Privacy Policy

Last updated: May 27, 2026  ·  Effective: May 27, 2026

1. Who We Are

PREUVU ("PREUVU", "we", "our", or "us") is a compliance technology company that operates the PREUVU Digital Notary platform, available at preuvu.com and through the PREUVU mobile and desktop applications. PREUVU is headquartered in Washington State, USA, and is operated by Nsite.Tech.

This Privacy Policy applies to all PREUVU products and services, including the website, web application, iOS app, Android app, and desktop applications.

For privacy inquiries, contact us at: privacy@preuvu.com

2. Information We Collect

Account information

When you create a PREUVU account we collect: business name, contact email address, phone number, industry type, and a Business ID. If you register via Apple Sign-In or Google Sign-In we receive your name and email address from that provider.

AI compliance session data

When you create a compliance certificate we store:

• A SHA-256 hash of your prompt and AI response (used for certificate verification)
• The AI model and provider used
• The date and time of the session
• The human-edit percentage score
• The document title you provide

Your full prompt text and AI response text are stored encrypted at rest using AES-256. They are accessible only by your account and are not read by PREUVU personnel except in response to a valid legal process.

Billing information

We use Stripe to process payments. We store your Stripe customer ID. We do not store credit card numbers, CVV codes, or bank account numbers — all payment data is handled by Stripe, which is PCI-DSS Level 1 compliant.

Usage and diagnostic data

We collect standard server logs including: IP address, browser type and version, pages visited, features used, timestamps, and error reports. This data is used for security monitoring and platform improvement.

Uploaded documents

If you use the document scanner, document import, or identity verification feature, uploaded files are stored encrypted at rest and associated only with your account. They are not used to train AI models and are not shared with third parties except as described in this policy.

3. How We Use Your Information

• To issue, store, and support public verification of compliance certificates
• To authenticate your identity and secure your account
• To process payments and manage your subscription
• To send transactional emails (account confirmation, certificate delivery, billing receipts, hold notices)
• To send SMS verification codes if you enable two-factor authentication
• To detect and prevent fraud, abuse, and security incidents
• To improve the platform using aggregated, anonymized analytics
• To comply with applicable laws and legal obligations

We do not use your data to train AI models. We do not serve behavioral advertising.

4. Certificate Verification & Public Records

PREUVU certificates are designed to be publicly verifiable — this is a core feature of the service. When you issue a certificate, the following metadata becomes publicly accessible via the certificate verification page (preuvu.com/?route=verify):

• Document title
• Certificate ID
• Date and time of certification
• AI model used
• Human edit percentage
• Verification status (valid / revoked / not found)

The full content of the document — the actual prompt text and AI response — is not publicly displayed. Only the metadata listed above is shown during verification.

Because the purpose of a certificate is to allow third parties to verify authenticity, we cannot guarantee removal of certificate metadata from our verification system. To request removal of a certificate from public verification, contact privacy@preuvu.com and provide your legal basis for the request.

5. Data Sharing

We do not sell, rent, or trade your personal information. We share data only in the following limited circumstances:

• Stripe — payment processing. Stripe Privacy Policy ↗
• SendGrid (Twilio) — transactional email delivery. Privacy Policy ↗
• Twilio — SMS verification codes. Privacy Policy ↗
• AI providers (Anthropic, OpenAI, HuggingFace) — when you run AI sessions, your prompts are sent to the AI provider using your own API key. PREUVU does not proxy or store your API keys. Each provider has its own privacy policy governing how they handle prompt data.
• Law enforcement / legal process — we may disclose information when required by a valid subpoena, court order, or other legal process, or when we believe in good faith that disclosure is necessary to prevent harm, fraud, or illegal activity.
• Business transfers — in the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity. We will provide notice before your data is transferred and becomes subject to a different privacy policy.

6. Data Retention

Account data is retained for the duration of your active subscription plus 30 days after cancellation. During that 30-day window you can export all of your data from Settings → Export Data. After 30 days, your account and all associated data are permanently deleted from our systems.

Issued certificate metadata (hashes, timestamps, document titles) is retained indefinitely to support public verification. This is a core feature of the service — a certificate that cannot be verified has no evidentiary value. To request removal of specific certificate records, contact privacy@preuvu.com with your legal basis.

Server logs are retained for 90 days and then automatically purged.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your account and associated personal data
• Portability: Export your session data in JSON format from Settings → Export Data
• Objection / restriction: Object to or request restriction of certain processing activities
• Withdraw consent: Where our processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal
• Complaint: Lodge a complaint with your local data protection authority

To exercise any of these rights, email privacy@preuvu.com. We will acknowledge your request within 5 business days and respond within 30 days.

8. California Privacy Rights (CCPA / CPRA)

California residents have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

We do not sell or share personal information for cross-context behavioral advertising. You have the right to:

• Know what personal information is collected about you and how it is used and disclosed
• Delete personal information we have collected (subject to exceptions for legally required records)
• Correct inaccurate personal information
• Opt out of the sale or sharing of personal information (we do not sell PI)
• Limit the use and disclosure of sensitive personal information
• Non-discrimination for exercising your CCPA/CPRA rights

To submit a California privacy request, email privacy@preuvu.com with "CCPA Request" in the subject line. You may also authorize an agent to submit requests on your behalf.

9. Security

We implement industry-standard technical and organizational security measures, including:

• TLS 1.2+ encryption for all data in transit
• AES-256 encryption for sensitive data at rest
• Secrets and API keys stored in environment variables, never in source code
• Access controls and role-based permissions for all administrative systems
• Audit logging for administrative actions
• Regular dependency security audits

No system is completely secure. If you discover a security vulnerability in PREUVU, please report it responsibly to security@preuvu.com before public disclosure. We commit to acknowledging reports within 48 hours.

10. Children's Privacy

PREUVU is a business compliance tool intended for use by adults aged 18 and older. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected information from a child under 13, please contact privacy@preuvu.com immediately and we will delete it.

11. International Data Transfers

PREUVU is based in the United States. If you access our services from outside the United States, your information will be transferred to and processed in the United States, which may have data protection laws that differ from those in your country.

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the legal mechanism for international data transfers where required.

12. Cookies & Tracking

PREUVU uses a minimal set of cookies necessary to operate the service:

• Session cookies: Required to keep you logged in during your session. These are deleted when you close your browser.
• Preference cookies: Store your in-app settings (e.g., dark mode preference). These persist until cleared.

We do not use advertising cookies, third-party tracking pixels, or behavioral analytics services (e.g., Google Analytics). We do not share cookie data with advertising networks.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email and by displaying a prominent notice in the application at least 30 days before the changes take effect. The "Last updated" date at the top of this page will always reflect the most recent revision.

Continued use of PREUVU after the effective date of any changes constitutes your acceptance of the updated policy.

14. Contact Us

For privacy inquiries, data requests, or to report a concern:

• Email: privacy@preuvu.com
• Security disclosures: security@preuvu.com
• General support: support@preuvu.com
• Mail: PREUVU Privacy Team, Nsite.Tech, Washington State, USA