Privacy Policy

Skyriven ("We," "Us," or "Our") is committed to protecting Your privacy. This Privacy Policy explains how We collect, use, disclose, and safeguard Your information when You visit Our website (skyriven.ai) or use Our services.

By using Our website or services, You agree to the collection and use of information as described in this policy. If You do not agree, please do not use Our website or services.

We do not sell Your personal information.

2.1 Information You Provide

• Contact information: Name, email address, and company name when You submit Our contact form or subscribe to Our services
• Communications: Messages sent via the contact form, live chat (Crisp), Slack, email, or video calls
• Subscription data: Plan selection and billing information (payment details are processed securely by Stripe — We do not store Your complete credit card information)
• Project materials: Code, documents, or other materials You share during advisory sessions

2.2 Information Collected Automatically

• Usage data: Pages visited, time spent on pages, and interactions with the website
• Device information: Browser type and version, operating system, and screen resolution
• Log data: IP address (anonymized where possible), referring URL, and access timestamps

2.3 Cookies

Our analytics provider (Plausible) is fully cookieless and does not track visitors across websites. Our live chat provider (Crisp) sets session cookies to maintain chat continuity and remember Your conversation history. Other third-party services We use — such as Formspree — may set their own cookies when You interact with Our website. See Section 5 for details on these services. You can manage cookies through Your browser settings.

Our website does not respond to "Do Not Track" (DNT) browser signals, as no accepted standard for DNT exists. Our use of Plausible Analytics inherently respects user privacy without requiring DNT signals, as it does not track individuals.

We use Your information to:

• Provide, maintain, and improve Our advisory services
• Respond to Your inquiries and support requests
• Communicate with You about Your subscription, appointments, and service updates
• Process payments and manage Your account
• Send occasional updates about Our services (You can opt out at any time)
• Analyze website usage to improve the experience
• Detect and prevent security threats
• Comply with legal obligations

We do not:

• Sell, rent, or share Your personal information with third parties for marketing purposes
• Use Your project materials for any purpose other than serving You
• Retain Your data longer than necessary for the purposes described in this policy

We implement reasonable administrative, technical, and physical safeguards to protect Your information, including:

• Encryption in transit: All data transmitted to and from Our website is encrypted via HTTPS/TLS
• Secure hosting: Our website is hosted on Render with servers located in the United States
• Limited access: Access to personal information is restricted to authorized personnel only

No method of transmission over the internet or method of electronic storage is 100% secure. While We strive to use commercially reasonable means to protect Your information, We cannot guarantee its absolute security.

We use trusted third-party services to operate Our website and deliver Our services. Each has its own privacy policy governing how they handle Your data.

We retain Your information only as long as necessary for the purposes described in this policy:

• Active client relationships: For the duration of Your engagement with Us
• Contact form inquiries: Up to 1 year if no engagement is established
• Website logs: 90 days for security and troubleshooting purposes
• Analytics data: Retained in anonymized/aggregated form indefinitely
• Payment records: Up to 7 years as required for tax and accounting obligations

When data is no longer needed, it is securely deleted or anonymized.

7.1 Applications

We use AI tools to assist in the delivery of Our advisory services, including but not limited to:

• Code generation, review, and debugging
• Strategic analysis and research
• Document and deliverable drafting
• Workflow automation design
• AI tool evaluation and testing

AI is an assistive tool in Our practice. It does not replace human judgment, and it does not make automated decisions affecting Your account or services.

7.2 Safeguards

• We use enterprise-grade AI services with contractual data protection commitments
• All AI-generated outputs are subject to human oversight and review before delivery
• Your data is used only for the specific task You have requested
• Your materials are not used to train AI models

7.3 Confidentiality

Confidential client information is not input into AI tools that train on user input, share data with third parties, or lack enterprise-grade security and confidentiality protections. We select AI platforms that contractually commit to not using client data for model training or improvement.

7.4 Caution Regarding Public AI Tools

We strongly advise exercising caution when discussing sensitive legal, business, personal, or confidential matters with public or consumer-grade AI tools (such as free-tier chatbots and general-purpose AI assistants). Communications with such platforms do not carry an expectation of privacy and may waive any legal privilege — including attorney-client privilege, work product protection, or trade secret status — that might otherwise attach to the information disclosed. These services may use Your input to train models, may not offer confidentiality protections, and may retain Your data indefinitely. When We use AI in the delivery of Our services, We select enterprise-grade platforms with contractual data protection commitments specifically to mitigate these risks.

