Privacy Policy

1. Scope

This Privacy Policy applies to information we process when you:

• visit our website;
• create or use an account;
• join an Organization account;
• upload videos, files, or other content;
• use analysis, reporting, export, OCR, or AI-assisted features;
• purchase or manage a subscription;
• communicate with us for support, sales, or other inquiries; or
• otherwise interact with the Service.

The Service is currently intended primarily for users in the United States.

2. Key Points

• We do not sell personal information.
• We do not share personal information for cross-context behavioral advertising.
• We do not run third-party advertising on the Service.
• We use service providers and subprocessors to host, operate, secure, support, and bill for the Service.
• Some features, including timecode OCR and certain AI-assisted analysis features, may involve sending derived images, frames, excerpts, or related artifacts to Google Cloud services, including Google Gemini and Vertex AI, to perform the processing you request.
• If your account is managed by an Organization, that Organization's administrators may be able to access, manage, export, or delete content and account information associated with your use of the Service.

3. Information We Collect

We collect information from several sources, including directly from you, automatically from your use of the Service, from your Organization, and from service providers that support the Service.

3.1 Information You Provide Directly

This may include:

• Account information, such as your email address, name, display name, and authentication-related information;
• Organization information, such as organization name, membership, workspace configuration, permissions, and administrative settings;
• Communications, such as messages, support requests, contact form submissions, sales inquiries, and feedback you send to us;
• Billing-related information, such as billing contact details and subscription selections; and
• any other information you choose to provide through the Service.

Authentication for the Service is handled through Firebase Authentication. We do not receive or store your plaintext password.

3.2 User Content and Related Data

We collect and process information you upload, create, or generate through the Service, including:

• Uploads, such as videos, related files, notes, and project materials;
• Analysis artifacts, such as metadata extracts, reports, exports, and generated files;
• Derived data, such as selected frames, images, excerpts, thumbnails, technical extracts, or other materials created as part of analysis or feature processing; and
• Outputs, such as visualizations, OCR results, timecode extractions, and other analysis results.

Uploads and related content may include personal information, confidential information, or information relating to third parties. You are responsible for ensuring you have the legal right to upload and process such content.

3.3 Billing and Transaction Information

When you subscribe to paid features, we and our payment processor may process information such as:

• Stripe customer identifiers;
• subscription identifiers and status;
• checkout session and invoice information;
• billing address and tax-related information, if collected;
• payment status and payment method metadata; and
• records of refunds, credits, disputes, and related billing events.

Payment card details are processed by Stripe. We do not receive or store your full payment card number.

3.4 Information Collected Automatically

When you use the Service, we and our providers may automatically collect certain technical and usage information, including:

• Device and browser information, such as device type, operating system, browser type, language, and settings;
• Log data, such as IP address, timestamps, requested URLs, pages viewed, referring pages, error logs, and diagnostic events;
• Usage information, such as feature interactions, project actions, subscription events, and operational metrics;
• Security and anti-abuse signals, including information from Firebase App Check, Google reCAPTCHA Enterprise, and similar safeguards; and
• information stored using cookies, localStorage, sessionStorage, and similar technologies.

3.5 Information from Organizations and Administrators

If you use the Service through an Organization, we may receive information from that Organization or its administrators, such as:

• your role, permissions, and account status;
• organization membership details;
• administrative actions affecting your account or content; and
• billing or workspace settings associated with the Organization.

4. How We Use Information

We use information for the following purposes:

• to provide, operate, maintain, and support the Service;
• to create and manage accounts, organizations, permissions, and authentication flows;
• to receive, store, process, analyze, and export uploads and User Content;
• to generate reports, analyses, OCR results, timecode results, and other Outputs you request;
• to process subscriptions, billing, invoices, renewals, taxes, payments, disputes, and account administration;
• to send transactional communications, such as verification emails, invitations, password resets, notices, and support responses;
• to detect, prevent, investigate, and respond to fraud, abuse, misuse, security incidents, and technical issues;
• to monitor performance, reliability, quality, usage, and system health;
• to debug, improve, and develop features, workflows, and service operations;
• to comply with legal obligations, enforce our agreements, and protect the rights, safety, and security of DIVA, our users, and others; and
• to create aggregated and deidentified analytics, metrics, and operational insights that do not identify you or your Organization as the source.

5. How We Disclose Information

We do not sell personal information, and we do not share personal information for cross-context behavioral advertising.

