Paciva AI Privacy Notice

Effective Date: [Month Day, Year] Last Updated: [Month Day, Year]

This Privacy Notice explains how [Paciva AI, Inc.] (“Paciva,” “we,” “us,” or “our”) collects, uses, discloses, retains, and protects Personal Information, meaning information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked with an individual. This Privacy Notice applies when you visit any Paciva website that links to this notice (the “Site”), create an account, use our products, applications, and related services (the “Services”), communicate with us, or otherwise interact with Paciva.

Paciva provides tools that help users reduce unwanted outreach and prioritize legitimate communications. To do that, the Services may process message content and related metadata from authorized integrations. Because some of this processing involves automated classification and because message content may be stored, this Privacy Notice describes our practices in plain language, including your choices and rights.

This Privacy Notice is intended to address transparency requirements under the EU General Data Protection Regulation and the UK GDPR (together, “GDPR”), and to provide disclosures required under the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA/CPRA”). If you use the Services on behalf of an organization, that organization may control how the Services are configured, including integrations, permissions, and retention settings.

1. Roles, scope, and key definitions

This section explains how privacy laws treat Paciva depending on the context. In some situations, Paciva decides why and how Personal Information is processed. In other situations, a customer decides and Paciva processes information only on the customer’s behalf. These distinctions affect which rights apply and how requests should be submitted.

1.1 Paciva as controller or business

Paciva acts as a “controller” under GDPR and a “business” under the CCPA/CPRA when we determine the purposes and means of processing Personal Information for our own operations, such as account creation and administration, billing, customer support, product analytics, product improvement, platform security, and marketing.

1.2 Paciva as processor or service provider

Paciva acts as a “processor” under GDPR and a “service provider” under the CCPA/CPRA when we process Personal Information that is submitted to the Services, connected to the Services, or routed through the Services by or on behalf of a customer, strictly under the customer’s instructions and our agreements with that customer. In that context, the customer controls the content and Paciva provides the technical service.

1.3 Customer Content and integration partners

“Customer Content” includes information that you or your organization submit to the Services or make available through authorized integrations. Customer Content may include Personal Information about you and about other individuals, such as contacts, senders, recipients, and invitees. “Integration partners” are third party platforms that you choose to connect to Paciva, such as Google and LinkedIn, and the information we receive from them depends on the permissions you authorize.

2. Personal Information we collect

This section describes what we collect and where it comes from. Paciva collects Personal Information directly from you, automatically from your device and usage, and from third parties when you connect integrations. The categories collected depend on the features you use and the permissions you grant.

2.1 Information you provide to Paciva

When you create an account or use the Services, we collect identifiers and account information such as your name, email address, username, authentication credentials, organization name, role, preferences, and settings. If you purchase a subscription, we collect billing and commercial information such as billing contact information, plan details, invoice history, transaction history, and payment status. Payment card details are typically collected and processed by our payment processor rather than stored by Paciva, although we may receive limited payment metadata such as the last four digits and card type.

When you communicate with us, we collect the content of those communications, including support tickets, emails, chat messages, feedback, survey responses, and any attachments you choose to send.

2.2 Information collected automatically

When you access or use the Site or Services, we collect device and usage information, which may include IP address, browser type, operating system, device identifiers, language settings, time zone, timestamps, pages or screens viewed, actions taken, referring and exit pages, and diagnostic data such as logs, error reports, and crash reports. We may derive approximate location from IP address. We also collect information necessary to maintain secure sessions and protect the Services, such as session identifiers and security related telemetry.

2.3 Information we receive from third parties

We may receive Personal Information from identity providers if you use single sign on, from referral or marketing partners, from event partners, and from public or professional sources where permitted by law. We may also receive information from vendors that support our operations, such as security tooling, fraud prevention tooling, and analytics services, to help protect and improve the Services.

2.4 Information processed from Google and LinkedIn integrations

If you connect Google or LinkedIn to the Services, we receive and process information from those platforms based on the permissions you grant and the actions you configure. Depending on the integration, this information may include message metadata and message content, sender and recipient information, timestamps, conversation context, and other data that you authorize. We also process the connection details required to maintain the integration, such as access tokens and workspace identifiers, and we store those details using protective measures consistent with our security program.

3. How we use Personal Information

This section explains why Paciva processes Personal Information. We use Personal Information to operate the Services, deliver requested functionality, improve reliability and performance, secure the platform, communicate with users, market our Services, and comply with law. The exact uses depend on your configuration and the features you enable.

3.1 Providing and operating the Services

We use Personal Information to create and manage accounts, authenticate users, provide access to the Services, maintain your integrations, process payments, deliver requested functionality, and provide customer support. We also use Personal Information to send operational communications such as confirmations, security notices, billing notices, and updates about changes to the Services.