7.5 Future AI Features

If We introduce new AI-powered features in the future, We will update this Privacy Policy with clear disclosure of how those features operate and how Your data is used.

Our website and services are not directed at individuals under 18 years of age. We do not knowingly collect personal information from minors. If You believe that a minor has provided Us with personal information, please contact Us at marc@skyriven.ai and We will promptly delete that information.

Depending on Your location, You may have the right to:

• Access the personal information We hold about You
• Request correction of inaccurate information
• Request deletion of Your information (subject to legal retention requirements)
• Opt out of marketing communications at any time
• Request a copy of Your data in a portable format
• Object to or restrict certain types of processing

To exercise any of these rights, please contact Us at marc@skyriven.ai.

If You are a California resident, You have the following rights under the California Consumer Privacy Act and the California Privacy Rights Act:

• Right to Know: Request the categories and specific pieces of personal information We have collected about You, the sources, business purposes, and third-party recipients
• Right to Delete: Request deletion of Your personal information, subject to certain exceptions (e.g., completing a transaction, legal obligations)
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out of Sale/Sharing: We do not sell or share Your personal information for cross-context behavioral advertising
• Right to Non-Discrimination: We will not discriminate against You for exercising Your privacy rights

Categories Collected (Past 12 Months)

• Identifiers: Name, email address, company name
• Internet activity: Browsing history, website interactions
• Professional information: Company name, role (if provided)

How to Exercise Your Rights

Email marc@skyriven.ai with the subject line "California Privacy Request." We may need to verify Your identity before processing Your request. We will respond within 45 days.

Residents of states with comprehensive privacy laws — including Virginia, Colorado, Connecticut, and Utah — may have additional rights, including:

• Access to personal data
• Deletion of personal data
• Correction of inaccurate data
• Data portability
• Opt-out of targeted advertising (We do not engage in targeted advertising)
• Opt-out of the sale of personal data (We do not sell personal data)

To exercise Your rights, email marc@skyriven.ai. If Your request is denied, You may appeal by emailing with the subject line "Privacy Appeal."

If You are located in the European Economic Area (EEA), United Kingdom, or Switzerland, You have rights under the General Data Protection Regulation (GDPR) and equivalent legislation.

Legal Bases for Processing

• Consent: When You submit a contact form or opt into communications
• Legitimate interests: Website analytics, service improvement, and security
• Contract performance: Providing advisory services under a subscription agreement
• Legal obligation: Regulatory compliance

Your Rights Under GDPR

• Right of Access: Request a copy of Your personal data
• Right to Rectification: Correct inaccurate personal data
• Right to Erasure: Request deletion ("right to be forgotten")
• Right to Restrict Processing: Limit how We use Your data
• Right to Data Portability: Receive Your data in a machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw previously given consent at any time
• Right to Lodge a Complaint: File a complaint with Your local data protection supervisory authority

International Data Transfers

Our data processing occurs in the United States, where data protection laws may differ from those in Your country. By submitting Your information to Us, You consent to this transfer. Where applicable, We rely on service providers that maintain EU-U.S. Data Privacy Framework certification or Standard Contractual Clauses to safeguard transferred data.

How to Exercise Your Rights

Email marc@skyriven.ai with the subject line "GDPR Request." We will respond within 30 days.

In the event of a data breach that compromises Your personal information, We will:

• Notify affected users via email within 72 hours after confirming the breach, consistent with GDPR Article 33
• Disclose the nature and scope of the breach, the types of personal data affected, the steps We have taken to mitigate the breach, and recommended actions You can take to protect Yourself
• Notify regulatory authorities as required by applicable law, including data protection supervisory authorities where the breach poses a risk to individuals' rights and freedoms

Our website may contain links to third-party websites or services that are not owned or controlled by Us. We are not responsible for the privacy practices of those third parties. We encourage You to review the privacy policies of any third-party sites You visit.

We may update this Privacy Policy from time to time. When We make changes:

• The updated policy will be posted on this page
• The "Last updated" date at the top will be revised
• For material changes, We will notify You via email

Your continued use of Our website or services after any changes constitutes acceptance of the updated policy.