Privacy Policy

Effective Date: January 1, 2025 | Last Updated: January 1, 2025

1. Introduction

Curveo, Inc. ("Curveo," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our business analytics platform, website, and related services (collectively, the "Services").

This policy applies to information we collect through our website (curveo.co), our software platform, mobile applications, and through your communications with us. By accessing or using our Services, you agree to this Privacy Policy.

Our commitment: We will never sell your personal information to third parties for marketing purposes.

2. Information We Collect

2.1 Information You Provide Directly

We collect information that you voluntarily provide to us, including:

  • Account Information: Name, email address, company name, job title, phone number, billing address, and payment information
  • Profile Information: Username, password, profile picture, and preferences
  • Business Data: Data, files, and information you upload to our platform for analysis
  • Communications: Messages, feedback, support requests, and survey responses
  • Event Information: Information provided when registering for webinars, demos, or events

2.2 Information Collected Automatically

When you use our Services, we automatically collect certain information:

  • Usage Data: Features used, pages viewed, time spent, clicks, queries, search terms, and interaction patterns
  • Device Information: IP address, browser type and version, operating system, device identifiers, and hardware information
  • Location Data: General geographic location based on IP address (city/state level)
  • Cookies and Tracking: Information collected through cookies, web beacons, and similar technologies (see Cookie Policy)
  • Log Data: Server logs including access times, pages requested, and system activity

2.3 Information from Third Parties

  • Authentication Services: Information from single sign-on providers (Google, Microsoft, etc.)
  • Data Integrations: Information from third-party services you connect to our platform
  • Business Partners: Information from partners who refer you to our Services
  • Public Sources: Publicly available information to supplement your profile

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Delivery

  • Provide, maintain, and improve our Services
  • Process and complete transactions
  • Create and manage your account
  • Provide customer support and respond to inquiries
  • Deliver analytics, reports, and insights

3.2 Communication

  • Send transactional emails (receipts, confirmations, notifications)
  • Provide technical notices and security alerts
  • Send product updates and new feature announcements
  • Respond to your comments and questions
  • Send marketing communications (with your consent)

3.3 Analytics and Improvement

  • Monitor and analyze usage patterns and trends
  • Conduct research and development
  • Test new features and improvements
  • Measure the effectiveness of our Services
  • Generate anonymized, aggregated statistics

3.4 Security and Legal Compliance

  • Detect, prevent, and address fraud and security issues
  • Protect against unauthorized access and abuse
  • Enforce our Terms of Service
  • Comply with legal obligations and court orders
  • Establish, exercise, or defend legal claims

4. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We share information with third-party vendors who perform services on our behalf:

  • Cloud hosting and infrastructure providers
  • Payment processors and billing services
  • Email and communication platforms
  • Analytics and monitoring services
  • Customer support tools

These providers are contractually obligated to protect your data and use it only for specified purposes.

4.2 Business Transfers

In connection with a merger, acquisition, reorganization, sale of assets, or bankruptcy, your information may be transferred to the successor entity, subject to this Privacy Policy.

4.3 Legal Requirements

We may disclose information when required by law, including to:

  • Comply with legal process (subpoenas, court orders)
  • Respond to government requests
  • Protect our rights, property, and safety
  • Investigate potential violations of our Terms
  • Protect against fraud or security threats

4.4 With Your Consent

We may share information with third parties when you explicitly consent to such sharing.

4.5 Aggregated and De-Identified Data

We may share anonymized, aggregated, or de-identified information that cannot reasonably be used to identify you.

5. Data Security

We implement comprehensive security measures to protect your information:

5.1 Technical Safeguards

  • Encryption: Data encrypted in transit (TLS 1.3+) and at rest (AES-256)
  • Access Controls: Multi-factor authentication and role-based access
  • Network Security: Firewalls, intrusion detection, and monitoring
  • Secure Infrastructure: SOC 2 Type II compliant data centers

5.2 Organizational Safeguards

  • Regular security audits and penetration testing
  • Employee training on data protection
  • Incident response and breach notification procedures
  • Vendor security assessments

5.3 Your Responsibility

You are responsible for maintaining the confidentiality of your account credentials. Please use a strong, unique password and enable two-factor authentication.

