Privacy Policy

Operator: PRAIVON — a technology company providing AI-powered identity protection services worldwide. Legal entity name and registration details will be finalized and updated here upon completion.

Contact for all privacy matters: contact@praivon.com

Registered address: To be updated upon final legal entity registration.

Services we provide: AI-powered monitoring for identity leaks and deepfakes, biometric reference management (face photographs and voice samples), expert-handled content takedown submissions, and real-time alerts when matches are detected.

This Privacy Policy explains what personal data we collect, for what purposes, how we use and protect it, and the rights you have under the General Data Protection Regulation (GDPR) and other applicable laws.

(a) Information you provide directly

• ▸Account: full name, email address, password (stored as a one-way cryptographic hash — never in plaintext), preferred language
• ▸Identity protection profile: your legal name, aliases, usernames on platforms to be monitored, brand keywords you want tracked
• ▸Biometric references (required for face and voice scanning): face photographs, voice samples — used solely to detect unauthorized use of your identity in monitored content
• ▸Payment information: processed directly by Stripe; we receive only a customer reference ID, subscription tier, and billing status — never your card number or banking details
• ▸Support communications: messages and attachments you send to contact@praivon.com

(b) Information collected automatically

• ▸Technical metadata: IP address, browser type, device type, operating system, language setting, and connection timestamps
• ▸Log and usage data: pages visited, dashboard actions taken, errors encountered — used for service operation, debugging, and security monitoring
• ▸Cookies: essential session cookies are always active; analytics and marketing cookies only with your explicit consent (see our Cookie Policy)

(c) Information from third parties

• ▸Google OAuth (if you choose to sign in with Google): name, email address, Google profile picture — only what is necessary for account creation and sign-in
• ▸Detection sources: when our monitoring identifies a potential match in publicly available content, we store the URL, platform name, detection type, and surrounding context as evidence to support any takedown request

• ▸We process biometric data ONLY with your explicit, informed consent — given during the onboarding setup process
• ▸Your consent is timestamped and recorded in our audit trail, as required by GDPR Article 9 and Article 7
• ▸Biometric data is used SOLELY to recognize your face and voice in web content we monitor — it is never shared with third parties, never sold, and never used to train AI models for any external purpose
• ▸You can permanently delete your biometric data at any time from Settings → 'Delete biometric data' — files are immediately erased from storage and all database references are cleared
• ▸On full account deletion, all biometric files are permanently erased as part of the automated deletion process
• ▸Biometric files are encrypted at rest using AES-256 and are protected at the database layer by Row Level Security — only your authenticated account can access your biometric references

• ▸Provide and maintain the service: scanning, detection, takedown coordination, dashboard access, and alert delivery
• ▸Account management: authentication, identity verification, billing processing, and account-related communications
• ▸Security and fraud prevention: detecting abuse, rate limiting, and protecting against unauthorized access or account takeovers
• ▸Legal compliance: processing DMCA notices, handling GDPR/CCPA data subject requests, complying with court orders, and maintaining tax records
• ▸Service improvement: aggregated and anonymized analytics (no individual behavioral profiling) about how features are used — to prioritize product development
• ▸Marketing communications: only with your explicit consent, with one-click unsubscribe available in every email we send

• ▸Performance of contract (GDPR Article 6(1)(b)): providing the identity protection service you signed up and paid for, including all monitoring, detection, and takedown coordination
• ▸Consent (GDPR Article 9(2)(a) and Article 6(1)(a)): biometric data processing — explicit consent required at onboarding; marketing communications — opt-in only; optional analytics cookies — consent via cookie banner
• ▸Legitimate interests (GDPR Article 6(1)(f)): service security, fraud prevention, and improving service performance — always balanced against your rights and freedoms, and never overriding them
• ▸Legal obligation (GDPR Article 6(1)(c)): tax record-keeping, responding to court orders, processing mandatory regulatory requests, and DMCA compliance

