1. Information We Collect

We collect information that you provide directly to us and information that is automatically collected when you use our Service.

1.1 Information You Provide

• Account Information: When you create an account, we collect your email address, name, and password (stored securely with encryption).
• Website Information: The domain name or URL of your WordPress site (if you connect one).
• Payment Information: When you purchase tokens, our payment processor collects your payment details. We do not store complete credit card numbers on our servers.

1.2 Automatically Collected Information

• Usage Data: We log each AI request including timestamp, token cost, and basic context (e.g., which feature was used).
• Site Snapshot Data: When you enable the site snapshot option, we process WordPress version, PHP version, active theme, and plugin list to provide context-aware answers.
• Page Inspector Data: HTML structure, CSS summaries, and page metadata submitted during Page Inspector analysis.
• Technical Information: IP addresses, browser type, device information, and usage patterns for security and analytics purposes.

2. How We Use Your Information

We use the collected information for the following purposes:

• Provide the Service: Process AI requests and deliver debugging guidance, page analysis, and developer assistance.
• Account Management: Create and maintain your account, process token purchases, and manage your subscription.
• Usage Tracking: Monitor token consumption, enforce rate limits, and provide usage statistics in your dashboard.
• Security & Fraud Prevention: Detect and prevent abuse, unauthorized access, and fraudulent activity.
• Service Improvement: Analyze usage patterns to improve features, accuracy, and performance.
• Communication: Send you service-related notifications, billing updates, and respond to your support requests.

3. Information Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

• Third-Party AI Providers: When you use Cloud Mode (prepaid tokens), we send your chat messages and page data to AI providers (e.g., OpenAI or Anthropic) to generate responses. When you use BYO Mode, your data is sent directly from your WordPress admin to the provider you configured — we are not involved.
• Payment Processors: We use third-party payment processors to handle token purchases. They receive necessary payment information according to their own privacy policies.
• Legal Requirements: We may disclose information when required by law or to protect the rights and safety of our users or the public.

We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

4. Data Retention

• Account Data: Retained while your account is active. Deleted upon account deletion request.
• Usage Logs: Stored for up to 90 days for billing verification and abuse monitoring, then archived or deleted.
• Page Inspector Data: Processed transiently and not stored beyond the active session.

5. Data Security

We implement appropriate technical and organizational measures to protect your information:

• Passwords are hashed using industry-standard algorithms
• API keys and sensitive data are encrypted at rest using AES-256-CBC
• All API requests are server-side only — keys are never exposed to the browser
• Data transmission is encrypted using TLS/SSL
• Access to personal information is restricted to authorized personnel

No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Update or correct inaccurate information in your account settings
• Deletion: Request deletion of your account and associated data
• Data Portability: Request a copy of your data in a portable format
• Opt-Out: Unsubscribe from marketing communications

To exercise these rights, contact us at support@nuviaai.cloud. We will respond to your request within 30 days.

7. Cookies and Tracking

We use cookies and similar technologies to maintain your login session, remember your preferences, and analyze usage patterns. You can control cookies through your browser settings, but some features may not function properly if cookies are disabled.

8. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

9. Children's Privacy

Our Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. These countries may have different data protection laws. By using the Service, you consent to such transfers.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page with an updated "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us: