Privacy Policy

Effective Date: May 10, 2026 (Version 2026-05-10)

1. Scope

This Privacy Policy describes how Complete AI, Co. d/b/a Quovy handles personal information that we collect when you visit our website at quovy.com or use our AI‑powered services (the “Service”), interact with us by email or social media, and when we otherwise process personal information as a data controller.

It does not apply to personal information we process on behalf of our business customers (for example, documents or content our business customer’s users upload into our AI models). Those processing activities are governed by separate customer agreements and data processing addenda.

The Service is not intended for use by individuals for personal, family, household or other consumer purposes, and the personal information covered by this Privacy Policy pertains to people acting in a business or commercial capacity.

Individuals in the European Economic Area/United Kingdom: See our Notice to European Users for information about your personal information and data protection rights.

2. Information We Collect

We collect personal information you provide directly to us, information we gather automatically from your devices and usage of the Service, and information we obtain from third‑party sources.

Contact data. We may collect your first and last name, email address, billing and mailing address, zip code and phone number.
Account and profile information. When you create an account or sign up for the Service, we collect your name, email address, login credentials, professional role or company name, and payment information.
Communications data. We collect information about your communications with us, such as when you contact us, respond to surveys or request support. This includes the contents of your messages and any attachments.
Usage and device information. We automatically log certain data about your interactions with the Service, such as IP address, device type, operating system, browser type, referring URLs, how long you spend on a page, pages viewed, links clicked and the date/time of access. We may use cookies, local storage and web beacons to collect some of this data, as described below in the Web technologies section.
Third‑party sources. We may combine the information you provide with data from public sources, data licensors, marketing partners or social media platforms.

We do not knowingly collect personal information about children under 18. If you believe a child has provided personal information without consent, please contact us so we can delete it.

Web technologies

We and our service providers use the following technologies to facilitate some of the collection of Usage and device information described above, including to enable Service functionality and analytics on Service use.

Cookies. These are text files that websites store on a visitor's device to uniquely identify the visitor's browser or to store information or settings in the browser for the purpose of tracking user activity and patterns, helping the visitor navigate between pages efficiently, remembering preferences and whether a visitor is logged in, and improving the visitor's browsing experience. Some cookies store information only during a user session, others persist in your browser and collect data from multiple sessions. You can learn more about cookies and how to control them at www.allaboutcookies.org.
Pixels. Also known as web beacons or clear GIFs, pixels are embedded in software code or invisible as image files within webpages or HTML formatted emails and used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked, at a specific date and time using a particular device, typically to compile statistics about usage of websites and the success of marketing campaigns.
Browser web storage (including HTML5), also known as locally stored objects, which functions like cookies but enables the storage of a larger amount of data.
Flash “cookies”. Flash Cookies are small data files that are stored on your device by Adobe Flash Player. Unlike traditional cookies, Flash Cookies can store more complex data and can remain on your device for longer periods of time. They are used to remember your settings and preferences, enable enhanced functionalities, such as video playback, monitor and analyze usage and performance of our website, and prevent fraudulent activities and enhance security.

3. How We Use Information

We use the personal information we collect to:

Provide and improve the Service. We use your information to operate, maintain and improve our Service, create, manage and administer your account, communicate with you about the Service, and personalize your experience.
Process transactions. When you purchase subscriptions or paid services, we use payment data to process your transactions. Payment information is collected and processed by our payment processor (e.g., Stripe), described below.
Research, development and analytics. We may use your personal information for research, development and analytics purposes, including to analyze and improve our Service and to develop new products and services. As part of these activities, we may create aggregated, de-identified or anonymized data from personal information we collect. We make personal information into de-identified or anonymized data by removing information that makes the data personally identifiable to you. We may use this aggregated, de-identified or otherwise anonymized data and share it with third parties for our lawful business purposes, including to analyze and improve the Service and promote our business.
Marketing and communications. As permitted by applicable law, we may send you marketing communications about our Service, research surveys, promotions or updates. You may opt out at any time.
Security and legal compliance. We may use your personal information to detect and prevent fraud or misuse of our Service and to comply with our legal obligations.
Artificial intelligence and model training. We use artificial intelligence and machine learning technologies to provide and improve the Service. We do not use personal information to train our general AI or machine learning models. Any personal information processed through the Service is used solely to provide the requested functionality. We may process personal data as part of inputs submitted to the Service (for example, prompts or uploaded content) strictly to generate outputs and improve system performance. This data is not used to train models unless:
- (i) we have obtained your explicit consent, or
- (ii) another lawful basis applies.
We implement safeguards to prevent unauthorized use of personal data in AI systems, including access controls and data minimization practices.

