Privacy Policy

This policy applies to personal data processed by Prodvo across the public website, legal pages, product experiences, APIs, customer support, and related operational workflows.

This Privacy Policy should be read with the Terms of Service, Commercial Agreement, and Data Processing Agreement.

Where a signed enterprise agreement or DPA sets specific processing terms, that agreement governs for the covered customer relationship.

For the processing described in this policy, Prodvo acts as the data controller for account, billing, support, security, and product operations data.

Depending on how you use Prodvo, we may process the following categories of personal data:

• Identity and account data: name, work email, organization, workspace membership, role, plan tier, and account preferences.
• Authentication and access data: login events, session metadata, IP address, device and browser characteristics, and security events.
• Workspace and run metadata: run history, checkpoints, approval events, rollback events, audit trail entries, and operational status metadata.
• Integration metadata: repository connection settings, integration scopes, OAuth authorization metadata, and related administrative configuration.
• Billing and commercial data: subscription status, invoices, transaction references, and finance-related support interactions.
• Support and communication data: support tickets, messages, legal inquiries, abuse reports, and attached evidence.
• Telemetry and diagnostics: product usage events, performance traces, reliability metrics, and anti-abuse signals.

We collect personal data from multiple sources:

• Directly from you: account creation, workspace setup, support requests, legal contacts, and abuse reports.
• From your organization administrators: seat assignment, role grants, and workspace management actions.
• From connected services: authentication and integration metadata from providers you authorize.
• Automatically from product use: logs, diagnostics, and run metadata generated as part of normal platform operation.

Some fields are required to create and secure an account, process billing, or provide contractual services. Optional fields can usually be skipped, but this may reduce feature completeness or support responsiveness.

Prodvo processes personal data for the following purposes:

• Service delivery and account administration (contract performance).
• Run execution, checkpointing, rollback, and auditability(contract performance and legitimate interests in reliable operations).
• Security monitoring, abuse prevention, and incident response(legitimate interests and legal obligations where applicable).
• Billing, invoicing, and financial compliance (contract performance and legal obligations).
• Support, legal handling, and dispute management (contract performance, legitimate interests, and legal obligations).
• Product improvement and reliability analytics (legitimate interests, and consent where legally required).
• Marketing communications and optional updates (consent or legitimate interests, depending on jurisdiction and communication type).

Where consent is the legal basis, you may withdraw consent at any time without affecting prior lawful processing.

Prodvo may use cookies, local storage, and similar technologies to support session continuity, security, preferences, analytics, and service performance.

• Strictly necessary technologies: required for core platform functionality such as authentication, security, and session continuity.
• Optional analytics or performance technologies: enabled and operated according to local consent requirements.

Where law requires consent for non-essential cookies or trackers, users can manage preferences and refuse optional categories. Consent choices may be refreshed after legally relevant periods.

We share data only where needed to operate Prodvo, meet contractual commitments, or comply with legal obligations.

• Infrastructure providers for hosting, compute, networking, and storage.
• Security and observability providers for monitoring, abuse prevention, and reliability.
• Billing and payment providers for subscription and invoice operations.
• Communication providers for transactional email and support workflows.
• Integration providers that you explicitly connect to your workspace.
• Authorities or advisors where required for legal, regulatory, or enforcement reasons.

We do not sell personal data. We require subprocessors to process data under documented instructions and appropriate confidentiality and security terms.

Prodvo and its service providers may process data in jurisdictions outside your country. Where applicable law requires safeguards for international transfers, we use recognized mechanisms such as contractual safeguards and supplementary controls.

Additional transfer information can be requested through privacy@prodvo.dev.

Prodvo applies layered administrative, technical, and organizational security controls designed to protect confidentiality, integrity, and availability.

• Encryption in transit and at rest for relevant service data.
• Access control layers, including role-based controls on qualifying plans.
• Auditability features such as run metadata and checkpoint trails.
• Security monitoring and incident response procedures.

While no system can guarantee absolute security, we continuously review and improve controls to address evolving risk profiles.

Security issues can be reported to security@prodvo.dev.

We retain personal data only as long as required for the purpose it was collected, to satisfy contractual and legal obligations, and to protect service and customer security.

• Account and workspace records: retained for active service delivery and post-termination legal or security requirements.
• Operational logs and checkpoint metadata: currently described in product materials as a 90-day default, with custom options available for eligible enterprise customers.
• Billing and invoice records: retained according to legal and accounting obligations.
• Support and abuse-report evidence: retained according to investigation, legal, and security needs.

At the end of applicable retention windows, data is deleted, de-identified, or archived under restricted legal-hold conditions.

Prodvo is designed for professional and organizational use. It is not intended for use by children under the age required by applicable data protection laws.

If you believe a minor has provided personal data in violation of this policy, contact privacy@prodvo.dev so we can review and take appropriate action.

Subject to local law, you may have the right to:

• Access and receive a copy of your personal data.
• Correct inaccurate or incomplete personal data.
• Request deletion of personal data under applicable conditions.
• Restrict or object to certain processing activities.
• Receive portable data where portability applies.
• Withdraw consent where consent is the legal basis.
• Object to direct marketing communications and related profiling where applicable.

Some rights may be limited where processing is required for legal obligations, security needs, fraud prevention, or legal defense.

Rights requests can be submitted to privacy@prodvo.dev. To protect account security, we may request verification before releasing or changing protected data.

We aim to respond within applicable legal deadlines. Complex requests may require additional time where permitted by law.

You may also lodge a complaint with your local supervisory authority, including the CNIL in France or another competent authority in your jurisdiction.

Prodvo uses automated systems to support run orchestration, product reliability, abuse detection, and operational prioritization.

We do not intentionally use solely automated decision-making that produces legal effects on individuals without appropriate human review and legal basis.

We may update this Privacy Policy when laws, product functionality, integrations, or operational practices change.

Material updates are posted on this page with a revised effective date. Where required, additional notice channels may be used.