Privacy Policy

1. Who We Are

AvidiaTech (“AvidiaTech”, “we”, “us”, or “our”) operates the product data automation platform available at avidiatech.com (the “Service”). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service.

For the purposes of the General Data Protection Regulation (GDPR) and similar laws, AvidiaTech is the data controller of personal information collected through the Service.

If you have any questions about this Policy, please contact us at privacy@avidiatech.com.

2. Information We Collect

a. Information you provide directly

• Account information: name, email address, and password (managed through Clerk, our identity provider).
• Billing information: payment method details are collected and stored by Stripe, our payment processor. We receive only non-sensitive identifiers such as the last four digits of your card and billing address.
• Organization details: company name and team member email addresses you invite.
• User content: product data, URLs, descriptions, translations, and other content you submit for processing.
• Communications: messages you send to our support team.

b. Information collected automatically

• Usage data: pages visited, features used, API calls made, and usage counts (extractions, descriptions, translations, etc.).
• Device and log data: IP address, browser type, operating system, referring URLs, and timestamps.
• Cookies and similar technologies: session cookies required for authentication and optional analytics cookies (see Section 6).

c. Information from third parties

• Authentication providers: if you sign in via Google or another OAuth provider through Clerk, we receive basic profile information (name, email).
• Stripe: subscription status, invoice history, and payment events via webhooks.

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and improve the Service.
• Create and manage your account and organisation.
• Process payments and manage subscriptions.
• Send transactional emails (account creation, invoices, trial notices, payment alerts).
• Respond to support requests.
• Monitor and enforce usage quotas associated with your subscription plan.
• Detect, investigate, and prevent fraudulent or abusive activity.
• Comply with legal obligations.
• Send product updates and marketing communications where you have consented or where permitted by applicable law (you may opt out at any time).

Legal bases (GDPR): We process your personal data on the following legal bases: (i) performance of a contract — to deliver the Service you have subscribed to; (ii) legitimate interests — to improve our Service and prevent fraud; (iii) legal obligation — to comply with applicable law; and (iv) consent — for optional marketing communications and non-essential cookies.

4. How We Share Your Information

We do not sell your personal information. We share it only in the following circumstances:

• Service providers: we share data with trusted third parties that help us operate the Service, including Clerk (authentication), Stripe (payments), Supabase (database), Vercel (hosting), Resend (transactional email), Sentry (error monitoring), and OpenAI / Anthropic (AI processing). These providers are contractually bound to use your data only to provide services to us.
• Your team: organisation owners can see team member names and email addresses within the same organisation.
• Legal requirements: we may disclose information if required by law, court order, or governmental authority, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business transfers: if AvidiaTech is acquired or merges with another company, your information may be transferred as part of that transaction. We will notify you via email or a prominent notice on the Service before your data is subject to a different privacy policy.

5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. If you close your account, we will delete or anonymise your personal data within 90 days, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention, financial records).

AI-processed product data (extracted content, descriptions, translations) is retained for the lifetime of your subscription and deleted within 30 days of account closure.

6. Cookies

We use the following categories of cookies:

• Strictly necessary: session and authentication cookies set by Clerk. Required for the Service to function. Cannot be disabled.
• Analytics (optional): we may use privacy-preserving analytics to understand feature usage. These cookies require your consent where applicable law demands it.

You can manage cookie preferences in your browser settings. Disabling analytics cookies will not affect Service functionality.

7. International Transfers

AvidiaTech operates from the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. These transfers are subject to appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission, where required.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you.
• Correction: request correction of inaccurate or incomplete data.
• Erasure: request deletion of your personal data (“right to be forgotten”), subject to legal obligations.
• Restriction: request that we limit how we process your data in certain circumstances.
• Portability: receive your data in a structured, machine-readable format.
• Objection: object to processing based on legitimate interests, including for direct marketing.
• Withdraw consent: where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

California residents (CCPA/CPRA): you have the right to know, delete, and opt out of the sale or sharing of your personal information. We do not sell personal information. To exercise your rights, contact privacy@avidiatech.com.

To exercise any of these rights, email privacy@avidiatech.com. We will respond within 30 days (or as required by applicable law). We may request identity verification before processing your request.

9. Security

We implement industry-standard security measures including TLS encryption in transit, AES-256 encryption at rest (via Supabase), role-based access controls, and regular security reviews. All authentication is managed by Clerk, which is SOC 2 Type II certified. Despite these measures, no system is completely secure. In the event of a data breach that poses a risk to your rights, we will notify you and relevant authorities as required by law.

10. Children’s Privacy

The Service is intended for business use and is not directed at children under the age of 16. We do not knowingly collect personal data from children. If we learn that we have inadvertently collected data from a child, we will delete it promptly. If you believe a child has provided us with their information, please contact privacy@avidiatech.com.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email (to the address associated with your account) and by posting a prominent notice on the Service at least 14 days before the change takes effect. Your continued use of the Service after the effective date constitutes acceptance of the revised Policy.

12. Contact Us

If you have questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us:

If you are located in the European Economic Area and are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.