editiva
Docs workflow with approval gates
Sign inBook pilot
Legal

Privacy Policy

Last updated: March 2026

1. Information We Collect

We collect the following categories of information:

  • Account information: Your email address, display name, workspace name and slug, and hashed password. Collected at registration.
  • Usage data: Pipeline actions (stage advances, approvals, rejections), token counts per work, model usage, and job execution metadata. Collected automatically as you use the platform.
  • Content: Work titles, briefs, AI-generated text, writing samples uploaded for voice fingerprinting, knowledge base documents, and review comments. Stored on your behalf to provide the service.
  • API keys (BYOK): On Pro and Team plans, encrypted API keys stored as Azure Key Vault references. Raw key values are never written to our primary database.

2. How We Use Your Information

  • Provide the service: Running the editorial pipeline, storing works and nodes, dispatching background jobs, generating exports.
  • Improve the platform: Aggregated, anonymized usage patterns help us understand which pipeline stages see the most revision cycles and where friction occurs.
  • Billing: Subscription status, plan tier, and credit usage. Payment processing is handled by Stripe — we do not store card numbers.
  • Security: Detecting unauthorized access, enforcing tenant isolation, and revoking compromised guest review tokens.

3. AI Processing Disclosure

Content you submit to the editorial pipeline is sent to third-party AI providers for generation. By using Editiva, you consent to this processing.

Default providers used when BYOK is not configured:

  • OpenAI — chat completions and embedding generation
  • Anthropic — available as an optional model provider
  • Ollama (local) — self-hosted embedding model (all-minilm) for knowledge base indexing; no data leaves your infrastructure

When BYOK is active, your content is sent directly to the provider you have configured. Editiva has no visibility into those API calls. You are responsible for reviewing the privacy policies of any provider you connect.

4. Data Retention

Account data is retained until you submit a deletion request.

Works and content are retained indefinitely unless you delete them via the application or submit a deletion request.

Job logs and agent step outputs are retained for 90 days, then automatically purged.

5. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of all personal data we hold about you.
  • Correction: Request correction of inaccurate data.
  • Deletion: Request deletion of your account and all associated content.
  • Export: Export all your works as Markdown, HTML, DOCX, EPUB, or PDF directly from the application.

6. Third-Party Services

  • Stripe — subscription billing and payment processing. Stripe's privacy policy applies to all payment data.
  • Azure Key Vault — encrypted storage of BYOK API key references.
  • AI providers — as configured by the user (see Section 3).

7. Contact

For privacy inquiries, data access requests, or deletion requests, contact us at privacy@editiva.io. We respond to all requests within 30 days.