This Privacy Policy describes how Oravida AI ("we," "us," or "our") collects, uses, and protects your personal information when you use our portfolio generation services. We are committed to protecting your privacy and ensuring transparency about our data practices.

Scope: This policy applies to all users of our Service, including website visitors, registered users, and anyone who interacts with our AI portfolio generation platform.

Compliance: We comply with applicable data protection laws including GDPR, CCPA, and other privacy regulations. This policy explains your rights and our obligations under these laws.

Account Information: When you create an account, we collect:

• Name, email address, and password
• Profile information and preferences
• Account settings and configuration
• Payment and billing information

Portfolio Content: We collect and process:

• Resumes, career stories, and professional information
• LinkedIn profiles and other professional data
• AI-generated portfolio content
• User feedback and ratings

Usage Data: We automatically collect:

• Service usage patterns and interactions
• Technical information (IP address, browser type, device)
• Performance metrics and error logs
• Feature usage and preferences

AI Training Data: We will never use your personal content for AI training without your explicit, prior consent. You may withdraw this consent at any time. If consent is given, your data will be anonymized and protected according to our strict data protection measures.

Service Provision: We use your information to:

• Provide portfolio generation services
• Process payments and manage your account
• Generate AI-powered portfolio content
• Store and manage your portfolios

Service Improvement: We use data to:

• Improve AI algorithms and content quality
• Optimize user experience and interface
• Develop new features and capabilities
• Analyze usage patterns and trends

Communication: We may use your contact information to:

• Send service updates and notifications
• Provide customer support and assistance
• Send marketing communications (with consent)
• Notify you of important changes

Legal Compliance: We may use your information to:

• Comply with legal obligations
• Protect our rights and property
• Prevent fraud and abuse
• Respond to legal requests

No Sale of Personal Data: We do not sell, rent, or trade your personal information to third parties for marketing purposes.

Service Providers: We may share data with trusted third-party service providers:

• Payment processors for secure transactions
• Cloud hosting providers for data storage
• AI model providers for content generation
• Analytics services for service improvement
• Customer support platforms for assistance

Legal Requirements: We may disclose your information when required by law:

• Court orders or legal subpoenas
• Government investigations or requests
• Regulatory compliance requirements
• Protection of rights and safety

Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity, subject to the same privacy protections.

Data Processing Agreements: All third-party service providers are bound by strict data processing agreements that ensure your data is protected according to our standards.

Security Measures: We implement comprehensive security measures including:

• End-to-end encryption for data transmission
• Secure data centers with physical access controls
• Regular security audits and penetration testing
• Multi-factor authentication for account access
• Regular security updates and patches

Data Access Controls: We limit access to your personal information to:

• Authorized employees who need access for their job
• Service providers under strict contractual obligations
• You and authorized account users
• Legal authorities when required by law

Data Breach Response: In the event of a data breach, we will:

• Immediately investigate and contain the breach
• Notify affected users within 72 hours
• Report to relevant authorities as required
• Implement additional security measures
• Provide support and guidance to affected users

Ongoing Monitoring: We continuously monitor our systems for security threats and vulnerabilities, implementing improvements as needed.

Retention Periods: We retain your data for different periods based on purpose:

• Account information: Until account deletion or 3 years after last activity
• Portfolio content: Until account deletion or 2 years after last generation
• Usage analytics: 1 year for service improvement purposes
• Payment records: 7 years for legal and tax compliance
• AI training data: Until consent withdrawal or 1 year after last use

Data Storage: Your data is stored in secure cloud environments:

• Primary storage in US-based data centers
• Backup storage in geographically distributed locations
• Encrypted storage with industry-standard encryption
• Regular backup verification and testing

Data Deletion: You can request deletion of your data:

• Complete account deletion removes all personal data
• Portfolio deletion removes specific content
• AI training data removal from our models
• Confirmation of deletion within 30 days

Legal Retention: Some data may be retained longer when required by law, regulation, or legitimate business purposes.

