1. General
Solva Technology Inc. (“Solva”, “we”, “our”, or “us”) is committed to protecting your privacy.
This Privacy Policy explains how we collect, use, store, and protect personal data when you interact with our websites, products, and services (collectively, the “Services”). This policy applies to all our data processing activities, and we are dedicated to handling your data with care and in compliance with applicable data protection laws, including the GDPR, and UK GDPR.
2. Our Role as Data Controller and Processor
It is important to understand our role in handling your data.
When you use our Services to process data by uploading or submitting files (e.g. claims files, invoices, images, or other documents), you are the Data Controller, and Solva acts as the Data Processor. Such circumstances derive from a contractual relationship where we are bound by your instructions allowing certain usage of your personal data. These instructions are outlined in our agreement(s) with you (e.g. Cloud Service Agreement, Terms of Service & Data Processing Agreement). We will not illegally process any personal data even if instructed to do so.
When visiting our website or when we administrate your account (i.e. account management, billing or marketing), we collect personal data directly from you, such as your name, email address, or browsing activity on our website, Solva is the Data Controller, and thus responsible for legal processing of the personal data.
In instances where your Personal Data is being processed within Solva AI by your Insurance Company, the Insurance Company is the Data Controller responsible for your personal data, and we are a supplier and Data Processor in relation to the Insurance Company processing your personal data on their behalf bound by their provided instructions. For these instances, you should direct any questions or objections you have on the personal data processing to your Insurance Company.
3. Data We Collect
We collect data in the following categories:
Customer Data: As a Processor, we may process any personal data contained within the content you upload to our Services. That includes but is not limited to the following categories: name, address, social security number, financial & health data.
User Account Data: We collect information necessary to create and maintain your user account, including your name, email address, company name, job title, and login credentials.
Usage and Technical Data: We collect technical information about how you interact with our Services, such as IP addresses, device information, browser type, and platform activity data. This helps us maintain and improve the Services.
Website and Marketing Data: When you visit our website or interact with our marketing communications, we may collect your contact information (if you provide it via a form) and information via cookies and similar technologies.
4. How We Use Personal Data
We use your personal data for the following purposes:
• To Provide the Services: We use Customer Data and User Account Data to operate, maintain, and provide the core functionality of the Services to you, fulfill our contractual obligations, and provide customer support.
• To Improve Our Services: We use aggregated and anonymized Usage and Technical Data to analyze performance, enhance security, and improve the features of our Services. We do not use your confidential Customer Data to train our general AI models.
• For Business Operations: We use User Account Data for billing, account management, and communicating important service-related notices.
• For Marketing: With your consent where required, we may use your contact information to send you information about our products and services. You can opt out at any time.
Personal Data is processed in accordance with the applicable customer agreement and geographically where the customer is located. Should the customer be located in different regions, Our geographical processing of personal data follows the respective location(s).
Data sharing and international transfers of customer data are governed by Sections 5 and 6 of this Privacy Policy and the applicable contractual safeguards.
Our legal basis for processing data includes contractual necessity, our legitimate business interests (e.g., in maintaining a secure and functional service), legal compliance, and your consent where applicable.
5. Data Sharing and Disclosure
We do not sell personal data.
We may share data under the following limited circumstances:
• Service Providers: We share data with trusted third-party vendors who act as sub-processors to help us operate the Services. These providers, who can be found in Solva’s Security Center, are bound by strict confidentiality and data protection terms. Prior to sharing any data with our Service Providers, we always conduct a Data Protection Impact Assessment to proportionally and properly assess and mitigate any risks associated with the data processing.
• Legal Requirements: We may disclose data if required by law, subpoena, or other legal process, or if we have a good-faith belief that disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business Transfers: If Solva is involved in a merger, acquisition, or sale of all or a portion of its assets, your data may be transferred as part of that transaction, subject to standard confidentiality agreements. If such an occurrence is realized, you will be informed.
6. International Data Transfers
Your personal data may be transferred to and processed in countries other than your country of residence, including the United States. In line with our aim to protect your personal data, we will always ensure proportionate safeguards are in place before transfer is conducted.
Where personal data originating in the EU, EEA, or the UK is transferred to a recipient outside the aforementioned region(s), we ensure that such transfers are subject to appropriate safeguards in accordance with the GDPR and EU guidelines. This is conducted in reliance on one or more of the following mechanisms, as applicable:
• The Standard Contractual Clauses adopted by the European Commission, incorporated into our contracts with the relevant data recipients.
• Where required, the implementation of supplementary technical and organizational measures designed to ensure a level of protection essentially equivalent to that guaranteed under EU data protection law.
Prior to any such transfer, we conduct a Transfer Impact Assessment to evaluate the legal and practical risks associated with the transfer and to determine whether additional safeguards are necessary. Solva periodically reviews these assessments and its transfer mechanisms to ensure ongoing compliance with applicable data protection requirements.
Access to EU/EEA and UK personal data from the United States, where it occurs, is limited, exceptional, and undertaken solely for defined support or maintenance purposes, subject to strict access controls, logging, and confidentiality obligations.
7. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected. For Customer Data, we will retain the data for the duration of our contract with you and, as stated in our Terms of Service, will delete it within 60 days of the contract's termination, unless you instruct us otherwise or as required by law. User Account Data is retained for as long as your account is active and for a reasonable period thereafter for operational or legal purposes.
8. Security
Solva implements and maintains robust technical and organizational measures to protect personal data against unauthorized access, loss, or destruction. These measures include access controls, end-to-end encryption, and regular security assessments. Solva maintains an information security management system that is ISO 27001 certified. We are also preparing a SOC 2 Type II report.
9. Your Data Rights
If you are a citizen of a EU/EEA Member State or the UK, per the GDPR and UK GDPR you have the following rights regarding your personal data:
• The right to access a copy of your personal data.
• The right to rectify inaccurate data.
• The right to erase your data (“right to be forgotten”).
• The right to restrict or object to certain types of processing.
• The right to data portability (to receive your data in a machine-readable format).
• The right to withdraw consent at any time, where consent is our legal basis for processing.
• The right to lodge a complaint with your competent supervisory authority.
To exercise these rights, please contact us at the address below and we will act upon it without undue delay. If your request pertains to Customer Data for which we are a Processor, we will forward your request to the relevant Data Controller (our customer). If your request is related to an insurance claim, please contact your Insurance Company.
10. Cookies and Analytics
Our website uses cookies and similar technologies to ensure core functionality, enhance user experience, and analyze website usage.
Where required by applicable law, we request your consent before placing non-essential cookies on your device. You may give, refuse, or withdraw your consent at any time through our cookie consent banner or by accessing the cookie settings link available on our website.
You can also find detailed information about the cookies we use, their purpose, and their duration in our cookie settings interface.
11. Policy Updates
We may update this Privacy Policy periodically. If we make substantial material changes, we will notify you through the Services or by email. Your continued use of the Services after an update constitutes your acceptance of the revised policy.
12. Contact Information
For legal notices or questions about these Terms, please contact us:
Solva Technology Inc.
165 Mercer St
New York, NY 10012
United States
Email: contact@solvatechnology.com
