Privacy Policy

Last updated: February 26, 2026

1. What We Collect

Account information: When you sign up, we collect your name, email address, and company name to create your account and org.

Decision logs (Customer Data): When your AI agents send decisions to SealVera via the SDK or API, we store the fields you submit — typically agent name, action, decision outcome, input metadata, and output metadata. You control exactly what goes into these fields. We recommend logging decision metadata rather than raw prompts or PII.

Usage data: We collect information about how you use the Service — page views, feature usage, API call counts — to improve the product and enforce plan limits.

Communication: If you contact us, we retain the content of that communication.

2. What We Don't Do

• We do not sell your data to third parties
• We do not use your Customer Data to train AI or machine learning models
• We do not share your Customer Data with other customers
• We do not mine your audit logs for advertising or profiling purposes

3. How We Use Your Data

We use the data we collect to:

• Provide, operate, and improve the Service
• Authenticate users and maintain account security
• Send transactional emails (account creation, alerts, compliance reports)
• Monitor service health and enforce plan usage limits
• Respond to support requests

4. Data Isolation

All Customer Data is scoped to your organization. Users in your org can only access your org's data — no cross-contamination between customers on the shared tier.

Enterprise customers receive dedicated instances where their data is stored in an isolated environment and never co-mingles with other customers' data.

5. Data Security

We implement industry-standard security measures including encryption in transit (TLS), encryption at rest, and cryptographic attestation of every log entry. Each log entry is SHA-256 hashed and RSA-signed to detect tampering.

Despite these measures, no system is 100% secure. We encourage you to use strong API keys, rotate credentials regularly, and report any suspected security issues to security@sealvera.com.

6. Data Retention

We retain Customer Data for as long as your account is active or as needed to provide the Service. Retention periods by plan:

• Free: 30 days
• Team: 1 year
• Enterprise: Custom, per agreement

Upon account deletion, we will delete or anonymize your Customer Data within 30 days, except where retention is required by law.

7. Third-Party Services

We use the following third-party services to operate SealVera:

• Clerk — authentication and user management
• Resend — transactional email delivery
• AWS — cloud infrastructure (for hosted instances)
• OpenAI — optional: used for auto-extracting evidence from AI decision outputs when you enable this feature

Each of these services has its own privacy policy. We only share the minimum data necessary for them to perform their function.

8. Cookies

We use session cookies for authentication (httpOnly, secure). We do not use tracking or advertising cookies.

9. Your Rights

Depending on your location, you may have the right to access, correct, delete, or export your personal data. To exercise these rights, contact us at privacy@sealvera.com. We will respond within 30 days.

EU/EEA residents: SealVera processes your data under the legal bases of contract performance and legitimate interests. You have the right to lodge a complaint with your local supervisory authority.

10. Children

SealVera is not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a prominent notice on the Service. Continued use after changes take effect constitutes acceptance.

12. Contact

Privacy questions or requests: privacy@sealvera.com

Security issues: security@sealvera.com