Privacy Policy

1. Introduction

Aiva (“we”, “us”, or “our”) operates the website getaiva.xyz and the Aiva Clone Studio at studio.getaiva.xyz (collectively, the “Platform”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Platform.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your name, email address, and professional details you provide during onboarding. If you sign in via a third-party service (e.g. Google), we receive basic profile information from that provider.

2.2 Contributor Content

If you participate as a contributor (clone creator), you may provide materials such as documents, URLs, text, voice recordings, and interview responses. These are used solely to build and maintain your AI clone and are stored securely.

2.3 Connected Accounts

You may choose to connect third-party accounts (LinkedIn, X/Twitter) via OAuth. We store encrypted access tokens to fetch your publicly available content (posts, articles, tweets). We never access private messages, connections, or data beyond the scopes you explicitly authorise.

2.4 Voice Data

During interviews, we record your voice to create a voice clone and to transcribe your responses. Voice recordings are used exclusively for your clone and are not shared with third parties except our voice synthesis provider (ElevenLabs) for the purpose of creating your digital voice.

2.5 Usage Data

We automatically collect standard usage data such as IP address, browser type, pages visited, and timestamps. This is used to improve the Platform and is not linked to your contributor content.

3. How We Use Your Information

• To create, maintain, and improve your AI clone
• To provide voice cloning and text-to-speech capabilities
• To sync content from your connected accounts
• To operate, maintain, and improve the Platform
• To communicate with you about your account and updates
• To comply with legal obligations

4. Data Storage and Security

Your data is stored using industry-standard cloud infrastructure. OAuth tokens are encrypted at rest using AES-256-GCM encryption. We use Supabase for authentication and Turso for database storage, both of which maintain SOC 2 compliance.

Inference is handled by Anthropic under commercial API terms that contractually exclude customer inputs from model training. Aiva does not train foundation models on Contributor Content or user conversations, and does not share content across accounts or clones.

While we implement reasonable security measures, no method of electronic storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your data to the best of our ability.

5. Third-Party Services

We use the following third-party services to operate the Platform:

• Anthropic (Claude) — AI model for knowledge extraction and clone intelligence
• ElevenLabs — Voice cloning and text-to-speech synthesis
• Deepgram — Real-time speech-to-text transcription
• Supabase — Authentication and user management
• Vercel — Hosting and deployment
• Turso — Database storage

Each provider processes data in accordance with their own privacy policies. We only share the minimum data necessary for each service to function.

6. Your Rights

You have the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete data
• Delete your account and associated data
• Disconnect linked third-party accounts at any time
• Export your personal data — free, on request. Interview recordings, uploaded materials, your profile, and full transcripts can be requested any time by emailing hello@getaiva.xyz from the address on your account. We will send a JSON, Markdown, or ZIP-with-audio bundle free of charge within 30 days, in line with GDPR Articles 15 (right of access) and 20 (right to data portability).
• Withdraw consent for data processing where applicable

To exercise any of these rights, contact us at the email address below.

Note that the compiled artifacts for a clone — the system prompt, knowledge document, voice-clone metadata, and benchmark results — are works Aiva builds for you using our compute and pipeline. They are not personal data per se, and downloading them is offered as a one-time paid export ($249 per clone, capped at three downloads). The free personal-data request above is never gated, conditioned, or delayed by the paid path. See the Cloning Agreement § 7.

7. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will remove your personal data, contributor content, voice recordings, and clone data within 30 days. Some data may be retained longer where required by law.

8. Cookies

We use essential cookies for authentication and session management. We do not use advertising or tracking cookies. Third-party services may set their own cookies in accordance with their respective policies.

9. Children’s Privacy

The Platform is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the “Last updated” date above and, where appropriate, by email.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at:

privacy@getaiva.xyz