We may disclose information in the following circumstances:

5.1 Service Providers and Subprocessors

We disclose information to vendors, contractors, subprocessors, and service providers that help us operate the Service, such as providers of:

• cloud hosting and infrastructure;
• authentication and database services;
• file storage;
• payment processing and subscription management;
• email delivery and communications;
• security, abuse prevention, and bot detection;
• AI, OCR, and machine-learning-assisted processing; and
• support, monitoring, analytics, logging, and diagnostics.

These providers are authorized to process information on our behalf for the purposes described in this Privacy Policy and subject to appropriate contractual or legal restrictions where applicable.

5.2 Organizations and Org Admins

If you use the Service as part of an Organization, information associated with your account, content, projects, settings, or activity may be available to that Organization and its authorized administrators in accordance with the Service's administrative features.

5.3 Legal, Safety, and Protection of Rights

We may disclose information if we believe in good faith that disclosure is necessary or appropriate to:

• comply with applicable law, regulation, legal process, court order, subpoena, or governmental request;
• enforce our Terms or other agreements;
• detect, prevent, or respond to fraud, security incidents, technical issues, or illegal activity; or
• protect the rights, property, safety, or security of DIVA, the Service, our users, third parties, or the public.

5.4 Business Transfers

We may disclose or transfer information in connection with a merger, acquisition, financing, bankruptcy, reorganization, sale of assets, or other corporate transaction, including during diligence related to such a transaction.

5.5 With Your Direction or Consent

We may disclose information when you direct us to do so or otherwise consent.

6. Service Providers and Subprocessors

We use third-party services to host, operate, secure, bill for, and support the Service. Depending on your use of the Service, we may disclose information to providers such as:

• Google Cloud / Firebase, including hosting, authentication, database, file storage, abuse prevention, diagnostics, and optional AI-related processing;
• Stripe, for payment processing, subscription management, invoicing, and the customer billing portal; and
• email delivery providers, for account verification, invitations, password resets, welcome emails, transactional notices, and contact-form communications.

In practice, this may include services such as:

• Firebase Authentication;
• Cloud Firestore;
• Cloud Storage / Firebase Storage;
• Firebase App Check;
• Google reCAPTCHA Enterprise; and
• Vertex AI and related Google Cloud services where AI-assisted features are used.

7. AI and OCR Processing

If you use OCR or other AI-assisted features, we may create derived images, frames, excerpts, prompts, metadata, or similar artifacts from your uploads and send those materials to Google Cloud services, including Google Gemini and Vertex AI, solely to perform the analysis or feature you requested.

This processing may include, for example:

• extracting selected frames from uploaded video;
• sending those frames or derived images for OCR or timecode extraction;
• sending related metadata or instructions needed to perform the requested task; and
• receiving and storing the resulting extracted text, timecode, or other outputs.

We do not use your uploads or derived artifacts to train our own general-purpose AI models unless we separately disclose that practice and have an appropriate legal basis to do so.

AI-assisted outputs may be incomplete or inaccurate. You are responsible for reviewing and validating the results.

8. Cookies and Similar Technologies

We use cookies and similar technologies, including localStorage, sessionStorage, and similar browser-based storage mechanisms, for purposes such as:

• keeping you signed in;
• remembering preferences and settings;
• supporting security and abuse prevention;
• maintaining session state;
• facilitating billing or checkout-related flows; and
• supporting service functionality and reliability.

Some third-party services we use, such as Stripe and Google reCAPTCHA Enterprise, may also set or read cookies or similar technologies as part of their functionality.

reCAPTCHA notice: This site is protected by reCAPTCHA Enterprise and the Google Privacy Policy and Terms of Service apply.

9. Data Retention

We retain information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to:

• provide and operate the Service;
• maintain account and organization functionality;
• support restoration, recovery, backup, and security functions;
• comply with legal, tax, accounting, audit, and recordkeeping obligations;
• resolve disputes; and
• enforce agreements.

Retention periods vary depending on the type of information and the context in which it was collected.

9.1 Projects, Uploads, and Outputs

You may be able to delete projects, uploads, and related content through the Service. Deleted content may remain available for a limited period before permanent purge to support restoration and operational recovery.

For certain deleted storage objects, the Service may use a soft-delete or retention window before permanent deletion, for example for up to 7 days.

9.2 Backups, Logs, and Records

Backups, diagnostic logs, security records, and billing records may persist for a limited period after deletion requests or account closure, and in some cases longer where required by law, needed for dispute resolution, or necessary to protect the Service.

