Privacy Policy

1. Information We Collect

1.1 Information You Provide to Us

Contact Information:

When you use our Services, we collect:

• Email address (for document submission and analysis delivery)
• Name and contact details (via Clerk authentication)
• Account information (including authentication tokens)

Employment Documents:

We collect documents you submit for analysis, which may include:

• Offer letters and employment contracts
• Severance packages and termination agreements
• Compensation statements and equity documents (RSUs, stock options)
• Performance reviews and other employment-related materials
• Spreadsheets containing compensation data (XLSX, XLS, CSV)

Communication Content:

We collect:

• Messages sent through our chat interface
• Emails sent to analyze@aruva.ai
• Feedback and survey responses
• Support requests and correspondence
• Draft emails created for employment negotiations

1.2 Information We Collect Automatically

Technical Information:

When you access our Services, we automatically collect:

• IP addresses and device identifiers
• Browser type and operating system
• Usage patterns and interaction data
• Log files and error reports
• Session duration and frequency

Analytics Data:

We use analytics tools to understand:

• How users interact with our Services
• Which features are most valuable
• Performance metrics and service reliability
• Document processing success rates

1.3 Gmail Integration Data (When Authorized)

When you connect your Gmail account, we access:

• Email messages related to employment matters (read access)
• Email attachments containing employment documents
• Email metadata (sender, recipient, subject, date)
• Draft emails created for employment negotiations
• Email threads and conversation history

Important: Gmail access is optional and requires your explicit authorization via OAuth 2.0. We only access emails you specifically select for analysis or drafts you create through our platform. We comply with Google's API Services User Data Policy.

2. How We Use Your Information

2.1 Primary Service Delivery

We use your information to:

• Analyze your employment documents using Claude (Anthropic) AI
• Provide personalized compensation insights and negotiation strategies
• Deliver analysis results via email or platform interface
• Generate market comparisons using Reddit and Exa search data
• Create professional draft responses for negotiations
• Maintain and improve the accuracy of our recommendations

2.2 Service Enhancement and Security

Platform Improvement:

We use aggregated, anonymized data to:

• Train and improve our AI models
• Develop new features and capabilities
• Conduct research on employment market trends
• Enhance user experience and interface design
• Optimize document processing algorithms

Security and Integrity:

We process your information to:

• Protect against fraud and abuse
• Maintain the security of our platform
• Comply with legal obligations
• Ensure service availability and performance
• Monitor for unauthorized access attempts

2.3 Communication and Support

We use your contact information to:

• Send analysis results and service updates
• Provide customer support and technical assistance
• Notify you of important changes to our Services
• Respond to your inquiries and feedback
• Send waitlist notifications and onboarding information

2.4 Gmail Data Usage

When you authorize Gmail access, we use this data solely to:

• Analyze employment-related emails at your request
• Extract employment documents from email attachments
• Draft professional responses for employment negotiations
• Provide context for strategic employment advice
• Sync employment communications for comprehensive analysis

We NEVER: Read personal emails unrelated to employment, share your email data with third parties, use email data for advertising, sell or trade email data, or retain email data after you revoke access.

3. How We Protect Your Information

3.1 Security Measures

We implement enterprise-grade security including:

Data Encryption:

• All data is encrypted in transit using TLS 1.3
• Data at rest is encrypted using AES-256
• Encryption keys are rotated regularly

Access Controls:

• Strict authentication via Clerk with 2FA support
• Role-based access control (RBAC)
• Regular access audits and reviews
• Zero-trust security model

Automated Privacy Protection:

Our systems automatically:

• Remove names, social security numbers, and other personal identifiers using Microsoft Presidio
• Implement context-aware hash identifiers for reversible anonymization
• Mask sensitive financial and personal details
• Anonymize data used for model training
• Validate PII removal before any LLM processing

Infrastructure Security:

We use secure cloud infrastructure with:

• Vercel hosting with DDoS protection
• Neon PostgreSQL with automatic backups
• Regular security audits and vulnerability assessments
• Network monitoring and intrusion detection
• Disaster recovery procedures with RPO < 24 hours

3.2 Data Minimization

We collect and retain only the information necessary to provide our Services:

• Personal identifiers are automatically removed from documents
• Analysis focuses on compensation and terms, not personal details
• Data is aggregated and anonymized for research purposes
• Raw email content is processed in memory only
• Temporary files are deleted immediately after processing

4. How We Share Your Information

4.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information or employment documents to third parties for any purpose.

4.2 Limited Sharing Scenarios

We may share your information only in these specific circumstances:

Service Providers:

We work with trusted third-party providers who assist with:

• Cloud hosting and data storage (Vercel, Neon DB)
• AI processing (Anthropic Claude, OpenAI embeddings)
• Authentication services (Clerk)
• Email delivery (Resend)
• Background job processing (Inngest)
• Analytics and performance monitoring (using anonymized data only)
• Payment processing (for future premium services)

All service providers are bound by strict confidentiality agreements and data processing agreements.

Legal Requirements:

We may disclose information when required by:

• Valid legal process or court orders
• Government requests for national security or law enforcement
• Protection of our rights, property, or safety
• Investigation of fraud or security incidents

Business Transfers:

In the event of a merger, acquisition, or sale of assets, user information may be transferred as part of the transaction, subject to the same privacy protections.

4.3 Employer and Third-Party Protection

Your employers (current or prospective) have no access to:

• Your submitted documents or analysis results
• The fact that you used our Services
• Any personal information or activity data
• Your negotiation strategies or communications

We never share information with:

• Recruitment agencies or job platforms
• HR technology vendors
• Marketing or advertising companies
• Social media platforms
• Data brokers or aggregators

4.4 Gmail Data Sharing Policy

Gmail data is NEVER shared with any third parties except:

• When required by law or valid legal process
• To protect against fraud or security threats
• With your explicit, informed consent for specific purposes

All Gmail data is processed in accordance with Google's API Services User Data Policy and our strict data minimization principles.