• ▸Praivon uses AI for: face matching (comparing monitored content against your enrolled face reference), voice analysis (comparing monitored audio/video against your voice reference), deepfake detection (identifying synthetically generated content using your likeness), and content classification (categorizing detected content by type and severity)
• ▸These are NOT automated decisions with legal or similarly significant effects within the meaning of GDPR Article 22 — a qualified human operator reviews every detected match before any external action is taken, especially before any takedown notice is submitted to a platform
• ▸We do not use your personal data or biometric references to train foundation AI models — for us or for any third party
• ▸Under the EU AI Act (applicable from August 2026), we maintain documentation appropriate to the risk classification of the AI systems we deploy
• ▸You have the right to request human review and a meaningful explanation of any AI-supported detection or classification decision — contact contact@praivon.com

We share personal data only with the following vetted sub-processors, required for the service to function:

• ▸We may also share information when legally compelled to do so (court orders, regulatory requests, law enforcement with a valid legal basis) — we will attempt to notify you unless legally prohibited from doing so
• ▸We may share data with your explicit, specific consent for purposes not listed above
• ▸In the event of a business transfer (sale, merger, acquisition, or restructuring), your data may be transferred to the successor entity — you will be notified in advance and given meaningful choices about your data

We never sell your personal data. Full stop.

• ▸Primary data storage: Frankfurt, Germany — within the European Economic Area (EEA), fully subject to GDPR with no additional transfer mechanisms required
• ▸Sub-processors located in the United States (Resend, Vercel, Google): transfers are governed by Standard Contractual Clauses (SCCs) adopted by the European Commission, providing legally adequate safeguards per GDPR Chapter V
• ▸For Enterprise and Custom plan clients: we offer signed Data Processing Agreements (DPA) and, upon request, supplementary SCC arrangements tailored to your compliance requirements
• ▸We do not transfer biometric data outside the EU under any circumstances

• ▸Active account: all data retained while your account is active and subscription is in good standing
• ▸After account closure: 12-month retention period for legal compliance, dispute resolution, and audit purposes — then permanent deletion across all primary databases and backups
• ▸Biometric data: deleted immediately upon your explicit biometric-deletion request (via Settings), or as part of the account closure process — no grace period
• ▸Detection and takedown records: retained for 12 months after account closure; aggregated and fully anonymized statistics may be kept longer for service improvement
• ▸Backup retention: backups are rotated on a 30-day cycle and overwritten automatically
• ▸Legal hold: if Praivon becomes subject to litigation, a regulatory investigation, or a court-ordered data preservation request, specific data may be retained beyond standard periods until the matter is fully resolved

• ▸Encryption at rest: AES-256 across all data, including biometric files
• ▸Encryption in transit: TLS 1.3 for all connections
• ▸Row Level Security (RLS) at the database layer: each user can only access their own data — this protection is enforced by the database itself, even if the application layer were bypassed
• ▸Two-factor authentication (TOTP): available for all accounts, strongly recommended — enable it in Settings
• ▸Limited internal access: only authorized personnel can view client data; all administrative actions are logged in a tamper-evident audit trail
• ▸Regular security reviews, penetration testing, and dependency updates
• ▸Despite our best efforts, no method of internet transmission or data storage is 100% secure. We cannot guarantee absolute security — we also ask that you use a strong, unique password and enable 2FA on your account

Under GDPR (and equivalent protections under UK GDPR, Swiss FADP, Brazil LGPD, and similar frameworks worldwide), you have the right to:

• ▸Access: obtain a copy of all personal data we hold about you (GDPR Article 15)
• ▸Rectification: correct inaccurate or incomplete personal data (GDPR Article 16)
• ▸Erasure: delete your account or specific data — 'the right to be forgotten' (GDPR Article 17), available directly in your dashboard
• ▸Restriction: limit how we process your data in certain circumstances (GDPR Article 18)
• ▸Data portability: receive your personal data in a structured, machine-readable format — JSON export available in Settings → Data (GDPR Article 20)
• ▸Object: object to processing based on legitimate interests at any time (GDPR Article 21)
• ▸Withdraw consent: at any time for biometric data and marketing emails — this does not affect the lawfulness of processing carried out before withdrawal
• ▸Not be subject to automated decisions: request human review of any AI-assisted detection or classification (GDPR Article 22)
• ▸Lodge a complaint: in Romania — ANSPDCP (dataprotection.ro); in other EU countries — your national Data Protection Authority; in the UK — ICO (ico.org.uk)

To exercise any of these rights, contact contact@praivon.com. We will respond within 30 days. We may need to verify your identity before processing the request.