9.3 Account Deletion Requests

If you would like to request deletion of your account, contact support@diva-technologies.com. In some cases, we may retain certain information as required or permitted by law, for legitimate business purposes, or where the account is managed by an Organization that controls the account relationship.

10. Your Choices and Privacy Rights

Depending on where you live and subject to applicable law, you may have rights relating to your personal information, such as the right to:

• request access to certain personal information we hold about you;
• request correction of inaccurate personal information;
• request deletion of certain personal information;
• request a copy of certain information in a portable format; and
• designate an authorized agent to submit certain requests on your behalf where permitted by law.

To submit a privacy request, contact support@diva-technologies.com or use any privacy request method we make available on our website or through the Service.

We may take reasonable steps to verify your identity before processing a request. We may limit or deny a request where permitted by law.

If your account is managed by an Organization, some requests may need to be directed to that Organization, particularly where the Organization controls the account or content.

11. California Privacy Notice

This section supplements the rest of this Privacy Policy for California residents.

11.1 Categories of Personal Information We Collect

In the preceding 12 months, we may have collected the following categories of personal information, depending on how you use the Service:

• Identifiers, such as name, email address, account identifiers, online identifiers, IP address, and device identifiers;
• Customer records information, such as billing contact details and subscription records;
• Commercial information, such as subscription history, purchase records, and billing events;
• Internet or other electronic network activity information, such as usage logs, app interactions, diagnostics, and browsing or service activity;
• Geolocation information, such as approximate location inferred from IP address;
• Professional or employment-related information, such as organization affiliation, role, or administrative status, where provided;
• Audio, electronic, visual, or similar information, such as uploaded videos, derived frames, images, and related media content;
• Inferences, such as service preferences, settings, or usage-based operational insights; and
• Sensitive personal information that may be contained in User Content you upload or that we process to provide the Service, to the extent such information is included by you or your Organization.

11.2 Sources of Personal Information

We collect personal information from:

• you directly;
• your use of the Service;
• your browser or device;
• your Organization or its administrators; and
• our service providers and subprocessors.

11.3 Purposes for Collection, Use, and Disclosure

We collect, use, and disclose personal information for the business and commercial purposes described in Sections 4 and 5 of this Privacy Policy.

11.4 Disclosure for Business Purposes

We may disclose the categories of personal information listed above to the categories of recipients described in Section 5, including service providers, subprocessors, Organizations and Org Admins, legal authorities when required, and parties involved in business transfers.

11.5 Sale or Sharing

We do not sell personal information, and we do not share personal information for cross-context behavioral advertising.

11.6 Sensitive Personal Information

We do not use or disclose sensitive personal information for purposes other than providing the Service, maintaining security, complying with law, or other permitted purposes under applicable law, except as otherwise disclosed and as necessary based on the content you choose to upload.

11.7 Retention

We retain personal information for the period reasonably necessary to achieve the purposes for which it was collected, taking into account the nature of the information, the sensitivity of the information, the purposes for processing, legal obligations, operational needs, dispute resolution requirements, and technical retention practices such as backups and soft-delete windows.

12. Do Not Track and Global Privacy Control

Some browsers transmit "Do Not Track" signals, and some users enable Global Privacy Control (GPC).

Because there is no uniform industry standard for responding to Do Not Track signals, we do not respond to them in a uniform way.

We do not sell personal information or share personal information for cross-context behavioral advertising.

13. Security

We use administrative, technical, and physical safeguards designed to protect information we process. However, no method of transmission over the internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.

You are responsible for maintaining the confidentiality of your credentials and for using the Service in a secure manner.

14. Minors

The Service is not directed to individuals under 18, and we do not knowingly collect personal information directly from individuals under 18. If you believe an individual under 18 has provided personal information to us, contact support@diva-technologies.com, and we will take appropriate steps in accordance with applicable law.

15. International Use

The Service is currently intended primarily for users in the United States. If you access the Service from outside the United States, you understand that your information may be transferred to, stored in, and processed in the United States and other jurisdictions where our providers operate.

Data protection laws in those jurisdictions may differ from those in your jurisdiction.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make changes, we will post the updated version and revise the effective date above.

If changes are material, we may provide additional notice through the Service, by email, or by another reasonable method.

17. Contact

If you have questions about this Privacy Policy or wish to make a privacy request, contact:

DIVA Technologies
Email: support@diva-technologies.com

You may also contact us through the Help page, if available.