Corvio Privacy Policy

This Privacy Policy explains how NeoFlux AI Pte. Ltd. (“NeoFlux,” “we,” “us,” or “our”) collects, uses, discloses, transfers, stores, and otherwise processes personal data in connection with the Corvio Service (the “Service”); unless otherwise defined in this Privacy Policy, capitalized terms have the meanings in the Terms of Service.

1. Scope; Roles; Controller/Processor Distinction

Depending on the context, NeoFlux may process personal data as a controller (e.g., when you create an Account, purchase a Subscription, or interact with our marketing sites) and/or as a processor (e.g., when an enterprise customer uploads content containing personal data and NeoFlux processes such data on behalf of that customer); where NeoFlux acts as a processor, the applicable Data Processing Addendum (“DPA”) governs, and the enterprise customer is the controller.

2. Categories of Personal Data We Collect

We may collect: (i) Account and identity data, such as name, username, email, phone number, and organization details; (ii) billing and transaction data, such as payment method identifiers, billing address, invoices, and tax information, noting that payment card data is typically processed by our payment service providers and not stored by us in full; (iii) usage and device data, such as IP address, device identifiers, browser type, operating system, timestamps, feature usage metrics, and diagnostic logs; (iv) support and communications data, such as messages sent to support, feedback, and survey responses; (v) Content data to the extent it includes personal data, including personal data contained in documents, prompts, notes, messages, or attachments you upload; and (vi) security and compliance data, such as authentication logs, access records, and abuse signals.

3. Sources of Personal Data

We collect personal data directly from you, from your organization (if you are an authorized user under an enterprise account), from your devices and browsers via cookies and similar technologies, from integrations you enable, and from service providers that help us operate the Service.

4. Purposes of Processing and Legal Bases (Where Applicable)

We process personal data to provide and operate the Service, including account creation, authentication, hosting content, generating Output, providing search/retrieval, enabling collaboration, and delivering customer support; to administer subscriptions, billing, and payments; to secure the Service, prevent fraud, detect abuse, and enforce policies; to improve and develop the Service, including debugging and performance monitoring; to communicate with you about the Service, including transactional notices, security alerts, and updates; and to comply with legal obligations and protect rights; where applicable law requires a legal basis, we rely on one or more of contract necessity, legitimate interests (e.g., service security and improvement), consent (e.g., marketing communications where required), and legal obligation.

5. AI and Content Processing; Training Practices

The Service may process Content, including personal data contained in Content, to provide AI-enabled features; for consumer/self-serve accounts, we may use limited data and signals to improve quality and safety as described in our Terms, whereas for enterprise subscriptions, we will not use Customer Content to train general-purpose models unless explicitly agreed in writing; we may always use de-identified and aggregated Service Analytics that does not reasonably identify individuals to operate and improve the Service.

6. Disclosure of Personal Data; Categories of Recipients

We may disclose personal data to: (i) service providers and subprocessors who assist with hosting, analytics, customer support, payment processing, and security; (ii) your organization’s administrators if you are a user under an enterprise account; (iii) third-party integrations you enable, at your direction; (iv) professional advisers such as lawyers, auditors, and insurers; and (v) governmental authorities where required by law or to protect rights and safety; we do not sell personal data in the ordinary meaning of “sell” under common privacy statutes.

7. International Transfers

Because we operate globally, personal data may be transferred to and processed in countries other than your country of residence; where required, we implement appropriate safeguards, which may include contractual protections, such as standard contractual clauses, and measures designed to protect data in transit and at rest.

8. Data Retention

We retain personal data for as long as necessary to provide the Service, to fulfill the purposes described herein, to comply with legal obligations, to resolve disputes, and to enforce agreements; retention periods vary by data type and context, and we may retain certain logs and backups for a limited period even after deletion requests, consistent with security and operational needs.

9. Security

We maintain reasonable administrative, technical, and organizational measures designed to protect personal data; however, no method of transmission or storage is fully secure, and we cannot guarantee absolute security.

10. Your Rights and Choices

Subject to applicable law, you may have rights to access, correct, delete, or port your personal data, to withdraw consent (where processing is based on consent), and to object to certain processing; if you are an authorized user under an enterprise account, you should direct requests to your organization’s administrator, and we will assist the controller as required; you may manage certain settings within the Service, including optional controls related to data usage if offered.

11. Cookies and Similar Technologies

We use cookies and similar technologies to operate the Service, remember preferences, measure performance, and improve user experience; you can control cookies through browser settings, though disabling cookies may affect functionality; further details may be provided in our Cookie Notice.

12. Children

The Service is not directed to children under 13 (or the age defined by local law), and we do not knowingly collect personal data from such children.

13. Updates

We may update this Privacy Policy from time to time by posting a revised version and updating the “Last Updated” date.

14. Contact

For privacy inquiries, contact: privacy@corvio.ai; for legal notices: legal@corvio.ai; postal address: 68 CIRCULAR ROAD, #02-01, SINGAPORE 049422.