4. How We Share Information

We may share your personal information in the following circumstances:

Service providers and partners. We work with third‑party vendors who help us operate the Service, such as hosting providers, analytics providers and payment processors. For example, we may accept payment card payments through Stripe. You can read Stripe’s privacy policy at https://stripe.com/privacy.
Business customers. If you use our Service through a business account, your employer or the organization that purchased the service may access certain of your personal information.
Legal requirements. We may disclose information if required by law or to respond to lawful requests.
Professional advisors. We may share your personal information with professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.
Corporate transactions. If we undergo a corporate divestiture, merger, consolidation, acquisition, reorganization, financing or sale of company assets (or negotiations of or due diligence for such transactions), your information may be transferred to parties to such transactions and their advisors.

5. Data Storage, Security and International Transfers

We implement appropriate technical and organizational measures (TOMs) to protect personal information against unauthorized access, disclosure, alteration, or destruction.

These measures include, but are not limited to:

Encryption of data in transit and at rest
Access controls based on least-privilege principles
Authentication and authorization mechanisms
Regular security monitoring and vulnerability assessments
Employee training on data protection and security practices
Incident response and breach notification procedures

We regularly review and update our security practices to maintain a high level of protection.

6. Your Choices

This section applies to all users. Depending on your location, you may have rights under applicable law with respect to your personal information, as described in the European privacy rights section below.

Access or update your information. If you have registered for an account with us through the Service, you may review and update certain account information and preferences by logging into the account.

Opt-out of direct marketing. You may request to opt-out of marketing emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us with your request. If you choose to opt-out of marketing emails, you may continue to receive marketing emails until your opt-out is processed, and you may continue to receive service-related and other non-marketing emails indefinitely.

Cookies. Most browsers let you remove and/or stop accepting cookies from the websites you visit. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. Please note that if you set your browser to disable cookies, certain features of the Service may not work properly. For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit www.allaboutcookies.org. You can learn more about Google Analytics, one of our analytics services we use, and how to opt-out of being tracked by Google Analytics, here: https://tools.google.com/dlpage/gaoptout?hl=en.

Pixels. Most browsers and devices allow you to configure your device to prevent pixel images from loading. To do this, follow the instructions in your browser or device settings.

Do not track signals. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” signals. To find out more about “Do Not Track,” please visit All About DNT.

7. Data Retention

We retain personal information for as long as necessary to fulfill the purposes for which we collected it, including to provide the Service, comply with our legal obligations, resolve disputes and enforce our agreements. Where we process personal information on behalf of a customer, we retain such information in accordance with the retention periods specified in our agreement with that customer. Factors determining the appropriate retention period for personal information include the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of personal information, the purposes for which we process the personal information, whether we can achieve those purposes through other means, and the applicable legal requirements. Our Service is not directed to children, and we do not knowingly collect personal information from individuals under the age of 13 (or other age as required by applicable law). If we become aware that we have collected personal information from a child without appropriate consent, we will take steps to delete such information promptly. If you believe that a child has provided personal information to us, please contact us so that we can take appropriate action.

When it is no longer needed, we will delete or de‑identify it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will isolate your personal information from any further processing, employing security safeguards designed to protect it, until deletion is possible.

8. Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the Service or other appropriate means. Any modifications to this Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). In all cases, your use of the Service after the effective date of any modified Privacy Policy indicates your acknowledgment that the modified Privacy Policy applies to your use of the Service and interaction with our business.

9. Contact Us

If you have questions or concerns about this Privacy Policy or wish to exercise your rights, please contact us at:

Complete AI, Co. d.b.a. Quovy
Attn: Privacy Officer
2261 Market Street, STE 86869
San Francisco, CA 94114
Email: privacy@quovy.com

10. Notice to European Users

The information provided in this notice applies only to individuals in the United Kingdom (“UK”), the European Economic Area (“EEA”) and Switzerland (we collectively refer to these countries as “Europe”).

The personal information that we collect from you is identified and described in greater detail in the section of the Privacy Policy entitled Personal information we collect.

Controller. Complete AI, Co. d/b/a Quovy is the controller of your personal information described in this Privacy Policy. See the contact us section above for contact details.

Legal bases for processing. European data protection law requires that we have a “legal basis” for each purpose for which we process your personal information. Depending on the purpose for collecting your information, we may rely on one of the following legal bases:

The processing is necessary to perform a contract that we are about to enter into, or have entered into, with you (“Contractual Necessity”).
The processing is necessary to pursue our legitimate interests or those of a third party and we are confident that your privacy rights will be appropriately protected (“Legitimate Interests”).
We need to comply with laws or to fulfill certain legal obligations (“Compliance with Law”).
We have your specific consent to carry out the processing for the purpose in question (“Consent”). Generally, we do not rely on Consent as a legal basis for processing your personal information other than in the context of direct marketing communications where required by applicable law.

