Privacy Policy

Last Updated: April 6, 2026

This Privacy Policy describes how we collect, use, and protect information when you use our AI-powered productivity platform (the "Service"), including the desktop application, app builder, app runtime, and related offerings. **"We," "us," and "our"** mean **Carvify, Inc. (DBA Carve)** (the "Operator"), which operates the Service under the **Carve** name. By using the Service, you agree to this Privacy Policy. If you do not agree, do not use the Service.

1. Information We Collect

1.1 Account and Billing Information

• Email address
• Name
• User handle (a public-facing display identifier you choose)
• Company or organization name (if provided)
• Password (stored in hashed form; we do not store plain-text passwords)
• Payment and billing information: payment method type, last four digits of card number, billing address, subscription plan, and related transaction records. Full payment credentials (e.g., complete card numbers) are collected and processed directly by our third-party payment processor (e.g., Stripe) and are not stored on our servers.

1.2 Usage Information

• Commands and actions you request (to provide and improve the Service)
• Workflow and automation data
• Integration connections (credentials are encrypted; we do not store plain-text API keys)
• Audit logs of actions performed (for security and compliance)

1.3 Analytics and Product Usage

• **Event data**: Event type (e.g., click, view, action), event name, and optional properties you or the app send (e.g., page path, timestamp)
• **Session identifier**: A session ID stored in your browser or app session to associate events within a session
• **Page or screen path**: The path or screen you are viewing when an event is recorded
• We use this data to improve the Service, understand usage patterns, fix errors, and ensure security. When you are logged in, events may be associated with your account; when not logged in, events may be collected in an anonymous or pseudonymous manner as implemented in the Service.

1.4 Technical Information

• IP address (for security, fraud prevention, and operational purposes)
• Device and application information necessary to provide and support the Service
• Usage patterns and preferences (as described above)

We do not knowingly collect sensitive categories of personal information (e.g., health, financial, biometric) unless you provide them in the course of using the Service.

1.5 Conversation Storage and Privacy Mode

• **Default behavior**: When you use the chat or conversation features, we store your conversation messages (including content, actions, and execution results) on our servers to provide the Service (e.g., to load history, sync across devices, and support cross-conversation memory and search).
• **Privacy option**: You may enable a setting in the application (e.g., "Don't save conversations to server" or "Privacy mode") so that we **do not** persist your conversation messages on our servers. When this setting is on:
• Conversation content is kept only on your device (and may be stored locally by the application on that device).
• We still receive your messages and conversation context when you send a request (e.g., to generate a response), but we do not save them to our databases or use them to build long-term memory or search indexes for your account.
• Features that depend on server-stored conversation history—such as cross-device sync, cross-conversation memory (search across past chats), and loading conversation history on another device—are not available. Conversation history may be lost if you clear the application's local data or reinstall the application.
• Enabling this option does not affect our collection of other information described in this Privacy Policy (e.g., account information, analytics, or technical information) to the extent we describe elsewhere.

1.6 App Builder and App Platform Data

When you use the App Builder or run Apps, we may collect:

• App specifications, configurations, and metadata for Apps you create or edit
• App builder conversation history (your prompts, AI responses, and draft iterations)
• App runtime data, including key-value data stores and usage state
• Files and images you upload to Apps (e.g., app avatars, hosted images, and document attachments)

1.7 Collaboration Data

When you use collaboration features, we may collect:

• Discussion comments, threads, and related interactions on Apps or within your organization
• App membership, sharing, and access control information (e.g., roles, share links, team assignments)
• Organization and team membership data
• Profile photos shown in collaboration interfaces (e.g., next to your name in team discussion), when you have uploaded a photo and have not turned off that display in your preferences
• Optional profile bio and job title you choose to show to collaborators on Apps you share, when you have enabled that display in your preferences

1.8 Email Communications and Waitlist

• If you join a waitlist or express interest before creating an account, we collect your email address to contact you when access is available
• We send transactional emails (e.g., email verification and reminders, password reset, billing notifications, usage alerts, and account-related reminders such as welcome messages, onboarding tips, or subscription options). We store verification tokens temporarily to confirm your email address.
• Email addresses may be normalized (e.g., removing sub-address tags and standardizing format) for account uniqueness and security purposes

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and improve the Service (including the App Builder and app platform)
• Process your requests, execute commands, and run Apps
• Process payments, manage subscriptions, and send billing-related communications
• Maintain security, prevent fraud, and enforce our Terms of Use
• Verify your identity (e.g., email verification)
• Comply with legal obligations
• Communicate with you about the Service (e.g., important updates, policy changes, usage alerts, and waitlist notifications)
• Analyze usage and product performance (including via analytics as described in Section 1.3)

We do not sell your personal information.