3.2 Improving and developing the Services

We use Personal Information to understand how the Site and Services are used, monitor performance, troubleshoot errors, test and develop new features, improve user experience, and conduct internal research focused on improving reliability and usefulness.

3.3 Security, abuse prevention, and enforcement

We use Personal Information to protect the Services and our users, detect and prevent spam, fraud, abuse, malware, unauthorized access, and other harmful activity, and enforce our terms and policies. Because Paciva provides message intelligence features, this may include processing message content and metadata from connected integrations to assess whether content is likely to be spam or unwanted, as described in Section 4.

3.4 Communications and marketing

We use Personal Information to send communications about product updates, service announcements, educational content, events, and promotions where permitted by law. You can opt out of marketing emails using the unsubscribe link in those communications. Opting out of marketing does not affect non marketing communications necessary for service delivery, security, and billing.

3.5 Legal compliance and protection of rights

We use Personal Information to comply with applicable laws and lawful requests, maintain required records, protect the rights and safety of Paciva and others, and establish, exercise, or defend legal claims.

4. Scoring, analysis, and processing

This section describes how Paciva analyzes messages to help users reduce unwanted outreach. Because this may involve automated scoring and classification, this section also explains user controls, internal access limits, and our approach to automated processing that could affect users.

4.1 Purpose of message analysis

Paciva is designed to help users identify unwanted outreach and prioritize legitimate communications. To provide these capabilities, we analyze message content and related metadata from your authorized integrations to identify indicators associated with spam, automated outreach, malicious activity, or other unwanted or low-value communications.

4.2 What analysis may include

Our analysis may consist of automated scoring, classification, labeling, and routing based on characteristics such as sender signals, message structure, metadata patterns, known abuse indicators, and contextual or technical signals. The resulting classification may be used to organize messages, issue warnings, route items for review, or otherwise support user decision-making within the product experience.

4.3 User controls and correction

Paciva is designed to provide meaningful user control. Depending on how the Services are configured, users may be able to review messages processed through the Services, view categorizations, correct misclassifications, adjust preferences or rules, and override specific outcomes. The purpose of classification is to support the user’s decision-making and reduce noise, not to prevent the user from accessing their information, except where restrictions are necessary to protect the security and integrity of the Services.

4.4 Internal access and limited review

We restrict internal access to message content. Access is limited to authorized personnel and permitted only where necessary for customer support, security, compliance, investigation of suspected misuse, or platform integrity. It is subject to confidentiality obligations and access controls.

4.5 Automated decision making and significant effects

Paciva does not intend to make decisions about individuals that produce legal effects or similarly significant effects solely through automated processing. If Paciva introduces features that materially restrict access to the Services, suspend accounts, or impose account-level penalties based solely on automated processing, we will provide additional disclosures and, where required, appropriate safeguards, including a process to request human review and contest the outcome.

5. AI features and training

This section explains how we handle data when automated systems generate classifications or outputs. This is especially important for a product like Paciva, because message intelligence can raise questions about whether content is shared with outside model providers.

5.1 Automated systems used by Paciva

Paciva may use automated systems, including machine-learning-based classifiers, to evaluate signals and content from connected integrations and generate classifications, routing recommendations, summaries, or other outputs. When you use these features, we process your inputs, authorized message content and metadata, and the outputs generated.

5.2 No disclosure of message bodies to advertising partners or external model vendors

Paciva does not disclose message bodies to advertising partners, analytics advertising vendors, or external AI model providers for training or advertising purposes. Our message intelligence features are designed so that message content remains within Paciva’s controlled environment and is not used to build advertising profiles.

5.3 Training and improvement

Paciva does not use message bodies from Customer Content to train general-purpose models for other customers unless you or your organization explicitly opts in. If we ever offer an opt-in program for training or improvement using message content, we will describe it clearly at the point of choice.

6. Cookies, advertising, & tracking

This section explains how tracking technologies operate on our Site and what that means for interest-based advertising. Because you run interest-based ads, you need clear disclosures and choices, including opt-out mechanisms for California and consent mechanisms for jurisdictions that require them.

6.1 Cookies and similar technologies

Paciva uses cookies and similar technologies to operate the Site, maintain security, remember preferences, understand usage, improve performance, and measure the effectiveness of marketing campaigns. Some technologies are necessary for the Site to function. Other technologies are used for analytics and advertising measurement, and in some cases to support interest-based advertising.

6.2 Interest-based advertising

Paciva may work with advertising partners that help us display ads and measure campaign effectiveness. These partners may collect information about your interactions with our Site, such as device identifiers, IP addresses, browser characteristics, and activity on our Site, and may use that information to deliver interest-based ads on other sites and platforms. Paciva does not provide message bodies to these partners. This advertising ecosystem typically operates through cookies, pixels, SDKs, and similar tools.

