Privacy policy
Last updated: 2026-05-04 (draft)
DRAFT — pending legal review
This document is a working draft generated as part of the Pratvi AI platform build-out. It has not yet been reviewed by legal counsel and must not be relied upon. The final, legally-reviewed version will replace this document before any public-facing rollout. If you are reviewing this internally and have edits, contact legal@pratvi.ai.
1. Who we are
Pratvi AI LLC, a Delaware limited liability company doing business as "Pratvi AI" ("Pratvi", "we", "us"), operates the website pratvi.ai and the application at pratvi.ai/app.
2. Information we collect
We collect three categories of information:
- Information you provide directly: name, work email, company, role, industry, and free-text messages submitted through our contact form or other forms on this site.
- Information collected automatically: IP address, browser type, device characteristics, pages visited, referring URL, and timestamps. We use minimal cookies for essential site functionality and aggregated analytics. See our Cookie Policy for details.
- Customer Data (application only): if you become a Pratvi customer, the AI model metadata, audit log entries, and other information you submit to the platform are governed by your customer agreement (BAA, DPA, or SPA as applicable), not by this privacy policy.
3. How we use information
- To respond to inquiries and provide requested information
- To authenticate users and operate the application
- To improve the website and platform
- To comply with legal obligations
We do not sell your personal information. We do not share contact-form submissions with third-party marketing services.
4. Legal bases (GDPR / UK GDPR)
For visitors in the EU, EEA, UK, or Switzerland, our legal bases are:
- Consent (Art. 6(1)(a)): for non-essential cookies and contact-form submissions
- Performance of contract (Art. 6(1)(b)): for customer accounts and platform usage
- Legitimate interests (Art. 6(1)(f)): for site security, fraud prevention, and aggregate analytics
- Legal obligation (Art. 6(1)(c)): for retention required by law or regulation
5. Sub-processors
We use vetted sub-processors to operate the website and platform. The current sub-processor list is published at /legal/subprocessors. We update this list when adding or removing sub-processors and notify customers per applicable customer-agreement timelines.
6. Your rights
Depending on your jurisdiction, you may have rights to access, correct, delete, restrict, or port your personal information; to object to processing; or to withdraw consent. Submit requests to legal@pratvi.ai. We respond within 30 days (GDPR), 45 days (CCPA), or the period required by your local law.
7. International transfers
Pratvi is established in the United States. Where we transfer Personal Data of EU/UK/Swiss data subjects, we rely on Standard Contractual Clauses (Module Two) and the UK Addendum, plus any additional safeguards required under Schrems II.
8. Retention
Contact-form submissions: retained for 24 months from last contact. Application data: per the customer agreement and applicable regulatory retention rules (HIPAA 6 years, SR 11-7 7 years, ECOA 25 months, etc.). Server logs: 90 days.
9. Security
See our Trust Center for full details. Briefly: AES-256-GCM encryption at rest, TLS 1.3 in transit, MFA supported with org-wide enforcement controls, hash-chained audit trails.
10. Children
The Pratvi AI service is intended for use by enterprise customers and is not directed at children under 16. We do not knowingly collect information from children.
11. Changes
We update this policy as our practices and the law evolve. Material changes are notified by email to active customers and posted on this page with a revised "Last updated" date.
12. Contact
Privacy questions, requests, or complaints: legal@pratvi.ai. If you are in the EU and unsatisfied with our response, you may lodge a complaint with your local supervisory authority.