Sivuno Logo
Sign Up

Privacy Policy

Effective Date: January 20, 2025

Last Updated: January 20, 2025

1. Introduction

Sivuno ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered spend classification services (the "Services"). We comply with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA/CPRA).

2. Information We Collect

2.1 Information You Provide Directly

  • Account Information: Name, email address, company name, job title, phone number
  • Payment Information: Billing address, payment card details (processed securely through our payment processors)
  • Business Data: Spend data files, supplier information, and transaction records you upload for classification
  • Communications: Support requests, feedback, and other correspondence

2.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, time spent on pages, click patterns
  • Device Information: IP address, browser type and version, operating system, device identifiers
  • Location Data: Approximate location based on IP address
  • Cookies and Similar Technologies: Session cookies, preference cookies, analytics cookies (see our Cookie Policy)

2.3 Information from Third Parties

  • Authentication Providers: If you sign in using Google or other providers
  • Analytics Services: Aggregated insights from our analytics partners
  • Business Intelligence: Publicly available business information for supplier research

3. How We Use Your Information

3.1 To Provide Our Services

  • Process and classify your spend data using AI technology
  • Research supplier information and provide strategic insights
  • Generate reports and analytics
  • Manage your account and subscriptions
  • Process payments and billing

3.2 To Improve Our Services

  • Enhance our AI classification algorithms
  • Develop new features and functionalities
  • Conduct research and analysis
  • Monitor and prevent technical issues

3.3 To Communicate With You

  • Send service updates and notifications
  • Respond to support requests
  • Provide training and onboarding materials
  • Send marketing communications (with your consent)

4. Legal Basis for Processing (GDPR)

We process personal data based on:

  • Contract Performance: To provide the Services you've requested
  • Legitimate Interests: To improve our Services, ensure security, and operate our business
  • Legal Obligations: To comply with applicable laws and regulations
  • Consent: For marketing communications and certain cookies

5. Data Sharing and Disclosure

5.1 Service Providers

We share data with carefully selected service providers who assist us in operating our Services:

  • Cloud infrastructure providers (AWS)
  • Payment processors (Stripe)
  • Analytics services (with aggregated data only)
  • Customer support tools

5.2 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

5.3 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or to protect our rights, property, or safety.

5.4 Your Consent

We may share your information for other purposes with your explicit consent.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption of data in transit and at rest
  • Regular security assessments and audits
  • Access controls and authentication requirements
  • Employee training on data protection
  • Incident response procedures

However, no method of transmission over the Internet is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security.

7. Data Retention

We retain personal data for as long as necessary to provide our Services and fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

  • Account Data: Retained while your account is active plus 30 days after deletion
  • Business Data: Retained according to your subscription terms and data retention settings
  • Analytics Data: Aggregated and anonymized after 24 months
  • Legal Records: Retained as required by applicable laws (typically 7 years)

8. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers:

  • Standard Contractual Clauses approved by the European Commission
  • Data Transfer Impact Assessments where required
  • Additional security measures for international transfers

9. Your Rights and Choices

9.1 GDPR Rights (EU/UK Residents)

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a machine-readable format
  • Objection: Object to certain processing activities
  • Automated Decision-Making: Request human review of automated decisions

9.2 CCPA/CPRA Rights (California Residents)

  • Right to Know: Information about data collection and use
  • Right to Delete: Request deletion of personal information
  • Right to Correct: Request correction of inaccurate information
  • Right to Opt-Out: Opt-out of sale or sharing of personal information
  • Right to Limit Use: Limit use of sensitive personal information
  • Non-Discrimination: Equal service regardless of exercising rights

9.3 How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@sivuno.com or through your account settings. We will respond to your request within the legally required timeframe (typically within 30 days).

10. Children's Privacy

Our Services are not directed to individuals under 16 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child, we will take steps to delete such information.

11. AI and Automated Processing

We use artificial intelligence to classify spend data and provide insights. This involves:

  • Automated categorization of transactions
  • Pattern recognition for spend analysis
  • Predictive analytics for sourcing strategies

You have the right to request human review of any automated decisions that significantly affect you. Our AI processes are designed with transparency and fairness principles.

12. Do Not Track Signals

Some browsers transmit "Do Not Track" signals. Because there is no industry standard for handling these signals, our Services do not currently respond to them. You can manage your cookie preferences through our Cookie Settings.

13. Third-Party Links

Our Services may contain links to third-party websites. We are not responsible for the privacy practices of these sites. We encourage you to review their privacy policies.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. For significant changes, we will provide additional notice via email or through the Services.

15. Contact Information

For questions about this Privacy Policy or to exercise your rights, please contact us:

  • Email: privacy@sivuno.com
  • Data Protection Officer: dpo@sivuno.com
  • Postal Address: [Company Address]

16. Supervisory Authority

EU/UK residents have the right to lodge a complaint with their local data protection authority if they believe we have not addressed their concerns adequately.

17. California Specific Disclosures

Categories of Personal Information Collected: Identifiers, commercial information, internet activity, professional information, and inferences drawn from this information.

Sources: Directly from you, automatically through your use of Services, and from third-party business partners.

Business Purposes: Providing services, improving services, security, legal compliance, and business operations.

No Sale of Personal Information: We do not sell or rent your personal information to third parties. We do not share personal information for cross-context behavioral advertising.