Back to home

Privacy Policy

Last updated: April 1, 2026

1. Information We Collect

When you use Secuvia, we collect the following types of information: Account Information: Email address, name, and authentication credentials when you sign up or connect an email account. Email Metadata: We analyze email headers, sender addresses, URLs, IP addresses, and attachment metadata for phishing detection. We do NOT store the full body content of your emails permanently. Usage Data: Information about how you interact with our service, including analysis history, settings preferences, and feature usage. Technical Data: Browser type, device information, and IP address for security and service improvement.

2. How We Use Your Information

We use the information we collect to: • Analyze incoming emails for phishing threats and provide security verdicts • Maintain and improve our AI-powered threat detection models • Send you notifications about detected threats (email digests, browser notifications) • Provide customer support and respond to your requests • Comply with legal obligations and enforce our terms

3. Data Sharing

We do NOT sell your personal information. We may share limited data with: Threat Intelligence Providers: We query external CTI services (URLhaus, PhishTank, VirusTotal, AbuseIPDB) with URLs, IPs, and domains extracted from emails — never with your personal information. AI Processing: Email metadata may be processed by our AI models (Groq LLM) for classification. No personally identifiable information is included in AI prompts. Service Providers: AWS (infrastructure), Vercel (frontend hosting), Stripe (payments) — under strict data processing agreements.

4. Data Retention

• Analysis records are retained for 90 days by default, configurable in your settings. • Audit logs are retained for 90 days with automatic TTL-based deletion. • CTI cache data expires after 24 hours. • You can request data export or deletion at any time through the Compliance settings page.

5. Your Rights (GDPR)

If you are in the EU/EEA, you have the right to: Access: Request a copy of all data we hold about you (Subject Access Request) Erasure: Request deletion of your account and associated data (Right to Erasure) Portability: Export your data in machine-readable format Rectification: Request correction of inaccurate data These tools are available in your Settings → Compliance page, or by contacting us at usesecuvia@gmail.com.

6. Security

We implement industry-standard security measures including: • Encryption in transit (TLS) and at rest (AES-256) • Multi-tenant data isolation with tenant-scoped access • API key hashing (SHA-256) — we never store raw API keys • OAuth 2.0 for email provider connections • IMAP credentials stored in AWS SSM SecureString

7. Cookies

We use essential cookies only for authentication and session management. We do not use tracking or advertising cookies.

8. Contact

For privacy-related questions, contact us at: Email: usesecuvia@gmail.com

© 2026 Secuvia. All rights reserved.