Our role
Caviyard, Inc. is the data controller for the personal data processed in the products we build and operate under the Caviyard name. We decide what is collected and why, and we are accountable for protecting it. We are based in the United States and process data in the United States and in other countries where our providers operate.
Service providers
We rely on a small number of vetted service providers that process personal data only on our instructions and under written agreements. These cover infrastructure and hosting, email delivery, analytics, and age and identity verification. We review the list as it changes and hold each provider to security and privacy commitments.
Cross-border transfers
Where personal data leaves the region in which it was collected, we use appropriate safeguards, including the Standard Contractual Clauses and the additional measures the applicable rules require.
Data retention
Personal data is retained only for as long as it is needed for the purpose it was collected, then deleted or irreversibly anonymized. Backups age out on a documented schedule. Safety and verification records are kept for the period our legal and safety obligations require.
Your rights
The rights you have over your personal data, including access, correction, and deletion, are described on our Privacy page. To exercise them, write to privacy@caviyardcorp.com.