Senova
Back to home
Legal

Privacy Policy

Last updated: July 1, 2026

This Privacy Policy explains how Senova ("Senova," "we," "us," or "our") collects, uses, shares, and protects personal data when you use the Senova application builder and website at senova-web.fly.dev (the "Service"). It applies to visitors, account holders, and end users whose data flows through the Service. We aim to comply with the EU/UK General Data Protection Regulation (GDPR) and the California Consumer Privacy Act as amended (CCPA/CPRA).

1. Who We Are (Data Controller)

Senova is the data controller for personal data we process about you as a Senova account holder. Where you use Senova to build applications that collect data from your own end users, you are the controller of that end-user data and Senova acts as your processor. See Section 8.

2. Information We Collect

  • Account information: your name, email address, password (hashed), and organization name.
  • Content you provide: the prompts you submit, files you upload, and the projects and code you generate.
  • Billing information: plan, subscription status, and the last four digits and card metadata provided by our payment processor. We do not store full card numbers.
  • Usage data: features used, actions taken, credits consumed, and interaction patterns used to operate and improve the Service.
  • Technical data: IP address, browser and device type, and log data collected for security, performance, and abuse prevention.

3. How We Use Your Information

  • To provide, maintain, secure, and improve the Service, including generating application code from your prompts.
  • To process payments, manage subscriptions, and track credit usage.
  • To communicate with you about your account, security, and service updates.
  • To detect, investigate, and prevent fraud, abuse, and security incidents.
  • To comply with legal obligations and enforce our Terms of Service and Acceptable Use Policy.

Legal bases (GDPR): we rely on performance of our contract with you (to provide the Service), our legitimate interests (to secure and improve the Service and prevent abuse), your consent where required, and compliance with legal obligations.

4. AI Processing of Your Prompts

To generate code and other output, the prompts and relevant project context you submit are sent to third-party AI model providers (see Section 6). We instruct these providers to process your content only to return output to Senova and, under our agreements with them, not to use your content to train their foundation models. We do not sell your prompts, and we do not use your private project content to train models offered to other customers.

Depending on availability, your prompts may be processed by any of the AI providers listed in Section 6; we route to our primary provider first and fall back to others only when it is unavailable.

5. How We Share Information

We do not sell your personal data. We share it only with the subprocessors listed below, with authorities where legally required, and in connection with a merger or acquisition (with notice). Each subprocessor is bound by contractual confidentiality and data-protection obligations.

6. Subprocessors & Third-Party Services

ProviderPurposeData shared
Anthropic (Claude)Primary AI generation (planning, code, chat)Prompts & project context
GroqAI inference fallbackPrompts & project context
OpenRouterAI inference fallback (last resort)Prompts & project context
Sakana AIAI inference for select build modesPrompts & project context
fal.ai / PollinationsAI image generation for your pagesImage descriptions derived from your project
Unsplash / PixabayStock photo search for generated pagesSearch keywords only (no account data)
GoogleOptional "Sign in with Google"; font deliveryOAuth credential; IP address & browser metadata
Fly.ioApplication hosting, databases & deploymentAccount & project data at rest
StripePayment processingBilling & contact details

Links to their privacy notices: Anthropic, Groq, OpenRouter, fal.ai, Google, Fly.io, and Stripe.

7. Data Storage, Security & Retention

Your data is stored on secure infrastructure with encryption in transit (TLS) and access controls. Project data is scoped to your account at the application layer: every record carries your tenant ID, every query filters on it, and each project's app data lives in its own isolated store. Changes to tenant data are recorded in an append-only audit log. We retain your data for as long as your account is active. When you delete your account, your personal data, projects, and associated content are permanently removed within 30 days, except where we must retain limited records to comply with law, resolve disputes, or enforce our agreements. Read more on our Security page.

8. Personal Data in Your Projects

If the applications you build with Senova collect personal data from your end users, you are the controller of that data and Senova processes it on your behalf under our Terms. You are responsible for providing your end users with an appropriate privacy notice and lawful basis. Senova provides tooling to help you honor data-subject requests.

9. Your Rights

Depending on where you live, you may have the right to:

  • Access (GDPR Art. 15): request a copy of the data we hold about you.
  • Rectification: correct inaccurate personal data from your profile settings.
  • Erasure (GDPR Art. 17): delete your account and associated data from Settings.
  • Portability: download any project's complete code as a ZIP archive or sync it to GitHub; contact [email protected] for a copy of your account data.
  • Objection / restriction: object to or restrict certain processing.
  • CCPA rights: know what we collect, request deletion, and opt out of "sale" or "sharing" — note that we do not sell your data.

To exercise any right, email [email protected]. You also have the right to lodge a complaint with your local data-protection authority.

10. Cookies

We use a single essential session cookie (senova_session) required for authentication. We do not use advertising or third-party tracking cookies. For details, see our Cookie Policy.

11. International Transfers

We and our subprocessors may process data in the United States and other countries. Where personal data is transferred out of the EEA or UK, we rely on appropriate safeguards such as Standard Contractual Clauses.

12. Children's Privacy

The Service is not directed to children under 18, and we do not knowingly collect their personal data. If you believe a child has provided us data, contact [email protected] and we will delete it.

13. Changes to This Policy

We may update this policy from time to time. We will post the updated policy with a new "Last updated" date and, for material changes, notify you by email or in-app notice.

14. Email

When you or your published apps send email through Senova (for example password resets or app notifications), we process the message content and recipient address to deliver it. Project inboxes receive email addressed to your project; inbound messages are stored with your project data and are subject to this policy.

15. Contact

For privacy questions or to exercise your rights, contact us at [email protected].

Terms of Service Privacy Policy Cookie Policy Acceptable Use DMCA Security
© 2026 Senova. All rights reserved.