Privacy Policy

Effective date: May 10, 2025

1. Introduction

Vilva.ai ("Vilva," "we," "our," or "us") provides an AI-powered knowledge-management platform that helps you create, organize, visualize, and enhance creative ideas and content through interconnected graphs, AI generation, and intelligent agents. Protecting your privacy is important to us. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you access or use the Service, including web applications, mobile apps, APIs, and related services.

By using the Service, you consent to the practices described below. If you do not agree, please do not use the Service. This Privacy Policy may be updated at any time, and your continued use indicates acceptance of updates.

IMPORTANT: The Service involves transmission of your content to third-party AI model providers (OpenAI, Anthropic, Google, Grok, etc.) to generate images, videos, text, and other creative outputs. By using AI features, you acknowledge and consent to this data transmission.

2. Information We Collect

CategoryExamplesPurpose
Information you provideAccount data (name, email), profile photo, workspace names, nodes, links, files, images, videos, AI generation prompts, chat messages, creative assetsTo create and maintain your account, provide core features, generate creative content via AI, and personalize your experience
AI Generation DataImage prompts, video prompts, reference images, uploaded files used as inputs to AI models, generation parametersTransmitted to third-party AI providers to generate images, videos, and creative content. Retention by AI providers is governed by their privacy policies
Automatically collectedDevice identifiers, IP address, browser type, referring URLs, crash logs, usage metrics, generation history, cookies, local storage, session tokensTo operate the Service, ensure security, detect abuse, optimize performance, and track AI usage for billing
Third‑party sourcesOAuth identity providers (Google, GitHub), payment processors (Stripe), AI model providers, analytics servicesTo authenticate you, process payments, facilitate AI generation, and measure service adoption

Sensitive data – We do not knowingly collect sensitive personal data (e.g., health, biometric, or children's data) unless you voluntarily include it in content or prompts you provide. If you upload sensitive data, you are responsible for ensuring compliance with applicable laws. Some sensitive data may be transmitted to AI model providers if included in your prompts or files used for generation.

Creative Content & Generated Assets – The Service stores your creative inputs (prompts, reference images, videos, text) and any AI-generated outputs (generated images, videos, enhanced content). These assets are retained in your account for your use, portfolio, and history purposes. You own all generated content and may use it according to your plan's commercial license. Generated images and videos may be temporarily stored by AI providers for quality assurance or abuse prevention (see their privacy policies).

3. How We Use Information

We use the information we collect to:

  • Provide and improve the Service. We use your data to deliver core features (workspaces, AI generation, chat, visualization), troubleshoot issues, optimize performance, and develop new capabilities. We do not use your User Content or personal data to train our proprietary AI models unless you provide explicit, separate opt-in consent;
  • AI Generation. To generate images, videos, and creative content, we transmit your prompts, reference materials, and inputs to third-party AI model providers. These providers may retain your data according to their privacy policies;
  • Authenticate and secure accounts. We use authentication data to verify your identity, prevent unauthorized access, and secure your workspace;
  • Process transactions & billing. We collect and use billing data to process payments, track AI credit usage, send invoices and receipts, and manage subscriptions;
  • Abuse prevention & safety. We monitor for fraud, unauthorized access, terms violations, and misuse of AI features. This may involve analyzing usage patterns and generated content for compliance with our acceptable-use policy;
  • Customer support. We use your data to respond to support requests, troubleshoot issues, and provide technical assistance;
  • Analytics & improvement. We conduct aggregated, anonymized analysis of usage trends, feature adoption, and service performance to enhance the platform. This may include AI-generated content trends without identifying individuals;
  • Communications. We send administrative emails (account confirmations, billing alerts, security notices) and, with your consent, marketing communications about new features and offerings;
  • Legal compliance. We use and disclose data as required by law, court order, subpoena, or government request, or to protect the rights and safety of Vilva, our users, and the public.

4. Legal Bases for Processing (EEA/UK Users)

We process personal data based on: contractual necessity, legitimate interests (e.g., security, product improvement), consent (where required, such as for marketing cookies), and legal obligations.

5. Sharing & Disclosure

We do not sell your personal information to third parties for marketing or commercial purposes.

