Pertava

Privacy Policy

Effective date: January 1, 2025

Pertava, Inc. (“Pertava,” “we,” “us,” or “our”) provides an enterprise workflow intelligence platform. We are committed to data minimization and transparency. This Privacy Policy describes the limited information we collect and how we protect it.

1. Our Data Promise

  • Your data is yours. We do not use customer content to train AI models, improve models for other customers, or share it with third parties for their benefit.
  • Minimal collection. We collect only what is necessary to operate the service and fulfill our contractual obligations.
  • No selling. We never sell, rent, or trade personal information or customer content.
  • Tenant isolation. Each organization’s data is logically isolated. No cross-tenant data access occurs.

2. Information We Collect

Account information (provided by you)

  • Business email address and name (for authentication and communication).
  • Organization name and billing contact (for invoicing).

We do not require phone numbers, social profiles, demographic information, or personal data beyond what is needed to operate the service.

Customer content (provided by your organization)

Documents, communications, and workflow data your organization connects to Pertava. This content is processed solely to deliver the service to your organization — detecting changes, routing reviews, and tracking follow-up.

Service metadata (collected automatically)

  • Authentication events, feature usage, and error logs (for service operation).
  • IP address and user-agent (for security and abuse prevention only).

We do not use tracking pixels, fingerprinting, advertising cookies, or behavioral profiling. We use only strictly necessary cookies for session management.

3. How We Use Information

  • Operate and deliver the contracted service to your organization.
  • Authenticate users and enforce access controls.
  • Detect and respond to security incidents.
  • Generate aggregate, anonymized usage metrics (never at the individual level).
  • Comply with applicable legal obligations.

4. AI and Customer Content

Pertava uses AI models to process workflow data within your organization’s tenant. This processing is performed solely to deliver the service features you have contracted.

  • Customer content is never used to train or fine-tune any AI model.
  • Customer content is never shared across organizations.
  • AI outputs are generated within your tenant boundary and are not logged for model improvement.
  • You may delete your data at any time; deletion is propagated to all processing systems.

5. Sub-processors and Sharing

We use a limited set of sub-processors to operate infrastructure:

  • Cloud hosting (compute, storage, databases).
  • Payment processing (billing only — no access to customer content).
  • Transactional email (account notifications only).

Sub-processors are bound by data processing agreements and do not have access to customer content beyond what is required for infrastructure operation. We maintain a sub-processor list available upon request.

6. Data Security

  • Encryption in transit (TLS 1.3) and at rest (AES-256).
  • Tenant-level logical isolation with row-level security.
  • Role-based access control with least-privilege enforcement.
  • Audit logging of all administrative and data access events.
  • Regular third-party security assessments.

7. Data Retention and Deletion

Customer content is retained only for the duration of your subscription. Upon termination:

  • You may export your data within 30 days.
  • All customer content is permanently deleted within 90 days of contract end.
  • Account metadata is retained only as required by applicable law (e.g., invoicing records).

8. Your Rights

Depending on your jurisdiction (including under GDPR, CCPA, and similar frameworks), you or your organization’s administrator may:

  • Access, correct, or delete personal information.
  • Export data in a portable format.
  • Object to processing or request restriction.
  • Withdraw consent where applicable.

Enterprise administrators control data on behalf of their organization. Individual rights requests should be directed to your organization’s admin or to privacy@pertava.com.

9. Data Residency

Customer content is stored and processed in your selected region — Canada or the United States. Available infrastructure regions include:

  • Canada: Azure Canada Central (Toronto), AWS ca-central-1 (Montreal), GCP northamerica-northeast1 (Montreal).
  • United States: Azure US East/West, AWS us-east-1/us-west-2, GCP us-central1/us-east4.

Your organization selects a primary region at onboarding. Customer content does not leave your selected country unless your organization explicitly opts in to cross-border replication. Service metadata required for platform operation (e.g., billing, authentication) may be processed in either Canada or the United States. For organizations subject to GDPR, we offer Standard Contractual Clauses (SCCs) and data processing agreements upon request.

10. Changes to This Policy

We will notify affected organizations at least 30 days before material changes take effect. Continued use of the service after the effective date constitutes acceptance.

11. Contact

Pertava, Inc.
privacy@pertava.com

Request a demo

Turn messy updates into reviewed actions.

We follow up to schedule a demo, understand the workflow pressure you care about, and decide whether a narrow pilot makes sense.

Request a demoSee the 60-sec workflow
Request a demo