3. Data Storage and Security

3.1 Local Execution

• Commands are executed on your local machine
• We do not have direct access to your local files or system through the desktop application beyond what is necessary to provide the Service
• Action execution happens locally through the desktop application

3.2 Data Encryption and Security

• Passwords are hashed using industry-standard methods (e.g., bcrypt)
• Integration credentials are encrypted at rest where stored by us
• Data transmission is encrypted using HTTPS/TLS where applicable

3.3 Data Retention

• We retain your account information while your account is active and as needed to provide the Service and comply with law
• Audit logs and analytics data may be retained for security, compliance, and product improvement purposes
• You may request deletion of your personal data; we will process such requests in accordance with applicable law and our data retention policies

3.4 Security Incidents

In the event of a security incident that affects your personal information, we will notify you and relevant regulators as required by applicable law.

4. Information Sharing

We do not sell your personal information. We may share information only:

• With your explicit consent
• To comply with legal obligations (e.g., subpoenas, court orders) or to protect our rights and safety
• With service providers who assist in operating the Service (under contracts that require confidentiality and appropriate security), including third-party payment processors (e.g., Stripe) that receive payment information directly to process transactions, manage subscriptions, and prevent fraud
• With other users in your organization when you share Apps, collaborate on content, or participate in team discussions, to the extent necessary to provide those collaboration features
• In connection with a merger, acquisition, or sale of assets (with notice as required by law)

5. Your Rights

Depending on your location, you may have the right to:

• Access your personal information
• Correct inaccurate information
• Request deletion of your data
• Opt-out of certain data collection (where technically and legally available)
• Export your data
• Object to or restrict certain processing
• Withdraw consent where processing is based on consent

To exercise these rights, contact us through the Service or at info@getcarve.app. We will respond in accordance with applicable law. If you are in the European Economic Area or the United Kingdom, you may also have the right to lodge a complaint with a supervisory authority.

6. Third-Party Services and AI Providers

The Service may integrate with third-party services (e.g., AI providers, payment processors such as Stripe, Gmail, Slack). When you use those integrations or when we use third-party processors to operate the Service, your data is processed in accordance with their respective privacy policies and our agreements with them. We encourage you to review their policies.

6.1 Third-Party AI Processing

To provide AI-powered features, the Service transmits your prompts, instructions, and related context to third-party AI model providers ("AI Sub-processors") for processing. This may include:

• **Large Language Model (LLM) providers** that generate text, commands, plans, and analyses in response to your instructions
• **Search and research providers** that retrieve real-time information from the internet when you use research or internet query features

When your data is sent to an AI Sub-processor, it is transmitted over encrypted connections and subject to our data processing agreements with those providers, which restrict their use of your data. We select providers that commit not to use customer inputs to train or improve their general-purpose models, but you should be aware that we do not control the internal practices of third-party providers. We may update the specific providers we use at any time; a current list of AI Sub-processors is available upon request by contacting us at the address in Section 10.

7. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us so we can delete it.

8. International Transfers

If we transfer your information to countries outside your country of residence, we will do so in accordance with applicable law and will implement appropriate safeguards (e.g., standard contractual clauses) where required.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes (e.g., via the Service or email). Your continued use of the Service after the effective date of changes constitutes acceptance of the updated Privacy Policy. If you do not agree, you must stop using the Service.

10. Contact

For questions about this Privacy Policy or our data practices, please contact us through the Service or at info@getcarve.app.

By using Carve, you acknowledge that you have read, understood, and agree to this Privacy Policy.