We disclose information only in the following circumstances:

  • AI Model Providers. To provide image generation, video generation, and AI chat features, we transmit your prompts, inputs, and reference materials to third-party AI providers (OpenAI, Anthropic, Google, Grok, Runway, etc.). These providers' privacy policies govern their use and retention of your data. We select providers committed to not using customer data for model training, but you should review their terms for full transparency;
  • Service providers. We share data with trusted service providers under strict confidentiality and data protection agreements, including cloud hosting (AWS, Supabase), payment processors (Stripe), analytics services (Mixpanel, Segment), and customer support platforms;
  • Legal requirements. We disclose information when required by law, court order, subpoena, warrant, or government request. We will notify you of such requests when legally permissible;
  • Safety & enforcement. We may disclose information to protect the rights, property, or safety of Vilva, our users, or the public, including preventing fraud, enforcing our Terms of Service, and investigating potential violations;
  • Corporate transactions. In connection with a merger, acquisition, bankruptcy, asset sale, or other corporate restructuring, your information may be transferred. We will notify you and provide choices where applicable;
  • Your consent. We may disclose information with your explicit consent for specific purposes you authorize.

6. Your Choices & Rights

Depending on your location, you may have rights to access, correct, delete, or port your data, object to or restrict processing, and withdraw consent. Submit requests at privacy@vilva.ai. We respond within 30 days.

7. Cookies & Similar Technologies

Vilva uses first‑party and third‑party cookies, local storage, and similar technologies for session management, preferences, analytics, and marketing. You can control cookies through browser settings. Disabling cookies may limit functionality.

8. Data Retention

Account Data. We retain your account information (name, email, profile data) for as long as your account is active and for a reasonable period afterward to comply with legal obligations and support customer inquiries.

Workspace & Creative Content. Your workspaces, nodes, links, files, prompts, and generated content are retained while your account is active. Upon account deletion, content is marked for deletion and removed from our active systems within 30 days, but may remain in backups for up to 90 days for disaster-recovery purposes.

AI Generation History. Records of your AI generation requests (prompts, parameters, generated content metadata) are retained for billing and usage analytics purposes. The actual generated images and videos are retained in your workspace unless you delete them.

Third-Party Retention. AI model providers may retain your prompts and generated content according to their privacy policies. We recommend reviewing their terms if you have concerns about data retention by those providers.

Logs & Backups. We retain server logs, crash logs, and backup copies for up to 90 days after deletion for security, troubleshooting, and disaster-recovery purposes, unless required by law to retain longer.

9. Security

We implement industry‑standard administrative, technical, and organizational safeguards, including encryption in transit (TLS 1.2+), encryption at rest, least‑privilege access controls, routine penetration testing, and incident‑response procedures.

10. International Transfers

We are based in the United States. If you access the Service from outside the U.S., you consent to transferring, storing, and processing your information in the U.S. and other jurisdictions. We rely on Standard Contractual Clauses or equivalent safeguards for cross‑border data transfers where required.

11. Children's Privacy

Vilva is not directed to children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, contact us so we can delete it.

12. Third‑Party Services & AI Providers

The Service integrates and links to third-party services and APIs not operated by Vilva, including:

  • AI Model Providers: OpenAI (GPT-4o, GPT-5), Anthropic (Claude), Google (Gemini, Veo, Seedream), Grok (xAI), Midjourney, fal.ai (Flux, ElevenLabs), Kling AI, Suno (music generation), and others. We transmit your prompts and inputs to these providers to generate content. Each has its own privacy policy and data handling practices;
  • Cloud & Infrastructure: AWS, Supabase, and other hosting providers that store your data;
  • Payment & Analytics: Stripe, Mixpanel, Segment, and similar third-party services;
  • Authentication: Google OAuth, GitHub OAuth, and other identity providers.

Vilva does not control and is not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies and terms of service, especially for AI model providers that process your creative inputs and generated content.

13. Changes to This Privacy Policy & Data Handling Practices

Policy Updates. We may update this Privacy Policy at any time to reflect changes in our data handling practices, new features, regulatory requirements, or other factors. We will post the revised policy with an updated "Effective date" on this page. Material changes will be communicated via email or prominent in-app notice.

Flexibility for Operational Changes. As Vilva evolves, we may:

  • Switch to different cloud providers, AI model providers, or analytics services;
  • Implement new security, encryption, or data-handling technologies;
  • Modify how we collect, store, process, or retain data to improve performance, security, or compliance;
  • Change which third parties we partner with for specific services;
  • Adjust data retention periods, backup practices, or disaster-recovery procedures;
  • Migrate data between systems or consolidate databases for operational efficiency.

Such operational changes will be communicated when material and legally required, but your continued use of the Service indicates acceptance of how we collect and manage your data.

Your Responsibility. It is your responsibility to review this Privacy Policy periodically. Significant changes will be announced, but you should check the "Effective date" to stay informed.

14. Contact Us

Questions or concerns? Email privacy@vilva.ai or write to: Vilva, Inc., 1412, W Chase Ave, 403, Chicago, IL 60626, USA.