Right to Access: You have the right to:

• Access all personal data we hold about you
• Request copies of your data in portable format
• Understand how your data is processed
• Know the legal basis for data processing

Right to Rectification: You can:

• Correct inaccurate personal information
• Update incomplete data
• Modify account preferences and settings
• Request data quality improvements

Right to Erasure: You can request:

• Complete deletion of your account and data
• Removal of specific portfolio content
• Erasure of AI training data
• Deletion of marketing preferences

Right to Portability: You can:

• Download your data in machine-readable format
• Transfer data to other services
• Export portfolio content and settings
• Receive data in structured, commonly used format

Right to Object: You can:

• Object to certain types of data processing
• Withdraw consent for marketing communications
• Opt out of AI model training
• Request processing restrictions

Essential Cookies: We use necessary cookies for:

• User authentication and session management
• Security and fraud prevention
• Basic service functionality
• Payment processing and security

Analytics Cookies: We use analytics to:

• Understand how users interact with our service
• Improve user experience and performance
• Identify and fix technical issues
• Make data-driven product decisions

Third-Party Analytics: We may use services like:

• Google Analytics for website performance
• Mixpanel for user behavior analysis
• Hotjar for user experience research
• All with appropriate privacy controls

Cookie Management: You can:

• Control cookie preferences in your browser
• Opt out of non-essential cookies
• Delete existing cookies
• Set browser-level privacy controls

Data Location: Your data may be processed in:

• United States (primary processing location)
• European Union (for EU users, when applicable)
• Other countries where our service providers operate
• Always in compliance with applicable laws

Transfer Safeguards: We ensure adequate protection through:

• Standard Contractual Clauses (SCCs) for EU transfers
• Adequacy decisions where applicable
• Binding corporate rules for multinational transfers
• Certification schemes and codes of conduct

Legal Compliance: All transfers comply with:

• GDPR requirements for EU data subjects
• CCPA requirements for California residents
• Other applicable privacy laws and regulations
• Industry best practices and standards

User Rights: International users maintain all privacy rights regardless of where their data is processed.

Privacy Team: For privacy-related questions and concerns:

• Email: privacy@orav.ai
• Privacy Hotline: +1 (555) PRIVACY
• Response within 48 hours

Data Protection Officer: For EU users and complex privacy matters:

• Email: dpo@orav.ai
• Direct line: +1 (555) DPO-LINE
• Specialized EU privacy expertise
• Independent oversight and guidance

Legal Team: For legal privacy matters:

• Email: legal@orav.ai
• Legal department contact form
• Attorney-client privilege protection
• Specialized privacy law expertise

Complaint Process: If you have privacy complaints:

• Contact our privacy team first
• Escalate to data protection officer if needed
• File complaint with relevant authorities
• Seek legal counsel for unresolved issues

Regulatory Authorities: You may also contact:

• Your local data protection authority
• EU Data Protection Board (for EU users)
• Federal Trade Commission (US)
• Other relevant regulatory bodies

AI Output Disclaimer: AI-generated portfolio content is created automatically and may contain inaccuracies, errors, or omissions. Users are solely responsible for reviewing, verifying, and validating all content before sharing or using it. Oravida AI expressly disclaims all liability for any consequences, damages, or losses arising from reliance on AI-generated outputs.

No Professional Advice: Portfolios generated by Oravida AI are for informational and presentation purposes only. They do not constitute legal, financial, career, or professional advice. Always consult qualified professionals for specific advice related to your situation.

No Children's Data: Our services are not directed to children under 16 years of age, and we do not knowingly collect or process personal information from children. If we discover we have collected personal information from a child under 16, we will delete such information immediately.

Third-Party Service Providers: While we carefully select trusted service providers, we cannot guarantee and expressly disclaim all liability for the security practices, privacy policies, or other practices of any third-party services. Your information may be subject to their respective policies when you interact with their services.

Governing Law and Jurisdiction: This Privacy Policy is governed by the laws of the State of California, United States. Any disputes arising from or relating to this Privacy Policy shall be resolved exclusively in the courts of San Francisco, California, and you consent to the personal jurisdiction of such courts.