The table below identifies the legal bases we rely on in respect of the relevant purposes for which we use your personal information. For more information on these purposes and the categories of personal information involved, see the section in the Privacy Policy entitled How we use your personal information.

Processing purpose	Personal information processed	Legal basis
Provide and improve the Service	Contact data Account and profile information Communications data Usage and device information	Contractual Necessity. If we have not entered a contract with you, we process your personal information based on our Legitimate Interests (in providing the Service you access or request and in operating, providing and improving our business).
Process transactions	Contact data Account and profile information Usage and device information	Contractual Necessity. If we have not entered a contract with you, we process your personal information based on our Legitimate Interests.
Research, development and analytics	Contact data Account and profile information Communications data Usage and device information	Our Legitimate Interests (in analyzing and improving our Service and our business).
Marketing and communications	Contact data Account and profile information Communications data Usage and device information	Our Legitimate Interests (in promoting our products and services through marketing communications). In circumstances or in jurisdictions where consent is required under applicable data protection laws, we rely on your Consent to send direct marketing communications.
Security and legal compliance	All data relevant in the circumstances	Compliance with Law (where processing is necessary to comply with our legal obligations). Otherwise, we rely on our Legitimate Interests (in protecting our, your or others’ rights, privacy, safety or property).
Sharing your personal information as described in this Privacy Policy	Contact data Account and profile information Communications data Usage and device information	We use the original legal basis relied upon if the relevant further use is compatible with the initial purpose for which the personal information was collected. Otherwise, we rely on your Consent.

Use for new purposes. We may use your personal information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis.

Sensitive personal information. We do not collect sensitive or special categories of personal data as defined under European privacy laws (e.g., information related to racial or ethnic origin, political opinions, religious or philosophical beliefs, health, biometrics or genetic characteristic, criminal background, or trade union membership) and ask that you do not provide us with any such information.

Your rights. European data protection laws give individuals in Europe the following rights regarding their personal information:

Right of access. You can ask us to provide you with information about our processing of your personal information and give you access to your personal information.
Right to rectification. If the personal information we hold about you is inaccurate or incomplete, you are entitled to request to have it rectified.
Right to erasure. You can ask us to delete or remove your personal information where there is no lawful reason for us continuing to store or process it, where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal information to comply with local law.
Right to restrict processing. You can ask us to suspend the processing of your personal information:
- if you want us to establish the information’s accuracy;
- where our use of the information proves to be unlawful but you do not want us to erase it;
- where you need us to hold the information even if we no longer require it as you need it to establish, exercise or defend legal claims;
- if you have objected to our use of your information but we need to verify whether we have overriding legitimate grounds to use it.
Right to object. You can object to our processing of your personal information where we are relying on a legitimate interest (or those of a third party) and you believe it impacts your fundamental rights and freedoms. You also have the right to object where we are processing your personal information for direct marketing purposes.
Right to data portability. You have the right, in certain circumstances, to ask us to provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format.
Right to withdraw consent at any time. Where we are relying on consent to process your personal information, you have the right to withdraw your consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.

Exercising those rights. Some of these rights may be limited where we have an overriding interest or legal obligation to continue to process the personal information or where certain exemptions apply. If we decline your request, we will tell you why, subject to legal restrictions.

To exercise any of these rights, please contact us. We may request specific information from you to help us confirm your identity and process your request.

Your right to lodge a complaint with your supervisory authority. If you are not satisfied with our response to a request you make, or how we process your personal information, you can make a complaint to the data protection regulator in your habitual place of residence.

For users in the EEA: The contact information for the data protection regulator is below.

Adam Brogden
contact@gdprlocal.com
Tel +353 01 554 9700
Instant EU GDPR Representative Ltd.
Office 2
12A Lower Main Street, Lucan Co.
Dublin K78 X5P8
Ireland

For users in the UK: The contact information for the UK data protection regulator is below:

Adam Brogden
contact@gdprlocal.com
Tel +44 1772 217800
1st Floor Front Suite
27-29 North Street, Brighton
England

International data transfers. We may transfer your personal information to a country outside of Europe that is not recognized as providing an adequate level of protection for personal information by the relevant government body. In these cases, we take appropriate safeguards to ensure your personal information remains protected in accordance with this Privacy Policy and applicable laws by entering into appropriate data transfer mechanism permitted under Article 46 of the GDPR / UK GDPR (as applicable), such as the European Commission’s Standard Contractual Clauses or the UK International Data Transfer Addendum (as applicable). A copy of our data transfer mechanism can be provided on request.