Privacy Policy

1. Introduction

Optivor Technologies Inc. ("Optivor," "we," "us," or "our") operates the Optivor Agent Experience Management platform. This Privacy Policy describes what personal and operational data we collect, why we collect it, how we store and process it, and the rights you have over your information. By using our platform, you agree to the practices described in this document.

2. Data We Collect

a) Account & Customer Data
When you register for or use Optivor, we collect your name, professional email address, company name, and billing details. Payment processing is handled exclusively by a PCI-DSS Level 1 certified provider. Optivor does not store raw card numbers or sensitive payment credentials.

b) Site & Content Data
To generate your AXM reports and machine-readable output files (including llms.txt), we ingest the publicly accessible HTML content, structured data, and metadata of URLs you submit to the platform. This content is processed solely to produce AI-optimized outputs within your account.

c) Agent Analytics Data
We collect technical metadata from AI agents accessing your Optivor Gateway, including HTTP User-Agent strings, anonymized IP addresses, request headers, and crawl timestamps. This data is used exclusively to provide you with agent traffic insights and is never sold or shared.

d) Usage & Platform Data
We collect standard interaction data (feature usage, session metadata, error logs) to maintain and improve the platform experience. This data is processed using first-party privacy-respecting tooling and is not linked to advertising profiles.

3. How We Use Your Data

• To provision and operate the Service, including Gateway routing, llms.txt generation, and the AXM analytics dashboard.
• To generate your proprietary intelligence scores: AI Accessibility Score (AIAS), Semantic Trust Matrix (STM), and Agent Latency Index (ALI).
• To send product updates, security notifications, and support communications.
• To improve Optivor's internal algorithms and scoring models — using aggregated, de-identified data only. We do not use your identifiable data to train models sold to third parties.

We do not sell your data to third-party brokers or data marketplaces. We are in the business of optimization, not data harvesting.

4. Data Retention Policy

We follow a tiered retention policy designed to balance performance, privacy, and compliance:

• Hot Data (0–7 days): Retained for immediate analytics processing and real-time dashboard delivery.
• Warm Storage (7–90 days): Retained for trend analysis, comparative reporting, and ongoing account features.
• Cold Archive (90 days – 12 months): Moved to encrypted cold storage (S3 Glacier) for R&D and compliance auditing purposes only.
• Account Deletion: Upon verified deletion request, all personal and site data is purged across all storage tiers within 30 days.

5. Data Sharing & Third-Party Processors

We share data only with the following categories of service providers, strictly as required to operate the platform:

• Cloud Infrastructure: AWS (US-East, Oregon; EU-Frankfurt) and Cloudflare (global edge network).
• Payment Processing: LemonSqueezy (PCI-DSS compliant).
• Internal Analytics: First-party tooling only; no third-party behavioral ad networks.

All third-party processors are bound by Data Processing Agreements (DPAs) consistent with GDPR Article 28 requirements.

6. Your Rights (GDPR / CCPA / KVKK)

Regardless of your location, you have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate or incomplete data.
• Request erasure of your data ("right to be forgotten").
• Object to or restrict certain types of processing.
• Receive a machine-readable copy of your data (data portability).
• Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at privacy@optivor.app. We will respond within 30 days.

7. International Data Transfers

Optivor operates infrastructure in the United States (AWS US-East) and the European Union (AWS EU-Frankfurt). Cross-border data transfers are governed by Standard Contractual Clauses (SCCs) approved by the European Commission. EU-based users' data is processed and stored in compliance with GDPR Chapter V requirements.

8. Security

We implement industry-standard controls including TLS 1.3 encryption in transit, AES-256 encryption at rest, strict role-based access control, network segmentation, and regular security audits. Despite these measures, no system is completely immune to risk. If you discover a suspected vulnerability, please report it immediately to security@optivor.app.

9. Cookies

Optivor uses strictly necessary cookies to maintain authenticated session state. We do not deploy advertising cookies, cross-site tracking pixels, or third-party behavioral analytics scripts. Our analytics infrastructure is first-party and privacy-respecting.

10. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable regulations. We will notify active account holders by email at least 14 days before any material change takes effect. Continued use of the platform after that date constitutes acceptance of the revised policy.