Privacy Policy
Effective Date: April 16, 2026 · Last Updated: April 16, 2026
The short version: We collect only what's needed to run the platform. We never sell your data. We never train AI on your data. Your business information stays yours.
1. Who We Are
Operave ("we," "us," "our") is a business management platform operated from Guilford, Connecticut, United States. This Privacy Policy explains how we collect, use, and protect your information when you use our website and platform at operave.com (the "Service").
Contact: operave@outlook.com
2. Information We Collect
2.1 Information You Provide
- Account information: Name, email address, and password (managed through Clerk authentication)
- Business information: Company name, industry, team size, and other details you provide during onboarding or beta application
- Waitlist/beta submissions: Email address, name, business details submitted through our landing page forms
- Payment information: Billing details processed through Stripe — we never store your full credit card number
2.2 Information from Connected Services
- Email data: When you connect your Gmail, Outlook, or IMAP inbox, we access email headers (sender, recipient, subject, date) and email body content for the purpose of categorization, lead detection, and draft generation
- OAuth tokens: We store encrypted OAuth tokens to maintain your email connection — we never see or store your email password
2.3 Automatically Collected Information
- Usage data: Pages visited, features used, actions taken within the platform
- Device data: Browser type, operating system, screen resolution
- Log data: IP address, access times, referring URLs
3. How We Use Your Information
We use your information to:
- Provide, maintain, and improve the Service
- Process email categorization, lead detection, and AI draft generation
- Generate AI-powered prospect research and outreach drafts
- Process payments and manage your subscription
- Send transactional emails (account confirmations, billing receipts, security alerts)
- Send product updates and announcements (you can opt out anytime)
- Detect and prevent fraud, abuse, and security incidents
- Comply with legal obligations
4. AI and Your Data
We do not use your data to train AI models. Your emails, contacts, leads, and business information are processed by AI (Anthropic's Claude) solely to provide the Service's features to you. Your data is not used to improve, fine-tune, or train any AI model. Anthropic's API terms prohibit training on API inputs.
5. How We Share Your Information
We do not sell, rent, or trade your personal information. We share data only with:
- Anthropic (Claude AI): Email content and prospect queries are sent to Claude's API for processing. Subject to Anthropic's privacy policy
- Supabase: Database hosting and storage. Data encrypted at rest
- Clerk: Authentication services
- Stripe: Payment processing. Subject to Stripe's privacy policy
- Law enforcement: Only when required by law, subpoena, or court order
6. Data Storage and Security
- All data is stored in Supabase (PostgreSQL) with encryption at rest
- OAuth connections use industry-standard token encryption
- All data transmission uses TLS/HTTPS encryption
- We implement rate limiting and row-level security on all database operations
- Access to production data is restricted to authorized personnel only
7. Data Retention
- Active accounts: Data is retained for the duration of your subscription
- Deleted accounts: We delete your data within 30 days of account deletion, except where required by law
- Waitlist data: Retained until you unsubscribe or the waitlist closes
- Billing records: Retained for 7 years as required by tax law
8. Your Rights
You have the right to:
- Access: Request a copy of all data we hold about you
- Correct: Update or correct inaccurate information
- Delete: Request deletion of your account and associated data
- Export: Download your data in a standard format
- Disconnect: Revoke email access at any time through your inbox provider's settings
- Opt out: Unsubscribe from marketing emails at any time
To exercise any of these rights, email us at operave@outlook.com.
9. Cookies
We use minimal cookies:
- Authentication cookies: Required to keep you logged in (essential, cannot be disabled)
- Preference cookies: Remember your settings and preferences
We do not use advertising cookies or third-party tracking cookies. We do not sell cookie data.
10. Children's Privacy
Operave is designed for business use. We do not knowingly collect information from children under 13. If you believe we have collected data from a child under 13, contact us immediately at operave@outlook.com.
11. California Residents (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act:
- Right to know what personal information is collected
- Right to delete personal information
- Right to opt out of the sale of personal information — we do not sell personal information
- Right to non-discrimination for exercising your privacy rights
12. International Users
Operave is based in the United States. If you access the Service from outside the US, your information will be transferred to and processed in the United States. By using the Service, you consent to this transfer.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a notice on the Service. Your continued use of the Service after changes constitutes acceptance of the updated policy.
14. Contact Us
If you have questions about this Privacy Policy or our data practices:
- Email: operave@outlook.com
- Location: Guilford, Connecticut, United States