Privacy Policy

Privacy Policy

Effective 5 July 2026 · Version 2026-07-05

⚖️Working draft — attorney review required. This is a plain-English draft published for transparency while our counsel completes review. It is not yet legal advice and material terms may change. Data-rights requests: [email protected].

On this page

  1. Our approach to privacy
  2. Information you provide
  3. Information collected automatically
  4. How we use information
  5. Legal bases for processing
  6. AI processing of your content
  7. Sharing and subprocessors
  8. International data transfers
  9. Data retention
  10. Security
  11. Your privacy rights
  12. Children's privacy
  13. Changes to this policy
  14. How to contact us

1. Our approach to privacy

Senova is an AI web-app builder with integrated hosting and our "Checkride" site-verification service. We designed the product to respect your privacy by default. We collect the data we need to run the service reliably and to bill accurately, and not much more.

Product analytics are off by default. We do not load third-party advertising trackers, and we do not sell your personal information or share it for cross-context behavioral advertising. Where we would like to measure how features are used to improve them, we ask for your consent first and give you a clear way to opt out at any time.

This policy explains what we collect, why we collect it, how long we keep it, who we share it with, and the rights you have over your data.

2. Information you provide

You give us information directly when you sign up and use Senova. This includes:

3. Information collected automatically

When you use Senova, some information is collected automatically so the service can function, stay secure, and be debugged:

4. How we use information

We use the information described above to:

5. Legal bases for processing

If you are in the European Economic Area, the United Kingdom, or a similar jurisdiction, we process your personal data under the following legal bases:

6. AI processing of your content

Senova is an AI builder, so the prompts and content you provide are processed by AI systems to generate output for you — code, layouts, copy, and configuration. To do this we send relevant prompts and context to AI model providers acting as our subprocessors.

We do not use your prompts or content to train third-party base models, and we contractually require our AI subprocessors not to use your content to train or improve their general-purpose models, unless you have given us explicit, separate consent. Content is processed to serve your request and to operate features you have enabled.

AI output can be inaccurate or incomplete. You are responsible for reviewing generated output before you rely on or deploy it. The AI providers we use are listed on our Subprocessors page.

On-device model. On capable devices, our First Officer assistant runs a small language model privately in your browser using WebGPU. When it does, your conversation with the assistant is processed locally on your own device and is not sent to us or to any AI provider. The model files download once from a public model host and are cached by your browser. This runs quietly in the background on supported devices; you can turn it off at any time from the assistant’s panel, in which case the assistant falls back to server-side processing (subject to the terms above) or is unavailable if no server model is configured.

7. Sharing and subprocessors

We do not sell your personal data. We share information only in the limited circumstances below:

8. International data transfers

Senova operates and uses subprocessors in multiple countries, so your data may be processed outside the country where you live, including in the United States. Where we transfer personal data from the EEA, UK, or Switzerland to a country without an adequacy decision, we rely on appropriate safeguards.

[Placeholder pending attorney review] We intend to rely on the European Commission's Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum, together with supplementary measures where needed. Final transfer mechanisms and their details will be confirmed on completion of legal review.

9. Data retention

We keep personal data while your account is active and for a limited window afterward, then delete or anonymize it, unless a longer period is required by law (for example, tax and billing records) or to resolve disputes and enforce agreements.

When you delete a project or close your account, we begin removing the associated content from active systems and purge it from backups on our normal backup rotation. The table below summarizes the main data categories, why we hold them, and how long.

Data categoryPurposeRetention
Account & profileAuthentication, workspace managementLife of account + up to 90 days after closure
Content you create (projects, prompts, deployed sites)Provide the builder, hosting, and CheckrideUntil you delete it or close your account; purged from backups on rotation (up to 35 days)
Billing & tax recordsPayment, accounting, legal complianceAs required by law, typically up to 7 years
Log & security dataSecurity, abuse prevention, debuggingTypically 30–180 days, longer for active investigations
Support communicationsRespond to and improve supportUp to 24 months after the ticket closes
Optional analytics (consent-based)Product improvementUntil consent is withdrawn, then deleted or aggregated

10. Security

We take reasonable and appropriate measures to protect your data, including encryption in transit (TLS), encryption of data at rest on our infrastructure, role-based access controls, least-privilege access for staff, audit logging, and routine patching.

To be honest with you: no system is perfectly secure, and we do not claim otherwise. We cannot guarantee absolute security, and you also play a part — use a strong, unique password, protect your credentials, and manage who you invite to your workspace. If we become aware of a breach affecting your personal data, we will notify you and the relevant authorities as required by law.

11. Your privacy rights

Depending on where you live, you may have some or all of the following rights over your personal data:

To exercise any of these rights, email [email protected]. We will verify your request and respond within the timeframe required by applicable law. Exercising your rights will not lead to discriminatory treatment.

We honor Global Privacy Control (GPC) signals as a valid opt-out for applicable sharing and optional analytics. If you are in the EEA or UK, you also have the right to lodge a complaint with your local data protection authority.

12. Children's privacy

Senova is not directed to children and is not intended for anyone under 16 (or under 18 where a higher age of digital consent applies in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact [email protected] and we will delete it.

13. Changes to this policy

We may update this policy as the product, our subprocessors, or the law changes. When we make material changes, we will update the effective date and version at the top of this page and, where appropriate, notify you in the product or by email. Your continued use of Senova after an update means you accept the revised policy.

14. How to contact us

For any privacy question or to exercise your rights, contact us at [email protected]. We will route your request to the right team and respond as promptly as we can.