Privacy Policy

Last Updated: December 9, 2024

1. Introduction

VivaStaff, Inc. ("VivaStaff," "Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our website at vivastaff.ai and our AI-powered customer service platform (collectively, the "Services").

By using our Services, you consent to the data practices described in this Privacy Policy. If you do not agree with these practices, please do not use our Services.

2. Information We Collect

2.1 Information You Provide Directly

We collect information you voluntarily provide when using our Services, including:

  • Account Information: Name, email address, password, company name, and contact preferences when you register for an account
  • Business Information: Business description, industry, tone preferences, and operational context you provide during onboarding
  • Payment Information: Billing address and payment details (processed securely by our payment processor, Stripe)
  • Communications: Emails, messages, and other content processed through our platform
  • Support Inquiries: Information you provide when contacting our support team
  • Team Member Information: Names and email addresses of team members you invite to your account

2.2 Information Collected Automatically

When you use our Services, we automatically collect certain information, including:

  • Device Information: IP address, browser type and version, device type, operating system
  • Usage Data: Pages visited, features used, time spent on the platform, click patterns
  • Log Data: Access times, error logs, and referring URLs
  • Location Information: General geographic location based on IP address

2.3 Information from Third-Party Integrations

When you connect third-party services to our platform, we may collect:

  • Email Provider Data: Email content, metadata, and sender/recipient information from connected Gmail or Outlook accounts
  • Calendar Data: Event details, availability, and scheduling information from Google Calendar or Microsoft Outlook
  • Authentication Tokens: OAuth tokens to maintain secure connections with third-party services

2.4 Cookies and Tracking Technologies

We use cookies, web beacons, and similar technologies to collect information about your browsing activities. See Section 9 for more details about our cookie practices.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Providing and Improving Services

  • Deliver, maintain, and improve our AI-powered communication platform
  • Process and respond to your customer communications
  • Generate AI-assisted draft responses for your review
  • Manage appointments and calendar integrations
  • Qualify and manage leads on your behalf
  • Personalize your experience based on your preferences

3.2 Account Management

  • Create and manage your account
  • Process payments and manage subscriptions
  • Verify your identity and prevent fraud
  • Provide customer support

3.3 Communications

  • Send transactional emails (account verification, password resets, billing)
  • Send service-related announcements and updates
  • Send marketing communications (with your consent)
  • Respond to your inquiries and support requests

3.4 Analytics and Research

  • Analyze usage patterns to improve our Services
  • Conduct research and development
  • Generate aggregated, anonymized insights

3.5 Legal and Security

  • Protect against fraud, abuse, and security threats
  • Comply with legal obligations
  • Enforce our Terms of Service
  • Protect the rights and safety of our users and third parties

4. AI and Machine Learning

Our Services use artificial intelligence and machine learning to provide features such as email draft generation and lead qualification. Here's how we handle your data in relation to AI:

  • Processing: We use AI to analyze and respond to customer communications on your behalf
  • No External Model Training: Your personal information and business data will never be transferred, delivered, or made available to train external generative AI products or third-party models
  • Data Isolation: Your data is processed in isolation and is not shared with other customers
  • Human Review: AI-generated content is presented to you for review before being sent

5. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

5.1 Service Providers

We share information with trusted third-party service providers who assist us in operating our Services:

  • Cloud Infrastructure: Cloudflare (hosting, security, and CDN)
  • Payment Processing: Stripe (subscription billing and payments)
  • Email Delivery: Resend (transactional email delivery)
  • Analytics: PostHog (product analytics and user behavior)
  • AI Services: Anthropic (AI model API for content generation)

These providers are contractually obligated to protect your information and may only use it to provide services to us.

5.2 Legal Requirements

We may disclose your information if required by law or in response to:

  • Court orders, subpoenas, or other legal processes
  • Requests from law enforcement or government agencies
  • To protect our rights, privacy, safety, or property
  • To investigate potential violations of our Terms of Service

5.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.

5.4 With Your Consent

We may share your information for other purposes with your explicit consent.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

  • Encryption: Data is encrypted in transit using TLS/SSL and at rest where applicable
  • Secure Authentication: Passwords are hashed using bcrypt with industry-standard cost factors
  • Access Controls: Access to personal data is restricted to authorized personnel only
  • Secure Infrastructure: Our services are hosted on Cloudflare's secure global network
  • Regular Security Reviews: We conduct periodic security assessments and updates

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

7. Data Retention

We retain your personal information for as long as necessary to:

  • Provide our Services to you
  • Comply with legal obligations
  • Resolve disputes and enforce our agreements
  • Maintain business records as required by law

When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal or regulatory purposes.

8. Your Rights and Choices

8.1 General Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information
  • Portability: Request a copy of your data in a portable format
  • Restriction: Request restriction of processing in certain circumstances
  • Objection: Object to processing based on our legitimate interests
  • Withdraw Consent: Withdraw consent where processing is based on consent

8.2 Marketing Communications

You can opt out of marketing communications at any time by clicking the "unsubscribe" link in our emails or by contacting us. Note that you may still receive transactional communications related to your account.

8.3 Account Deletion

You can request deletion of your account by contacting us at privacy@vivastaff.ai. We will process your request within 30 days.

8.4 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@vivastaff.ai. We may need to verify your identity before processing your request.

9. Cookies and Tracking Technologies

9.1 Types of Cookies We Use

  • Essential Cookies: Required for the Services to function (authentication, security)
  • Analytics Cookies: Help us understand how visitors interact with our Services
  • Functional Cookies: Remember your preferences and settings

9.2 Third-Party Analytics

We use PostHog for product analytics, which may set cookies to:

  • Track page views and user sessions
  • Analyze feature usage and user flows
  • Identify and fix issues in our Services

9.3 Managing Cookies

You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of our Services.

10. Regional Privacy Rights

10.1 European Economic Area (GDPR)

If you are located in the EEA, UK, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

  • Right to lodge a complaint with your local data protection authority
  • Right to data portability
  • Right to object to automated decision-making

Legal Basis for Processing: We process your data based on: (a) your consent, (b) performance of a contract, (c) compliance with legal obligations, or (d) our legitimate interests.

10.2 California Residents (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: Request information about the categories and specific pieces of personal information we collect
  • Right to Delete: Request deletion of your personal information (with certain exceptions)
  • Right to Opt-Out: Opt out of the sale of personal information (we do not sell personal information)
  • Right to Non-Discrimination: Not receive discriminatory treatment for exercising your rights

To exercise your CCPA rights, contact us at privacy@vivastaff.ai or call us at the number provided in Section 14.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from your country's laws.

We implement appropriate safeguards for international transfers, including:

  • Standard contractual clauses approved by the European Commission
  • Working with service providers who maintain adequate data protection measures
  • Ensuring transfers comply with applicable data protection laws

12. Children's Privacy

Our Services are not directed to children under the age of 18. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will promptly delete that information.

If you believe we have collected information from a child under 18, please contact us immediately at privacy@vivastaff.ai.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the updated Privacy Policy on our website with a new "Last Updated" date
  • Sending you an email notification for significant changes
  • Displaying a prominent notice on our Services

Your continued use of our Services after the changes take effect constitutes your acceptance of the revised Privacy Policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

VivaStaff, Inc.

Privacy Inquiries: privacy@vivastaff.ai

General Inquiries: hello@vivastaff.ai

We will respond to your inquiry within 30 days.