← Back to home

Privacy Policy

Last updated: March 28, 2026

1. Introduction

cvlSoft, LLC (“cvlSoft,” “we,” “our”) operates the AIOS platform and the cvlsoft.net, cvlsoft.com, and cvlsoft.ai websites (collectively, the “Services”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, request a demo, or use our platform.

By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Services.

2. Information We Collect

Personal Information: When you request a demo, contact us, or create an account, we may collect your name, email address, phone number, company name, job title, and mailing address.

Usage Data: We automatically collect information about how you interact with our website, including IP address, browser type and version, operating system, device identifiers, referring URLs, pages visited, time spent on pages, and clickstream data.

Platform Data: For AIOS platform customers, we process workflow definitions, execution logs, configuration data, and usage metrics as defined in your service agreement. Customer data processed by AIOS workflows is governed by your Data Processing Agreement (DPA).

Communications: When you contact us via email, phone, or our website forms, we retain the content of those communications along with your contact information to respond and maintain records.

3. Legal Basis for Processing

We process your personal information based on the following legal grounds:

  • Contract Performance: Processing necessary to provide the Services you have requested or to take steps at your request before entering into an agreement.
  • Legitimate Interest: Processing necessary for our legitimate business interests, such as improving the Services, preventing fraud, and ensuring platform security, where those interests are not overridden by your rights.
  • Consent: Where you have given explicit consent for a specific processing activity, such as receiving marketing communications.
  • Legal Obligation: Processing necessary to comply with applicable laws, regulations, or legal proceedings.

4. How We Use Your Information

  • To provide, maintain, operate, and improve our platform and Services
  • To process demo requests and communicate with you about our products and services
  • To send you technical notices, security alerts, and support messages
  • To respond to your inquiries and provide customer support
  • To comply with legal obligations and enforce our Terms of Service
  • To detect, investigate, and prevent fraudulent, unauthorized, or illegal activity
  • To monitor and analyze trends, usage, and activities in connection with the Services
  • To personalize and improve your experience with the Services

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share information in the following circumstances:

  • Service Providers: We share information with trusted third-party service providers who assist in operating our platform (cloud infrastructure, analytics, email delivery, payment processing) under strict confidentiality and data processing agreements.
  • Legal Requirements: We may disclose information if required to do so by law, regulation, legal process, or governmental request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control.
  • With Your Consent: We may share your information with third parties when you have given us explicit consent to do so.

6. Sub-Processors

We use a limited number of third-party sub-processors to help deliver the Services. These may include cloud hosting providers, monitoring and analytics services, email delivery platforms, and payment processors. Each sub-processor is bound by data processing agreements that require them to protect your data to standards no less protective than those described in this policy. A current list of sub-processors is available upon request to platform customers.

7. Data Security

We implement robust, industry-standard security measures to protect your information, including:

  • AES-256-GCM encryption for credentials, secrets, and sensitive data at rest
  • TLS 1.2+ encryption for all data in transit
  • Per-tenant data isolation ensuring strict separation between customers
  • Role-based access controls (RBAC) and principle of least privilege
  • Compliance-grade audit logging of all platform actions
  • Regular security assessments and vulnerability testing

Despite these measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to protecting your information using commercially reasonable safeguards.

8. Data Breach Notification

In the event of a data breach that affects your personal information, cvlSoft will notify affected individuals and relevant regulatory authorities as required by applicable law. We will provide notification without unreasonable delay and no later than seventy-two (72) hours after becoming aware of a breach where feasible. Notification will include the nature of the breach, the types of data affected, steps taken to address the breach, and recommended actions for affected individuals.

9. Data Retention

We retain personal information for as long as necessary to fulfill the purposes outlined in this policy, comply with legal obligations, resolve disputes, and enforce our agreements. Specifically:

  • Account data: Retained for the duration of your account and for a reasonable period thereafter for legal and audit purposes.
  • Usage data: Retained in identifiable form for up to twenty-four (24) months, then aggregated or anonymized.
  • Platform data: Retained in accordance with your service agreement and DPA.
  • Communication records: Retained for up to thirty-six (36) months for support and compliance purposes.

Platform customers may request deletion of their data at any time in accordance with their service agreement. Upon account termination, we will delete or anonymize your data within a commercially reasonable period unless retention is required by law.

10. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data, subject to legal retention requirements.
  • Portability: Request a machine-readable copy of your data for transfer to another service.
  • Restriction: Request that we restrict processing of your data in certain circumstances.
  • Objection: Object to processing based on legitimate interest or for direct marketing purposes.
  • Withdraw Consent: Where processing is based on consent, you may withdraw that consent at any time.

To exercise any of these rights, contact us at privacy@cvlsoft.net. We will respond to verified requests within thirty (30) days. We will not discriminate against you for exercising your privacy rights.

11. California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with additional rights:

  • Right to Know: You have the right to request disclosure of the categories and specific pieces of personal information we have collected, the sources of collection, the business purposes, and the categories of third parties with whom we share it.
  • Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
  • Right to Correct: You have the right to request correction of inaccurate personal information.
  • Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising purposes.
  • Right to Limit Use of Sensitive Personal Information: You may request that we limit our use of sensitive personal information to what is necessary to provide the Services.
  • Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To submit a request, email privacy@cvlsoft.net with the subject line “California Privacy Request.” We may need to verify your identity before processing your request.

12. International Data Transfers

cvlSoft is headquartered in the United States. If you access the Services from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. These countries may have data protection laws that differ from those of your jurisdiction.

Where required by applicable law, we implement appropriate safeguards for international data transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission, or other lawful transfer mechanisms. By using the Services, you consent to the transfer of your information as described in this policy.

13. Automated Decision-Making

The AIOS platform may use automated processing, including artificial intelligence and machine learning, to execute workflows and make operational decisions on behalf of customers. These automated processes operate under customer-defined policies and approval gates.

We do not use automated decision-making that produces legal or similarly significant effects on individuals without human oversight. Platform customers maintain control over approval gates and can configure human-in-the-loop requirements for any workflow.

14. Children’s Privacy

The Services are not intended for individuals under the age of 16 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without appropriate consent, we will take steps to delete that information promptly. If you believe we have inadvertently collected information from a child, please contact us at privacy@cvlsoft.net.

15. Cookies and Tracking Technologies

We use the following types of cookies and similar tracking technologies:

  • Essential Cookies: Required for the operation of our website and platform. These cannot be disabled.
  • Analytics Cookies: Help us understand how visitors interact with our website so we can improve the user experience. These are collected in aggregate form.
  • Functional Cookies: Remember your preferences and settings to provide a personalized experience.

We do not use advertising or cross-site tracking cookies. You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the Services.

16. Do Not Track Signals

Some browsers transmit “Do Not Track” (DNT) signals. As there is no industry-standard interpretation of DNT signals, our website does not currently respond to DNT signals. However, we do not engage in cross-site tracking of our users.

17. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on this page, updating the “Last updated” date, and where required by law, providing direct notification via email. Your continued use of the Services after any changes constitutes acceptance of the updated policy.

18. Contact Us

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about our data practices, contact us at:

cvlSoft, LLC
Email: privacy@cvlsoft.net
General: hello@cvlsoft.net

If you are not satisfied with our response, you may have the right to lodge a complaint with your local data protection authority.