5. Your Privacy Rights and Choices

5.1 Access and Control

You have the right to:

• Request a copy of the personal information we hold about you
• Update or correct inaccurate information
• Request deletion of your data and analysis results
• Opt out of non-essential communications
• Export your data in a portable format
• Revoke Gmail access at any time

5.2 Data Deletion

You can request deletion of your data by:

• Emailing privacy@aruva.ai
• Using account settings to delete specific documents
• Contacting our support team at support@aruva.ai

We will delete your information within 30 days of a valid deletion request.

5.3 Regional Privacy Rights

For EU/UK Residents:

You have additional rights under GDPR/UK GDPR including:

• Right to data portability
• Right to restrict processing
• Right to object to processing
• Right to lodge complaints with supervisory authorities
• Right to withdraw consent at any time

For California Residents:

You have rights under CCPA including:

• Right to know what personal information is collected
• Right to delete personal information
• Right to opt-out of sale (though we don't sell data)
• Right to non-discrimination for exercising privacy rights
• Right to correct inaccurate personal information

For Virginia Residents:

Under VCDPA, you have the right to:

• Access and portability of personal data
• Correction of inaccurate personal data
• Deletion of personal data
• Opt-out of targeted advertising (we don't do this)

6. Data Retention

6.1 Retention Periods

We retain your information for:

• Active accounts: As long as you use our Services
• Analysis results: Until you request deletion or 2 years, whichever is sooner
• Chat history: 90 days for active conversations, then summarized
• Anonymized data: May be retained indefinitely for research and improvement
• Legal compliance: As required by applicable laws (typically 7 years for financial records)

6.2 Automatic Deletion

Our systems automatically:

• Remove personal identifiers from documents upon upload
• Delete temporary processing files after analysis completion
• Purge inactive accounts after 2 years of non-use
• Clean up orphaned data and unused embeddings monthly

6.3 Gmail Data Retention

• Email analysis results: Stored with your account data
• Raw email content: Not stored; processed in memory only
• Email attachments: Converted to anonymized documents, originals deleted
• Draft emails: Retained until sent or deleted by you
• Gmail access tokens: Automatically expire and are refreshed as needed

Immediate Deletion: When you disconnect Gmail or delete your account, all Gmail-related data is permanently deleted within 24 hours.

7. International Data Transfers

7.1 Global Operations

To provide our Services globally, we may transfer your information to:

• Secure data centers in the United States
• Trusted cloud service providers with appropriate safeguards
• Regional processing centers for improved performance

7.2 Transfer Safeguards

For international transfers, we implement:

• Standard Contractual Clauses (SCCs) for EU data
• Adequacy determinations where available
• Additional technical and organizational measures
• Regular compliance assessments
• Data localization where required by law

8. Cookies and Tracking Technologies

8.1 How We Use Cookies

We use cookies and similar technologies to:

• Remember your preferences and settings
• Analyze usage patterns and improve our Services
• Provide security features and fraud protection
• Enable core platform functionality
• Maintain session state for document analysis

8.2 Types of Cookies

• Essential cookies: Required for basic functionality
• Analytics cookies: Help us understand usage patterns
• Security cookies: Protect against unauthorized access
• Preference cookies: Remember your settings

8.3 Your Cookie Choices

You can control cookies through:

• Browser settings and preferences
• Opt-out tools for analytics cookies
• Privacy settings on our platform

Note that disabling certain cookies may limit platform functionality.

9. Children's Privacy

Our Services are designed for adults in employment situations and are not intended for individuals under 18. We do not knowingly collect personal information from children. If we discover we have collected information from a minor, we will promptly delete it. If you believe we have inadvertently collected information from a child, please contact us immediately at privacy@aruva.ai.

10. Changes to This Privacy Policy

10.1 Policy Updates

We may update this Privacy Policy to reflect:

• Changes in our Services or business practices
• New legal requirements or regulations
• Improvements in privacy protection
• User feedback and requests
• New features or integrations

10.2 Notification of Changes

We will notify you of significant changes by:

• Posting updates on our website with the new effective date
• Sending email notifications for material changes
• Providing notice through our platform interface
• Requesting renewed consent where legally required

Continued use of our Services after changes constitutes acceptance of the updated policy.

11. Contact Us

11.1 Privacy Questions

For questions about this Privacy Policy or our privacy practices, contact us at:

• Email: privacy@aruva.ai
• Subject Line: Privacy Policy Inquiry
• Response Time: We respond to privacy requests within 48 hours

11.2 Data Subject Requests

To exercise your privacy rights or request data deletion:

• Email: privacy@aruva.ai
• Subject Line: Data Subject Request
• Include: Specific request details and verification information

11.3 Security Concerns

To report security vulnerabilities or data breaches:

• Email: security@aruva.ai
• Subject Line: Security Issue
• Priority: We respond to security issues within 24 hours

11.4 General Contact

Support: support@aruva.ai
Data Protection Officer: shri@aruva.ai
Address: Aruva
62 Williams Ln, Foster City, CA 94404

12. Regulatory Compliance

We comply with applicable privacy laws including:

• General Data Protection Regulation (GDPR) - EU/UK
• California Consumer Privacy Act (CCPA) - California
• Virginia Consumer Data Protection Act (VCDPA) - Virginia
• Colorado Privacy Act (CPA) - Colorado
• Connecticut Data Privacy Act (CTDPA) - Connecticut
• Google API Services User Data Policy
• Other applicable state and federal privacy laws

Our commitment to privacy extends beyond legal requirements to include industry best practices and user expectations for employment-related services.