Legal

Privacy Policy

Last updated: June 9, 2026

1. Who we are

Audvera AI, Inc. (“Audvera”, “we”, “us”) provides an AI-native audit management and GRC platform at audvera.com. This policy explains what personal data we collect, how we use it, and the choices you have. It applies to our websites, the free risk assessment, trials, and the Audvera application.

2. Two kinds of data

We distinguish between personal data we control (your name, email, billing details, usage analytics) and customer audit content we process on your behalf (engagements, risks, controls, workpapers, evidence files your team uploads). For audit content, your organization is the data controller and Audvera acts as a processor under your instructions.

3. Data we collect

  • Account and lead data. Email address, name, organization, and role when you request the free risk assessment, start a trial, or create an account.
  • Customer audit content. Engagement plans, risk registers, controls, test results, findings, and evidence files your team creates or uploads.
  • Billing data. Processed by Stripe. We never store full card numbers.
  • Usage data. Product analytics (pages viewed, features used) via PostHog. Session replay, where enabled, masks sensitive fields and audit content.

4. How we use data

  • To provide and operate the service, including AI-assisted drafting you request.
  • To send transactional email: magic links, trial onboarding, billing notices.
  • To improve the product based on aggregate usage patterns.
  • To respond to support requests and meet legal obligations.

We do not sell personal data. We do not share it with advertisers.

5. AI processing

When you use AI features, the relevant engagement context is sent to our AI subprocessors to generate the draft you requested. We do not use your audit content to train AI models, and our AI subprocessors process it under API terms that prohibit training on customer data. Every AI generation is logged so your team can see what was generated, from what inputs, and who reviewed it.

6. Subprocessors

We use a small set of infrastructure providers:

  • Cloud hosting and database infrastructure (United States)
  • Stripe — payment processing
  • Resend — transactional email delivery
  • PostHog — product analytics
  • Google (Gemini API) — AI model inference

Enterprise customers can request the current subprocessor list and our data processing addendum at info@audvera.com.

7. Cookies

We use strictly necessary cookies for authentication and session security, and first-party analytics cookies to understand product usage. We do not use third-party advertising cookies.

8. Retention and deletion

Customer audit content is retained for the life of your subscription and deleted on verified request after termination, subject to a short backup window. Lead data from the free assessment is retained until you ask us to delete it. Email info@audvera.com to request deletion.

9. Security

Data is encrypted in transit and at rest. Access is tenant-isolated at the query level, role-based within your workspace, and logged. Audit trails in the product are append-only. We notify affected customers of security incidents without undue delay.

10. Your rights

Depending on your jurisdiction (including GDPR and CCPA), you may have rights to access, correct, export, or delete your personal data, and to object to certain processing. Contact info@audvera.com and we will respond within the timelines required by applicable law. If your data is in a customer workspace, we may direct your request to that customer as the controller.

11. Changes

We will post updates to this policy here and update the date above. Material changes affecting customer data handling will be communicated by email.

12. Contact

Audvera AI, Inc. · info@audvera.com