Privacy Policy

1. Introduction

DataVine.ai ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cognitive assessment platform and related services (collectively, the "Service").

By using our Service, you consent to the data practices described in this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Personal Information

We collect information you provide directly to us, including:

• Account Information: Name, email address, password (hashed), profile picture, phone number, gender, and date of birth
• Assessment Data: Your responses to cognitive assessments, test results, scores, and performance analytics
• Payment Information: Billing details, subscription information, and payment history (processed securely through Stripe)
• Communication Data: Messages, feedback, and support requests you send to us

2.2 Automatically Collected Information

When you use our Service, we automatically collect:

• Usage Data: Pages visited, features used, time spent on assessments, and interaction patterns
• Device Information: IP address, browser type, operating system, device identifiers, and screen resolution
• Technical Data: Log files, error reports, and performance metrics
• Cookies and Similar Technologies: Session cookies, authentication tokens, and analytics cookies

2.3 Third-Party Information

We may receive information from third parties, including:

• Google OAuth (when you sign in with Google)
• Payment processors (Stripe) for subscription management
• Analytics providers (Google Analytics) for service improvement

3. How We Use Your Information

We use your information for the following purposes:

• Service Provision: To provide, maintain, and improve our cognitive assessment services
• Personalization: To deliver personalized assessment results, recommendations, and insights
• Account Management: To create and manage your account, process payments, and handle subscriptions
• Communication: To send you service updates, security alerts, and support messages
• Research and Development: To improve our assessment algorithms and develop new features
• Legal Compliance: To comply with applicable laws, regulations, and legal processes
• Security: To detect, prevent, and address security issues and fraudulent activities

3.1 Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on the following legal grounds:

• Contract Performance: To provide the services you requested
• Legitimate Interest: To improve our services and prevent fraud
• Consent: For marketing communications and optional features
• Legal Obligation: To comply with applicable laws and regulations

4. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following circumstances:

• Service Providers: With trusted third-party service providers who assist us in operating our Service (e.g., hosting, analytics, payment processing)
• Legal Requirements: When required by law, court order, or government request
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• Safety and Security: To protect our rights, property, or safety, or that of our users or the public
• With Your Consent: When you explicitly authorize us to share your information

4.1 Data Processing Agreements

All third-party service providers are bound by contractual obligations to protect your information and use it only for specified purposes.

5. Data Security

We implement comprehensive security measures to protect your personal information:

• Encryption: All data is encrypted in transit (TLS/SSL) and at rest (AES-256)
• Access Controls: Strict access controls and authentication mechanisms
• Regular Audits: Security assessments and vulnerability testing
• Data Minimization: We collect only the information necessary for our services
• Incident Response: Procedures for detecting and responding to security incidents

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as necessary to provide our services and fulfill the purposes outlined in this Privacy Policy:

• Account Data: Retained while your account is active and for 7 years after account deletion for legal compliance
• Assessment Data: Retained for the duration of your account and 3 years after account deletion
• Payment Information: Retained for 7 years as required by financial regulations
• Log Data: Retained for 12 months for security and debugging purposes

You may request deletion of your account and associated data at any time through your account settings or by contacting us.

7. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request a copy of your personal information
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your personal information
• Portability: Receive your data in a structured, machine-readable format
• Restriction: Limit how we process your information
• Objection: Object to certain types of processing
• Withdraw Consent: Withdraw consent for processing based on consent

7.1 California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected and how it's used
• Right to delete personal information
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising privacy rights

8. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience:

• Essential Cookies: Required for basic functionality and security
• Analytics Cookies: Help us understand how users interact with our Service
• Preference Cookies: Remember your settings and preferences

You can control cookie settings through your browser preferences. However, disabling certain cookies may affect Service functionality.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) for EU data transfers
• Adequacy decisions where applicable
• Other appropriate safeguards as required by law

10. Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the updated policy on our website
• Sending email notifications to registered users
• Displaying prominent notices on our Service

Your continued use of our Service after changes become effective constitutes acceptance of the updated Privacy Policy.

12. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: