed to individuals under the age of 16 (or 13 in jurisdictions where that is the applicable minimum). We do not knowingly collect personal data from children.

If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us at contactus@collectivu.com and we will promptly delete the data.

Third-Party Services

The Platform may contain links to, or integrations with, third-party websites, applications, or services. These third parties operate under their own privacy policies, which we do not control. We encourage you to review the privacy policies of any third-party services you connect.

Categories of third-party services we may integrate with include:

• Identity and single sign-on (SSO) providers
• Cloud storage and document management services
• Productivity and project management tools
• Communication and collaboration platforms
• Data analytics and business intelligence tools

Collectivu is not responsible for the privacy practices or content of third-party services.

AI & Automated Processing Disclosure

Collectivu is an AI-powered platform. Here is what you need to know about how AI interacts with your data:

13.1 How AI Processes Your Content

When you use AI-powered features, the content you submit (prompts, text, uploaded documents, or other inputs) is processed by AI models to generate outputs. This may occur via AI models operated by Collectivu on our own infrastructure, or via third-party AI API providers contracted by us.

We take steps to ensure AI providers do not use your content to train public-facing AI models without your explicit consent.

13.2 Automated Decision-Making

Some features may involve automated processing to personalize your experience, detect policy violations, or surface recommendations. Where such processing produces decisions with a significant legal or similarly significant effect on you, we will inform you, explain the logic involved, and offer the right to request human review.

13.3 AI Training

We do not intentionally use your personal content to train public-facing AI models without appropriate notice and legal basis. Where anonymized, aggregated data is used to improve platform intelligence, we will provide clear opt-out controls.

13.4 Your Control Over AI Features

You can manage AI feature preferences and data usage settings within your account under Settings → AI Preferences. Questions about how AI processes your data? Contact us at contactus@collectivu.com.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or business operations.

When we make material changes, we will:

• Update the "Effective Date" at the top of this page
• Display a prominent notice in the Platform or send you an email notification
• Where required by law, seek your consent before changes take effect

Your continued use of the Platform after changes become effective constitutes your acceptance of the updated Policy. Previous versions are available upon request.

Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out through any of the channels below.

If you are in the EEA or UK and believe we have not adequately addressed your concern, you have the right to lodge a complaint with your local data protection authority (DPA). A list of EEA supervisory authorities is available at edpb.europa.eu.