6.3 Your choices for cookies and advertising

You can manage cookies in your browser settings and delete them using browser tools. Where required, we provide cookie banners or settings tools to manage non-essential cookies and advertising-related technologies. If your browser or device sends a recognized opt-out preference signal, such as Global Privacy Control, we process it, where applicable, to opt you out of certain forms of sharing associated with cross-context behavioral advertising.

7. Disclosure of Personal Information

This section explains when Paciva shares Personal Information with others. We disclose Personal Information to run the Services, support integrations you enable, operate marketing and analytics, comply with the law, and protect the platform. We do not disclose Personal Information except as described here.

7.1 Service providers

We disclose Personal Information to service providers that help operate the Site and Services and support business functions, such as hosting, infrastructure, storage, security monitoring, fraud prevention, customer support tooling, communications delivery, analytics, and payment processing. These providers process Personal Information only as necessary to provide services to Paciva and are bound by contractual obligations to protect it and limit its use.

7.2 Integration partners you connect

When you connect to Google or LinkedIn, Paciva exchanges data with those platforms as needed to provide the integration based on the permissions you grant and the actions you initiate or configure. Those platforms process information under their own policies and your settings with them, and you should review their privacy terms directly.

7.3 Advertising and measurement partners

Because Paciva runs interest-based advertising, we may disclose particular device and usage information from the Site to advertising and measurement partners to measure campaign effectiveness and support ad delivery. This disclosure does not include message bodies from Customer Content.

7.4 Organization accounts

If you use Paciva through an organization account, we may disclose certain information to the account owner or administrators for account management, billing, security, and compliance purposes, depending on the organization’s configuration.

7.5 Corporate transactions and legal requirements

We may disclose Personal Information in connection with a corporate transaction, such as a merger, acquisition, financing, reorganization, bankruptcy, or asset sale, subject to appropriate confidentiality protections. We may also disclose Personal Information where required by law, in response to legal process or a lawful request, or when disclosure is reasonably necessary to protect the rights, safety, and security of Paciva, our users, or others, and to enforce our agreements and policies.

8. Data retention

This section explains how long we keep Personal Information. Retention depends on the purpose of processing, legal requirements, security needs, and operational requirements. Because you store message bodies for two years, that term must be explicitly stated and consistently applied.

8.1 General retention approach

Paciva retains Personal Information only as long as necessary to fulfill the purposes described in this Privacy Notice, including providing the Services, maintaining security, complying with legal obligations, resolving disputes, and enforcing agreements.

8.2 Message body retention

Paciva retains message bodies processed through connected integrations for up to two years, unless a shorter period is required by law, the content is deleted earlier by the customer or user through the Services, or the account is terminated and content is deleted in accordance with our account closure processes. This retention supports core functionality, including historical review, user correction of classifications, auditability, and service reliability.

8.3 Account, billing, and support records

Account and billing records are retained while the account is active and for a reasonable period thereafter to support billing reconciliation, accounting and tax obligations, dispute resolution, and security. Support communications may be retained for a reasonable period to ensure continuity of support, prevent abuse, and improve service quality.

8.4 Logs, security records, and backups

Usage logs and security records are retained for a limited period appropriate to maintaining security, preventing abuse, and investigating incidents. Even after deletion, specific data may persist in backups for a defined period as part of standard disaster recovery practices, with access restricted and use limited to backup and recovery purposes.

9. Security

This section summarizes safeguards we use to protect Personal Information. It also clarifies that no system is perfect and that users have responsibilities, such as protecting credentials.

9.1 Safeguards

Paciva maintains administrative, technical, and physical safeguards designed to protect Personal Information against unauthorized access, loss, misuse, alteration, and disclosure. These safeguards include access controls, encryption in transit and at rest where appropriate, logging and monitoring, and confidentiality obligations for personnel with access to sensitive data.

9.2 User responsibilities

You are responsible for maintaining the confidentiality of your credentials and for using available security controls, including multi factor authentication where offered.

10. International transfers

This section explains cross-border processing. If you serve EU and UK users, you need a transfer mechanism statement.

10.1 Where we process information

Paciva is based in the United States and may process and store Personal Information in the United States and other countries where Paciva or its service providers operate.

10.2 Transfer safeguards

If you are located in the EEA, UK, or Switzerland and your Personal Information is transferred to a country that does not provide an adequate level of protection, Paciva relies on appropriate safeguards such as Standard Contractual Clauses and implements supplementary measures where appropriate.

11. Children

This section clarifies that the Services are not intended for children.

11.1 Not directed to children

The Site and Services are not intended for children under 13, and Paciva does not knowingly collect Personal Information from children under 13.