• ▸Know: understand what categories of personal information we collect, the sources, the purposes, and who we share it with
• ▸Delete: request deletion of personal information we have collected
• ▸Correct: request correction of inaccurate personal information
• ▸Opt out of sale or sharing: Praivon does not sell or share personal information for cross-context behavioral advertising — this right is not applicable
• ▸Non-discrimination: we will not discriminate against you for exercising your CCPA rights
• ▸Limit use of sensitive personal information: we already limit biometric data use to the minimum necessary for the service

Categories of personal information collected in the past 12 months: Identifiers (email, name); Commercial information (subscription history); Internet and network activity (usage logs); Biometric information (face and voice references — Premium and Custom plans); Professional information (only if voluntarily provided); Inferences drawn from the above.

To submit a California privacy rights request, email contact@praivon.com with the subject line 'CCPA Request'.

• ▸UK residents: Your rights mirror those under EU GDPR, extended by the UK GDPR. Supervisory authority: Information Commissioner's Office (ICO) at ico.org.uk
• ▸Switzerland: The revised Swiss Federal Act on Data Protection (revFADP) applies. Supervisory authority: Federal Data Protection and Information Commissioner (FDPIC)
• ▸Brazil: The Lei Geral de Proteção de Dados (LGPD) applies. Authority: Autoridade Nacional de Proteção de Dados (ANPD)
• ▸Other regions: We work to honor equivalent privacy rights in all jurisdictions where we operate. If your local law provides stronger rights than those listed above, those stronger rights apply to you
• ▸For any region-specific privacy question, contact contact@praivon.com

• ▸Praivon is designed for adults aged 18 or older and is not directed at children under 18
• ▸We do not knowingly collect personal information from anyone under 18
• ▸If you believe a child under 18 has created an account or provided personal information to Praivon, contact contact@praivon.com immediately — we will promptly delete the account and all associated data
• ▸If age verification becomes necessary in specific circumstances, we reserve the right to request supporting documentation

• ▸In the event of a personal data breach likely to result in risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of it (GDPR Article 33)
• ▸If the breach is likely to result in high risk to your rights and freedoms, we will notify you directly without undue delay, describing the nature of the breach and the steps taken (GDPR Article 34)
• ▸Our security incident response process includes: immediate containment, detailed assessment, regulatory notification, direct notification to affected individuals, and full remediation
• ▸Notification will be sent to the email address associated with your Praivon account

• ▸We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or privacy best practices
• ▸The 'Last updated' date at the top of this page reflects the version currently in effect
• ▸For material changes — those that significantly affect your rights or how we use your data — we will notify active users by email at least 30 days before the change takes effect
• ▸We will also display a prominent notice on the Praivon website and in the dashboard for material changes
• ▸Continued use of Praivon after the effective date of any update constitutes your acceptance of the revised Privacy Policy

• ▸Praivon uses essential cookies for session management (keeping you signed in) and language preference
• ▸Analytics cookies (if and when enabled): set only with your explicit consent, to help us understand how the service is used in aggregate — no individual profiling
• ▸We do not set advertising or marketing cookies
• ▸Cookie consent is managed through the banner that appears on first visit — you can update preferences anytime via 'Cookie preferences' in the site footer
• ▸For full details on every cookie we use, see our Cookie Policy at /cookies

View Cookie Policy →

For any privacy-related question, data subject request, or concern, we are here to help:

• ▸Email: contact@praivon.com — the only contact needed for all privacy matters
• ▸Postal address: To be updated upon final legal entity registration
• ▸Response time: We aim to respond within 30 days, and often much sooner for straightforward requests

You also have the right to lodge a complaint directly with your national data protection supervisory authority (see Section 11 for authority details). We are always willing to work with you to resolve any concern before escalation.