Privacy Policy
How we collect, use, and protect your information
⛑ Core Privacy Principle
We do not store or keep your BC/DR plans. Unless you specifically request our optional Offsite Secure BC/DR Plan Storage add-on (a separately purchased, paid service), your business continuity and disaster recovery plan content is never retained on our servers after your session ends.
1. Introduction
Avsentia LLC (“Avsentia,” “we,” “us,” or “our”) operates the Avsentia platform, including Dave, our AI-powered Business Continuity and Disaster Recovery (BC/DR) planning assistant. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.
2. Information We Collect
2.1 Account Information
When you register, we collect your name, email address, company name, industry type, and optionally phone number and job title.
2.2 Billing Information
Payment processing is handled by Stripe. We do not store full credit card numbers. We retain subscription tier, billing amounts, transaction dates, and your Stripe customer ID.
2.3 Usage Analytics
We collect anonymized usage data including features accessed, session duration, and performance metrics. This cannot identify the content of your BC/DR plans.
3. BC/DR Plan Data — Our Core Commitment
When you work with Dave:
- Your plan content is processed in real-time to generate responses
- By default, your plan content is NOT stored after your session ends
- Each new session with Dave begins fresh
Exception — Offsite Secure Storage Add-On: If you purchase this add-on, your BC/DR plan will be AES-256 encrypted and stored in our geo-redundant storage. This is an explicit, paid opt-in. You may request deletion at any time.
4. Third-Party Service Providers
We share data with:
- Anthropic — Powers Dave AI (session processing only, not retained)
- Supabase — Account data and authentication
- Stripe — Payment processing
- Vercel — Application hosting
- Resend — Transactional email
5. Data Retention
- Account information: Duration of account + 3 years
- Billing records: 7 years (legal requirement)
- BC/DR plan content (default): Not stored
- BC/DR plan content (Storage Add-On): Until deleted or 30 days after cancellation
- Usage analytics: 24 months (anonymized after 30 days)
6. Your Rights
All users may access, correct, delete, or export their data. EU/UK users have additional GDPR rights. California residents have CCPA rights. We do not sell personal information.
To exercise your rights, contact privacy@avsentia.com.
7. Security
We implement TLS encryption in transit, AES-256 at rest, role-based access controls, multi-factor authentication, and annual penetration testing. SOC 2 Type II certification is in progress.
8. Changes to This Policy
We will notify you of material changes 30 days before they take effect via email and platform notification.
9. Contact
Privacy inquiries: privacy@avsentia.com
General support: support@avsentia.com
Avsentia LLC · Philadelphia, PA