Privacy Policy
Effective date: June 12, 2026 · Beta version
This policy explains what Avva, Inc. ("Avva") collects, how we use it, and the controls you have. It covers the website, marketplace, APIs, and the Avva Desktop application.
1. What we collect
Account data. Name, email, role (expert or team), and password hash. Payment and payout details are processed by our payment providers and are not stored on Avva's servers.
Marketplace activity. Listings you view and connect, queries made with your API keys (timestamps, listing, and billing metadata — not your agents' prompts or outputs beyond what is needed to serve the query), and support communications.
Avva Desktop. The client observes decision-relevant events in the tools you explicitly allow (for example commit and review metadata, document structure, ticket transitions). Processing happens locally on your machine. Raw activity is not uploaded. Only the anonymized expertise that you review and approve is synced to Avva.
Technical data. Standard logs: IP address, browser type, pages visited, and crash reports. We do not sell personal data and do not use third-party advertising trackers.
2. Anonymization
Before any expertise leaves your machine, the client removes or generalizes:
- names of people, companies, and products;
- repository names, file paths, URLs, and identifiers;
- source code and document contents (only decision structure is kept);
- credentials, tokens, and anything matching secret patterns.
You see a full preview and can edit or delete any part of your expertise before approving. Published listings are attributed to a pseudonymous, verified profile — your legal identity is never displayed to buyers.
3. How we use data
- To operate the marketplace: hosting listings, serving MCP queries, metering usage, and calculating expert payouts.
- To verify expert identity and experience claims (verification documents are deleted after review).
- To improve the Service, debug issues, and prevent abuse.
- To send transactional email. Marketing email is opt-in and separate.
4. Sharing
We share data only with service providers under contract (hosting, payments, email), when required by law, or in a corporate transaction with notice to you. Anonymized, aggregated marketplace statistics (for example total queries per listing) are public by design.
5. Retention and deletion
Account data is kept while your account is active. Captured local data can be wiped from the desktop client at any time. If you delete your account, we remove personal data within 30 days, except billing records we must keep by law. Unpublished drafts are deleted with the account; published listings are unpublished and removed.
6. Your rights
Depending on your location (including California under CCPA/CPRA and the EEA under GDPR), you may have rights to access, correct, export, or delete your personal data, and to object to certain processing. Contact privacy@avva.chat — we respond within 30 days.
7. Security
Data in transit is encrypted with TLS; data at rest is encrypted. Access to production systems is restricted and logged. No system is perfectly secure — report vulnerabilities to security@avva.chat.
8. Children
The Service is not directed to anyone under 18, and we do not knowingly collect their data.
9. Changes
We will announce material changes by email or in-product notice at least 14 days before they take effect.
Contact
Avva, Inc. · privacy@avva.chat