Privacy Policy

This policy describes how Profiva, Inc. (“Profiva,” “we,” “our”) handles personal information in connection with the Profiva marketplace, available at profiva.com and through related APIs.

Account data. When you create an account, we collect your name, email address, and a hashed password. If you sign up as a Seller, we also collect an organization name and, via our Stripe Connect integration, identity and bank information necessary for payouts.

Purchase data. We record the datasets you license and the subscription status of each license. Payment card details are never stored by Profiva — they are tokenized and stored by Stripe.

Usage data. We automatically collect information such as device, browser, IP address, pages visited, and timestamps. We use this both for product analytics and for security-related features like rate limiting and fraud prevention.

Dataset content. Datasets that Sellers upload are stored in encrypted object storage. Metadata such as field names, sample rows, and bounding geometry may be exposed to Buyers on listing pages to help them evaluate fit.

We use collected information to:

• operate, maintain, and secure the Services;
• process transactions and remit payouts to Sellers;
• communicate transactional emails (receipts, renewal reminders, password resets);
• detect, prevent, and respond to fraud, abuse, and security incidents;
• comply with legal obligations, including tax reporting;
• improve the Services based on aggregated product analytics.

We do not sell your personal information. We do not use your data to train foundation models or share it with advertisers.

We share limited information with the following processors:

• Stripe — payment processing and Connect payouts.
• Resend — transactional email delivery.
• Amazon Web Services (or equivalent) — application hosting.
• Cloudflare R2 — dataset object storage.
• Sentry — error monitoring.

Each processor is bound by a data-processing agreement or equivalent contractual safeguards.

We retain account data for as long as your account is active, and for a reasonable period afterward to satisfy legal, tax, and audit requirements. Purchase records are retained for at least seven years for tax purposes. You can request deletion of your account by emailing privacy@profiva.com; we will remove personal data except where retention is legally required.

We protect data with encryption in transit (TLS), encryption at rest for object storage, hashed and salted passwords, server-side rate limits on authentication endpoints, role-based access controls for administrators, and centralized logging with alerting on anomalies. No system is perfect — if you discover a vulnerability, please report it to security@profiva.com.

Depending on your jurisdiction, you may have the right to access, correct, export, or delete your personal information; to object to or restrict certain processing; and to lodge a complaint with your data protection authority. To exercise any of these rights, email privacy@profiva.com.

Profiva is based in the United States. If you access the Services from outside the U.S., your information will be transferred to and processed in the U.S. We rely on standard contractual clauses where required to provide appropriate safeguards for such transfers.

The Services are not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with information, contact us and we will delete it.

We may update this policy. Material changes will be posted in the Services or emailed to you before they take effect.

Privacy questions: privacy@profiva.com · Security issues: security@profiva.com