11.2 Removal requests

If you believe a child has provided Personal Information to Paciva, contact us, and we will take appropriate steps to delete the information.

12. GDPR and UK GDPR disclosures

This section provides the GDPR-required information, including the legal bases and individual rights. It applies when GDPR or UK GDPR covers your use of the Services, and Paciva acts as a controller.

12.1 Legal bases for processing

Where Paciva acts as a controller, we process Personal Information based on one or more legal bases, including processing necessary to perform a contract with you to provide the Services, processing necessary for Paciva’s legitimate interests in operating, improving, and securing the Services, processing necessary to comply with legal obligations, and consent where required, including for certain cookies and interest based advertising in jurisdictions that require opt in consent.

12.2 Your rights

Subject to applicable law, you may have the right to request access to your Personal Information, request correction, request deletion, request restriction of processing, object to processing, request data portability, and withdraw consent where processing is based on consent.

12.3 Complaints

You may have the right to lodge a complaint with your local data protection authority.

12.4 Processing on behalf of customers

Where Paciva acts as a processor for Customer Content, we process that content on behalf of customers under applicable data processing terms. If you are an end user whose data is controlled by a customer, rights requests relating to Customer Content may need to be directed to the customer.

13. California CCPA and CPRA disclosures

This section provides California-specific disclosures, including categories of Personal Information, considerations for Sensitive Personal Information, and opt-out rights related to the sale or sharing of Personal Information. Because you run interest-based advertising, California “sharing” and opt-out language must be explicit.

13.1 Categories of Personal Information collected

In the preceding twelve months, depending on how you interact with the Site and Services, Paciva may have collected identifiers such as name, email address, and IP address; customer records information such as billing contact details; commercial information such as subscription history; internet or other electronic network activity information such as device and usage data; approximate geolocation derived from IP address; professional information such as company name and role; and inferences drawn from usage patterns such as feature preferences.

13.2 Purposes of collection and use

Paciva collects and uses these categories of Personal Information to operate the Site and Services, provide support, process transactions, maintain security and prevent fraud and abuse, improve and develop the Services, perform analytics, communicate with users, and comply with legal obligations.

13.3 Sensitive Personal Information

Depending on how you use the Services, Customer Content may include communications, which may be treated as Sensitive Personal Information under California law in specific contexts. Paciva uses message content only as necessary to provide the Services, maintain security and integrity, prevent abuse, and comply with law. Paciva does not use message bodies to infer characteristics about you and does not provide message bodies to advertising partners.

13.4 Sale and sharing

Paciva does not sell Personal Information for money. Paciva may share specific site-related identifiers and activity information with advertising and measurement partners in a way that may be considered “sharing” for cross-context behavioral advertising under California law. You can opt out of this sharing through our cookie settings and through a “Your Privacy Choices” or “Do Not Sell or Share My Personal Information” mechanism where provided, and we also process recognized opt-out signals, such as Global Privacy Control, where applicable.

13.5 California consumer rights

Subject to applicable law, California residents may have the right to request access to specific pieces of Personal Information, request deletion, request correction, opt out of sale or sharing where applicable, and not receive discriminatory treatment for exercising privacy rights.

13.6 Exercising your rights and verification

You may submit a request by contacting us at [privacy@paciva.ai
] or through [Privacy Request Form URL]. We will verify requests using information reasonably necessary to confirm your identity. You may designate an authorized agent, subject to verification of authorization and identity as required by law.

14. Google and LinkedIn specific notes

This section provides integration-specific disclosures that are common for products that connect to major platforms.

14.1 Google API data

If you connect Google services, Paciva’s use and transfer of information received from Google APIs will comply with the Google API Services User Data Policy, including the Limited Use requirements. You can revoke Paciva’s access to Google services at any time through your Google account settings and, where available, through the connection controls in the Services.

14.2 LinkedIn data

If you connect to LinkedIn, Paciva processes LinkedIn data in accordance with the permissions you authorize and applicable LinkedIn platform requirements. You may revoke Paciva’s access through your LinkedIn settings and, where available, through the connection controls in the Services.

15. Changes to this Privacy Notice

This section explains how we update the notice.

15.1 Updates

Paciva may update this Privacy Notice from time to time. We will post the updated version and revise the “Last Updated” date.

15.2 Material changes

If we make material changes, we will provide notice as required by law, such as by posting a notice on the Site or within the Services.

16. Contact us

This section explains how to contact us with privacy-related questions or requests.

16.1 Privacy contact information

If you have questions about this Privacy Notice or want to exercise privacy rights, contact us at:

Email: [privacy@paciva.ai] Mail: [Paciva AI, Inc., Attn: Privacy, Address] Phone: [Optional]