Privacy Policy

The Kadriva VisibilityOS platform and related websites, dashboards, APIs, and hosted pages (the “Service”) are operated by Cleventics Ltd, a company registered in England and Wales with its registered office at Iris Crescent, Seacroft, Leeds, United Kingdom, trading as “Kadriva” (“Kadriva”, “Cleventics”, “we”, “us”, “our”). This Privacy Policy explains how we collect, use, share, and protect personal data when you use the Service or visit our websites.

For the purposes of the EU/UK GDPR, Cleventics Ltd is the data controller for personal data we collect about you as a website visitor or account holder, and the data processor for personal data you submit to the Service about your end users or contacts.

2.1 Account & identity data

• Name, email address, password (hashed), and profile information you provide.
• Workspace and brand details (company name, website URL, region, categories, products).
• Authentication metadata (sign-in timestamps, device, IP address).

2.2 Billing data

• Billing name, address, VAT/tax identifiers, plan tier, and transaction history.
• Payment card details are collected and stored by our payment processor (e.g. Paddle or Stripe). We do not store full card numbers on our servers.

2.3 Usage & technical data

• Pages visited, features used, clicks, search queries, timestamps, referrers.
• Device and browser information, operating system, language, IP address, approximate location.
• Diagnostic data such as logs, crash reports, and performance traces.

2.4 Customer Data you submit

• Website content, keywords, briefs, generated pages, AI prompts and outputs.
• Analytics imported from connected services (e.g. Search Console, Google Analytics).
• Any personal data contained within content you submit (you remain responsible for it).

2.5 Cookies and similar technologies

We use first- and third-party cookies and similar technologies for authentication, security, preferences, analytics, and (where consented) marketing. You can control cookies in your browser; disabling certain cookies may degrade functionality.

• Provide the Service: create and manage accounts, process subscriptions, deliver AI features, host published pages, and operate integrations.
• Improve the Service: analyse usage, debug issues, and develop new features (using aggregated or de-identified data wherever possible).
• Communicate: send transactional emails (receipts, alerts, security notices) and, with consent, marketing communications you can opt out of at any time.
• Security & fraud prevention: detect, prevent, and respond to abuse, fraud, and security incidents.
• Legal compliance: comply with applicable laws, respond to lawful requests, and enforce our Terms.

We do not use Customer Data to train foundation AI models. AI providers we use process prompts only to return responses and are contractually prohibited from using your data to train their models.

• Contract: to provide the Service you have requested.
• Legitimate interests: to operate, secure, and improve the Service, and for direct marketing to existing customers.
• Consent: for non-essential cookies, marketing emails to prospects, and certain optional features.
• Legal obligation: tax, accounting, and regulatory compliance.

We share personal data only with:

• Sub-processors that help us operate the Service (see section 6).
• Payment processors to take payment (Paddle, Stripe, or similar).
• Professional advisers such as lawyers, auditors, and insurers under confidentiality obligations.
• Authorities when required by law, court order, or to protect rights, safety, or property.
• Successors in connection with a merger, acquisition, financing, or sale of assets, subject to standard confidentiality and continuity protections.

We do not sell personal data.

We engage the following categories of sub-processors. The current list is available on request from privacy@kadriva.com.

• Hosting & infrastructure: Cloudflare and managed cloud database providers.
• AI providers: OpenAI, Google (Gemini), xAI, and similar model providers accessed via a managed AI gateway.
• Payments: Paddle and/or Stripe.
• Email delivery: Transactional email providers (e.g. Resend).
• Analytics & error monitoring: Privacy-respecting analytics and error reporting tools.

We sign data processing agreements with each sub-processor and impose appropriate security and confidentiality obligations.

Personal data may be processed in countries outside your own, including the United States and United Kingdom. Where required, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses, the UK Addendum, or equivalent mechanisms.

We retain personal data only for as long as necessary to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. When you delete your account, we will delete or anonymise Customer Data within 90 days, except where retention is required for legal or accounting purposes (typically up to 7 years for billing records).

Depending on your location, you may have the right to:

• access the personal data we hold about you;
• request correction of inaccurate data;
• request deletion of your data (“right to be forgotten”);
• restrict or object to certain processing;
• receive your data in a portable format;
• withdraw consent at any time (without affecting prior processing);
• lodge a complaint with your local data protection authority.

California residents have additional rights under the CCPA/CPRA, including the right to know, the right to delete, the right to correct, the right to opt out of “sharing” for cross-context behavioural advertising, and the right not to be discriminated against for exercising those rights.

To exercise any right, email privacy@kadriva.com. We will respond within the timeframes required by applicable law.

We implement administrative, technical, and physical safeguards designed to protect personal data, including encryption in transit (TLS), encryption at rest, access controls, least-privilege permissions, audit logging, and regular security reviews. No system is perfectly secure, and we cannot guarantee absolute security.

If we become aware of a personal data breach affecting your data, we will notify you and the relevant authorities as required by law.

The Service is not directed to children under 16 and we do not knowingly collect personal data from children. If you believe we have collected such data, please contact us and we will delete it.

The Service uses AI to generate suggestions, briefs, and content. These outputs are not used to make decisions that produce legal or similarly significant effects on you without human review. You are always in control of whether to publish or act on AI-generated outputs.

We may update this Privacy Policy from time to time. Material changes will be communicated by email or in-product notice. The “Last updated” date at the top of this page reflects the latest revision.

Privacy questions, rights requests, or complaints? Contact our team at privacy@kadriva.com or write to our data controller: