Privacy Policy

We collect the following categories of information:

• Account information: Your email address, display name, workspace name and slug, and hashed password. Collected at registration.
• Usage data: Pipeline actions (stage advances, approvals, rejections), token counts per work, model usage, and job execution metadata. Collected automatically as you use the platform.
• Content: Work titles, briefs, AI-generated text, writing samples uploaded for voice fingerprinting, knowledge base documents, and review comments. Stored on your behalf to provide the service.
• AI Gateway configuration: Centrally managed Azure-hosted model and embedding deployment settings. Tenant-provided LLM keys are not accepted for generation.

• Provide the service: Running the editorial pipeline, storing works and nodes, dispatching background jobs, generating exports.
• Improve the platform: Aggregated, anonymized usage patterns help us understand which pipeline stages see the most revision cycles and where friction occurs.
• Billing: Subscription status, plan tier, and credit usage. Payment processing is handled by Stripe — we do not store card numbers.
• Security: Detecting unauthorized access, enforcing tenant isolation, and revoking compromised guest review tokens.

Content you submit to the editorial pipeline is processed through Editiva's centrally managed AI Gateway using Azure-hosted model and embedding deployments. By using Editiva, you consent to this processing.

AI processing is limited to configured Azure-hosted deployments:

• Azure-hosted AI Gateway — chat completions, streaming generation, structured review output, and embedding generation

Tenant-supplied endpoints and tenant-supplied LLM keys are not used for active generation. Operational telemetry records provider, model, token counts, latency, and error type, but not raw prompts or completions.

Sub-processors: the Azure AI Gateway forwards prompts to one or more of OpenAI, Anthropic, or self-hosted Ollama depending on the model selected. Each upstream provider's privacy terms govern retention of the prompts and completions generated through it. Editiva does not retain content for training upstream models.

Editiva attaches a machine-readable AI-generation marker to every CMS publish and every export, in accordance with EU AI Act Article 50(2). Per-tenant disclosure mode and human-approval gating are configured in Settings › Compliance. When Editiva crawls third-party sites for your knowledge base or inspiration sources, it honours robots.txt, the noai meta tag, and AI-targeted user-agent opt-out signals as required by EU copyright law.

Account data is retained until you submit a deletion request.

Works and content are retained indefinitely unless you delete them via the application or submit a deletion request.

Job logs and agent step outputs are retained for 90 days, then automatically purged.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of all personal data we hold about you.
• Correction: Request correction of inaccurate data.
• Deletion: Request deletion of your account and all associated content.
• Export: Export all your works as Markdown, HTML, DOCX, EPUB, or PDF directly from the application.

• Stripe — subscription billing and payment processing. Stripe's privacy policy applies to all payment data.
• Azure Key Vault / configuration secrets — protected storage for centrally managed AI Gateway credentials.
• Azure-hosted AI Gateway — centrally configured model and embedding processing (see Section 3).

For privacy inquiries, data access requests, or deletion requests, contact us at privacy@editiva.io. We respond to all requests within 30 days.