Last Updated: July 9, 2026
This Privacy Policy explains how Pravyaan (the "Service") collects, uses, stores, and protects information when you use our Beta platform. It should be read together with our Terms of Service.
The Service is operated by individual developers based in Australia (the "Provider," "we," "us," or "our"). By using the Service, you acknowledge the practices described in this policy.
1. Information We Collect
We collect the following categories of information:
- Account information: When you sign in, our authentication provider (Auth0) supplies identifiers such as your name, email address, and profile picture. We store this in our Supabase Postgres database to operate your user account and workspace memberships.
- Workspace content: Data you and your team create or upload in tenant workspaces—such as accounts, projects, tasks, SOWs, success plans, risks, use cases, knowledge articles, documents, comments, files, automation configurations, and workspace settings.
- Credentials you provide: AI provider API keys and optional usage-reporting keys configured in workspace settings; Pravyaan API keys you create; third-party integration credentials (stored using application-level encryption); and optional MCP tool connection settings.
- Notification data: In-app notifications, per-user notification preferences (including email and digest settings), workspace notification defaults set by administrators, and delivery logs for notification channels you enable.
- Technical and usage data: Server logs, request metadata, error reports, and similar diagnostic information needed to operate, secure, and improve the Service during the Beta phase.
- Product analytics (optional): If you accept analytics cookies, a third-party analytics provider may collect interaction metadata, heatmaps, and session recordings to help us understand how the Service is used. Form inputs are masked in recordings by default. Declining analytics cookies prevents that provider from loading on the Service.
2. Work and Personal Email Addresses
Your account email address is used for authentication, workspace invitations, in-app identity (for example, assignee and mention display), and—where you or your administrators enable them—transactional email notifications and digests about workspace activity.
You may register or sign in with a personal or consumer email domain. Pravyaan does not verify that your email is an employer-issued or organization-approved address.
If you or your administrators use a personal email for work-related workspace activity, work notifications, invitations, and digests may be delivered to that personal inbox. You are responsible for the privacy, security, retention, and access controls of whichever mailbox receives Service communications.
Pravyaan is not responsible for accidental disclosure, unauthorized access, employment disputes, regulatory issues, or other harm arising from routing work-related notifications or workspace access through a personal or non-corporate email address. Organizations that require corporate email for business systems should configure membership and invitations accordingly.
3. How We Use Information
We use collected information to:
- Authenticate you, enforce role-based access, and isolate data between tenant workspaces.
- Host, display, sync, and process your workspace content to provide the Service.
- Send AI-related prompts and context to the third-party AI providers you configure, solely to fulfill generation and assistant features you request.
- Deliver in-app notifications, email notifications, and digests according to your preferences and workspace defaults.
- Operate integrations, automation workflows, analytics, and share links you explicitly enable.
- Maintain security, troubleshoot issues, and communicate important Beta or policy updates.
4. AI and Third-Party Providers
Pravyaan does not provide its own large language models. When AI features are enabled, content you submit may be transmitted to external providers (such as OpenAI, Google Gemini, Anthropic, or your Ollama endpoint) using credentials supplied by your workspace administrators. Optional agent and MCP features may invoke additional third-party tools you configure.
Those providers process data under their own privacy policies and terms. You are responsible for reviewing their practices and for not submitting highly sensitive personal data through AI features unless your agreements and policies permit it.
We do not use your workspace content to train or fine-tune generic machine learning models.
6. Subprocessors
We rely on subprocessors that process data on our behalf to operate the Service. The following may receive personal or usage data depending on how you use Pravyaan:
- Auth0 — user authentication and account identifiers.
- Supabase — primary Postgres database hosting for account, workspace, and application data.
- Cloud hosting providers — application hosting and file storage.
- Microsoft Clarity — optional product analytics (session replay and heatmaps) only when you accept analytics cookies; see https://privacy.microsoft.com/.
- AI providers you configure in workspace settings — when you use AI-assisted features (see Section 4).
- Integration platforms you connect through the marketplace — according to your configuration.
- Email delivery providers — when sending notification or digest emails enabled in your workspace.
7. Data Retention and Beta Notice
We retain account and workspace data for as long as your account or workspace remains active and as needed to provide the Service.
During the Beta phase, we may delete, reset, or refactor tenant data at any time as described in our Terms of Service. You should maintain your own backups of critical content.
If you request deletion of your account or a workspace, we will take reasonable steps to remove associated data, subject to legal obligations and residual backups that may persist for a limited period.
8. Security
We implement technical and organizational measures appropriate for a Beta service, including tenant isolation, access controls, protected storage of sensitive credentials, sanitization of notification metadata, and masking of API keys in the user interface.
No method of transmission or storage is completely secure. You are responsible for safeguarding your login credentials, workspace API keys, third-party provider keys, and the email inboxes that receive Service communications.
9. Your Rights and Choices
Depending on applicable law (including the Australian Privacy Act 1988 where it applies), you may have rights to access, correct, or delete personal information we hold about you, or to object to certain processing.
You can update much of your account profile through your authentication provider. Workspace administrators manage team membership and most workspace content within the Service. You can adjust personal notification preferences (including email and digest channels) in your profile settings where available.
To exercise privacy rights or ask questions, contact us using the details in Section 11.
Control analytics cookies via the cookie notice when shown, or by clearing site data for this domain; declining cookies disables third-party product analytics on the Service.
10. International Users
The Service is operated from Australia. If you access the Service from other regions, your information may be processed in Australia and in locations where our subprocessors operate. You are responsible for ensuring your use complies with local laws applicable to your organization and customer data.
11. Contact
For privacy questions or requests, contact the Pravyaan team through the Contact link on our website or the email address published there when available.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will revise the "Last Updated" date at the top of this page when changes are published. Continued use of the Service after changes take effect constitutes acknowledgment of the updated policy.