Important: No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

6. Your Rights and Choices

Depending on your location, you have the following rights regarding your personal information:

6.1 Access and Portability

  • Right to Access: Request a copy of the personal information we hold about you
  • Right to Portability: Receive your data in a structured, machine-readable format

6.2 Correction and Deletion

  • Right to Correct: Update or correct inaccurate information
  • Right to Delete: Request deletion of your personal information (subject to legal exceptions)

6.3 Control and Restriction

  • Right to Object: Object to certain processing activities
  • Right to Restrict: Request limitation of processing in certain circumstances
  • Right to Opt-Out: Unsubscribe from marketing communications at any time

6.4 California Residents - CCPA Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: Request disclosure of categories and specific pieces of personal information collected
  • Right to Delete: Request deletion of personal information we collected
  • Right to Opt-Out: Opt-out of the "sale" of personal information (we do not sell personal information)
  • Right to Non-Discrimination: You will not be discriminated against for exercising your rights

To exercise these rights, please contact us at privacy@curveo.co or call +1 (310) 555-0147. We will respond within 45 days.

6.5 European Residents - GDPR Rights

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR), including those listed above and:

  • Right to Withdraw Consent: Withdraw consent for processing based on consent
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

6.6 How to Exercise Your Rights

To exercise any of these rights:

  • Email us at: privacy@curveo.co
  • Call us at: +1 (310) 555-0147
  • Mail us at: 2450 Colorado Avenue, Suite 100E, Santa Monica, CA 90404
  • Use the privacy settings in your account dashboard

We will verify your identity before processing requests and respond within the legally required timeframe.

7. Data Retention

We retain your personal information for as long as necessary to:

  • Provide our Services and fulfill transactions
  • Comply with legal, tax, and accounting obligations
  • Resolve disputes and enforce agreements
  • Maintain business records and archives

Retention Periods:

  • Account information: Duration of account + 7 years
  • Transaction records: 7 years (legal requirement)
  • Usage data: 2 years
  • Marketing data: Until you opt-out + 30 days
  • Support tickets: 3 years

When information is no longer needed, we securely delete or anonymize it.

8. International Data Transfers

Our Services are hosted in the United States. If you access our Services from outside the U.S., your information will be transferred to, stored, and processed in the United States.

We ensure appropriate safeguards for international transfers:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements with service providers
  • Compliance with EU-U.S. Privacy Shield principles (where applicable)

9. Children's Privacy

Our Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. We will promptly delete such information from our systems.

10. Third-Party Links and Services

Our Services may contain links to third-party websites, applications, or services. This Privacy Policy does not apply to those third parties.

We are not responsible for the privacy practices or content of third-party sites. We encourage you to review their privacy policies before providing any information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

  • Changes in our practices or Services
  • Changes in applicable laws and regulations
  • New features or technologies
  • Feedback from users and stakeholders

We will notify you of material changes by:

  • Posting the updated policy on our website
  • Sending an email to your registered email address
  • Displaying a prominent notice in our Services

Your continued use of our Services after changes become effective constitutes acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Curveo, Inc.
Attn: Privacy Team
2450 Colorado Avenue, Suite 100E
Santa Monica, CA 90404
United States

Email: privacy@curveo.co
Phone: +1 (310) 555-0147
Hours: Monday-Friday, 9:00 AM - 6:00 PM PST

We will respond to your inquiry within 30 days (or as required by applicable law).

13. California "Shine the Light" Law

California Civil Code Section 1798.83 permits California residents to request information about our disclosure of personal information to third parties for direct marketing purposes.

We do not share personal information with third parties for their direct marketing purposes without your explicit consent.

14. Do Not Track Signals

Some browsers have "Do Not Track" features that allow you to signal your privacy preference. Our Services currently respond to Do Not Track signals by:

  • Disabling non-essential tracking cookies
  • Limiting third-party analytics collection
  • Respecting your browser's privacy settings