Privacy Policy
Introduction
Your privacy is important to us. It is AIVory Inc’s policy to respect your privacy and comply with any applicable law and regulation regarding any personal information we may collect about you.
This privacy policy applies to all information collected through our website (https://aivory.net), our IDE plugins (JetBrains, VS Code), MCP Server, Claude Code integrations, and any related services (collectively, the “Service”).
Information We Collect
Information You Provide
We collect information that you voluntarily provide to us when you:
- Register for an account
- Make a purchase or subscribe to our service
- Contact us for support
- Fill out forms on our website
- Participate in surveys or promotions
This may include:
- Name and contact information (email address)
- Payment information (processed securely through our payment provider)
- Account credentials
- Communication preferences
- Any other information you choose to provide
Automatically Collected Information
When you use our Service, we automatically collect certain information:
- Device Information: IP address, browser type, operating system, device identifiers
- Usage Data: IDE type and version, scan frequency, violation types detected, feature usage
- Cookies and Tracking: We use cookies and similar tracking technologies (see Cookie Policy below)
Information from Third Parties
We may receive information about you from third parties, such as:
- Payment processors (for billing and subscription management)
- Analytics providers (for usage statistics)
- Your organization (if using a team or enterprise plan)
What Information We Do NOT Collect
Important: AIVory does NOT:
- Store your source code on our servers
- Read or analyze the content of your source code on our servers
- Share your code with third parties
- Use your code to train AI models
Code scanning happens locally on your machine. Only metadata about violations (file names, line numbers, violation types) is sent to our servers for dashboard reporting.
How We Use Your Information
We use the collected information to:
- Provide the Service: Scan code for compliance violations, generate reports, maintain your account
- Process Payments: Handle subscriptions and billing
- Communicate: Send product updates, security alerts, and support responses
- Improve the Service: Analyze usage patterns, fix bugs, develop new features
- Ensure Security: Detect and prevent fraud, abuse, and security incidents
- Comply with Legal Obligations: Meet regulatory requirements and respond to legal requests
Legal Basis for Processing (GDPR)
If you are in the European Economic Area (EEA), our legal basis for collecting and using personal information depends on the information concerned and the context:
- Contract Performance: Processing necessary to provide the Service you’ve signed up for
- Legitimate Interests: Operating and improving our Service, preventing fraud
- Consent: When you’ve given explicit consent (you can withdraw consent at any time)
- Legal Obligation: Compliance with applicable laws and regulations
Data Sharing and Disclosure
We may share your information in the following circumstances:
Service Providers
We use third-party service providers for:
- Payment processing (Stripe)
- Cloud hosting (AWS, EU and US regions)
- Email delivery (SendGrid)
- Analytics (minimal, anonymized data only)
These providers are contractually obligated to protect your data and use it only for the services they provide to us.
Legal Requirements
We may disclose your information if required by law, court order, or government request, or to:
- Comply with legal obligations
- Protect our rights, property, or safety
- Prevent fraud or security issues
- Enforce our Terms of Service
Business Transfers
If AIVory is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information is transferred and becomes subject to a different privacy policy.
With Your Consent
We may share your information for any other purpose with your explicit consent.
Data Retention
We retain your personal information for as long as necessary to:
- Provide you with the Service
- Comply with legal obligations (e.g., tax records)
- Resolve disputes and enforce agreements
After account deletion: We retain your data for 30 days to allow account recovery, then permanently delete it. Some data may be retained longer if required by law.
Data Security
We protect your personal information using commercially reasonable security measures:
- Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
- Access Controls: Limited access to personal information by authorized personnel only
- Regular Audits: Security assessments and penetration testing
- Incident Response: Procedures for detecting and responding to data breaches
However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.
Your Privacy Rights
Depending on your location, you may have the following rights:
GDPR Rights (European Union)
- Access: Request a copy of your personal information
- Rectification: Correct inaccurate or incomplete data
- Erasure: Request deletion of your personal information (“right to be forgotten”)
- Restriction: Limit how we use your data
- Data Portability: Receive your data in a portable format
- Object: Object to processing based on legitimate interests
- Withdraw Consent: Withdraw consent at any time (where processing is based on consent)
CCPA Rights (California)
- Know: Request disclosure of data collected, used, and shared
- Delete: Request deletion of personal information
- Opt-Out: Opt out of sale of personal information (note: we do not sell personal information)
- Non-Discrimination: Not be discriminated against for exercising your rights
Other Jurisdictions
- Canada (PIPEDA): Access, correct, and request deletion of personal information
- Australia: Access and correct personal information under the Privacy Act
How to Exercise Your Rights
To exercise any of these rights:
- Email: [email protected]
- Account Dashboard: Some settings can be managed directly in your account
- Contact Form: Available at https://aivory.net/contact
We will respond to your request within:
- 30 days (GDPR)
- 45 days (CCPA)
- As required by applicable law
Cookies and Tracking
We use cookies and similar technologies to:
- Maintain your session
- Remember your preferences
- Analyze website usage
- Provide personalized content
Types of Cookies We Use
- Essential Cookies: Necessary for the website to function
- Analytics Cookies: Help us understand how you use our Service
- Preference Cookies: Remember your settings and preferences
You can control cookies through your browser settings. Blocking certain cookies may affect Service functionality.
Third-Party Links
Our Service may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to read their privacy policies.
Children’s Privacy
Our Service is not intended for children under 16. We do not knowingly collect information from children. If you believe we have collected information from a child, please contact us immediately.
International Data Transfers
We operate globally and may transfer your data to countries outside your own. We ensure appropriate safeguards are in place:
- EU-US Data Transfers: Standard Contractual Clauses (SCCs)
- Adequacy Decisions: Transfers to countries with adequate data protection
- Your Consent: Where required by law
Data Protection Officer
For GDPR-related inquiries, contact our Data Protection Officer:
- Email: [email protected]
- Mail: Aivory, Inc, Data Protection Officer, [Address to be added]
Changes to This Policy
We may update this privacy policy from time to time. We will notify you of significant changes by:
- Posting the new policy on this page
- Updating the “Effective Date” at the top
- Sending an email notification (for material changes)
Your continued use of the Service after changes indicates acceptance of the updated policy.
Contact Us
For questions about this privacy policy or our privacy practices:
Email: [email protected]
Website: https://aivory.net/contact
Mail: Aivory, Inc, [Address to be added]
Compliance Certifications
AIVory is committed to meeting the following standards:
- GDPR (General Data Protection Regulation)
- CCPA (California Consumer Privacy Act)
- PIPEDA (Personal Information Protection and Electronic Documents Act - Canada)
- Privacy Act 1988 (Australia)
Data Processing Agreement
For Team and Enterprise customers requiring a Data Processing Agreement (DPA), please contact [email protected].
Last Updated: October 10, 2025
Privacy Policy Version: 1.0