Privacy Policy

Last Updated: April 21, 2025

CORVERNA PROVIDES THIRD-PARTY PRESENCE DOCUMENTATION ONLY. IT DOES NOT VERIFY IDENTITY, ENSURE ACCURACY, OR GUARANTEE LEGAL ADMISSIBILITY. USE OF THIS SERVICE EXPLICITLY ACKNOWLEDGES AND AGREES TO THIS LIMITATION.

Important Notice: This Privacy Policy describes how Corverna collects, uses, and discloses your personal information when you use our services. Please read this policy carefully to understand our practices regarding your personal data and how we will treat it. This policy is subject to change without notice.

1. Introduction

At Corverna ("Company", "we", "our", "us"), we respect your privacy and are committed to protecting your personal data. This Privacy Policy will inform you about how we look after your personal data when you visit our website or use our services and tell you about your privacy rights and how the law protects you.

Our services provide third-party observation and documentation through independent contractors. We understand the sensitive nature of this work and have implemented strict privacy and security measures accordingly.

2. Information We Collect

We collect several different types of information for various purposes to provide and improve our service to you:

2.1 Personal Information

When you use our services, we may collect:

Account Information: Name, email address, phone number, and payment information
Service Information: Addresses and locations where documentation is requested, specific instructions for documentation, and scheduling preferences
Documentation: Photos, videos, and written observations created by our independent contractors during service provision
Communication Records: Records of your communications with us and our contractors
User Location Data: IP address and location information when using our app
Device Information: Phone model, operating system, and other device characteristics

2.2 Contractor Information

For our independent contractors, we collect:

GPS Location Data: Location tracking during active assignments
Performance Data: Completion rates, client ratings, and other metrics
Media Content: Photos, videos, and metadata created during assignments

2.3 Usage Data

We may also collect information about how you access and use our website and services:

IP address and browser information
Pages of our website that you visit
Time and date of your visit
Time spent on those pages
Device information

3. How We Use Your Information

We use the collected data for various purposes:

To provide and maintain our service
To notify you about changes to our service
To allow you to participate in interactive features of our service
To provide customer support
To gather analysis or valuable information so that we can improve our service
To monitor the usage of our service
To detect, prevent and address technical issues
To fulfill any other purpose for which you provide it

3.1 GPS Tracking

Corverna tracks contractors' GPS location during active assignments for safety, fraud prevention, service validation, and dispute resolution. This tracking is limited to active assignments only and is not continuous.

3.2 Documentation-Specific Uses

The documentation (photos, videos, written observations) collected by our contractors is:

Delivered to you as the requesting client
Stored securely for a limited time (see Data Retention section)
Used for quality control and contractor performance evaluation
Never shared with third parties without your explicit consent, except as required by law

4. Legal Basis for Processing

We will only collect and process your personal data when we have a legal basis to do so. Legal bases include:

Consent: You have given us permission to process your personal data for a specific purpose
Performance of a Contract: Processing is necessary for the performance of a contract with you
Legal Obligation: Processing is necessary for compliance with a legal obligation
Legitimate Interests: Processing is necessary for our legitimate interests or those of a third party

5. Data Retention

We retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your information to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our policies.

5.1 Media Handling and Retention

Media is stored securely and encrypted in transit and at rest. Files are automatically deleted after 30 days unless legally retained per explicit instruction or a contractually extended agreement. Ownership of media belongs to Corverna until delivery, at which point ownership and full responsibility for safekeeping transfers to the client.

Unless otherwise requested in writing:

Documentation (photos, videos, written observations) is retained for 30 days after delivery to you
After this period, all documentation is permanently deleted from our systems
You may request earlier deletion or extended retention (for an additional fee)

5.2 Account Information Retention

Your account information is retained for as long as your account is active. If you close your account, we will delete your personal information within 90 days, except as required for legal or accounting purposes.

6. Data Security

The security of your data is important to us. We implement appropriate security measures to protect your personal information:

All data transfers are encrypted using industry-standard SSL/TLS protocols
Documentation is stored in secure, encrypted cloud storage
Access to documentation is strictly limited to authorized personnel
Regular security audits and vulnerability testing
Employee training on data protection and privacy

Corverna uses industry-standard encryption for all media files. We store data using Glide and Google Workspace platforms with controlled administrative access. Independent contractors are expected to maintain secure devices and secure connections when accessing Corverna's services. In the event of a data breach, affected users will be notified within 72 hours, or the fastest timeframe possible under applicable law.

While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.

7. Data Minimization

We are committed to collecting only the data necessary to provide our services. We implement data minimization practices by:

Collecting only information that is directly relevant to service provision
Limiting access to personal data to only those who need it
Regularly reviewing our data collection practices to eliminate unnecessary data points
Deleting data promptly when it is no longer needed

8. Disclosure of Data

We may disclose your personal information in the following situations:

8.1 Service Providers

We may employ third-party companies and individuals to facilitate our service ("Service Providers"), to provide the service on our behalf, to perform service-related services, or to assist us in analyzing how our service is used. These third parties have access to your personal data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

Specific third-party service providers include:

Payment Processors: To process payments (we do not store complete payment information)
Cloud Storage Providers: To securely store documentation and other data
Analytics Providers: To help us understand website and app usage
Communication Services: To facilitate messaging between users and contractors

8.2 Independent Contractors

Our independent contractors who provide documentation services will have access to the information necessary to complete their assignments, including location details and specific instructions. They are bound by confidentiality agreements and are prohibited from retaining, using, or disclosing any information collected during service provision for any purpose other than providing the contracted services.

8.3 Legal Requirements

We may disclose your personal data if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).

8.4 Business Transfers

If we are involved in a merger, acquisition, or asset sale, your personal data may be transferred. We will provide notice before your personal data is transferred and becomes subject to a different Privacy Policy.

9. Cross-Border Data Transfers

Your information may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.

If you are located outside the United States and choose to provide information to us, please note that we transfer the data, including personal data, to the United States and process it there.

When we transfer personal data from the European Economic Area, United Kingdom, or Switzerland to the United States or other countries that have not been determined by the European Commission to provide adequate protection, we use standard contractual clauses approved by the European Commission and other appropriate safeguards to protect your personal data.

10. Your Data Protection Rights

Depending on your location, you may have certain rights regarding your personal information:

10.1 Rights for All Users

Right to Access: You have the right to request copies of your personal data
Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete
Right to Deletion: You have the right to request that we delete your personal data, under certain conditions
Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions
Right to Object to Processing: You have the right to object to our processing of your personal data, under certain conditions
Right to Data Portability: You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions

10.2 Additional Rights for EU/EEA Residents (GDPR)

If you are a resident of the European Union or European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR), including:

The right to lodge a complaint with a supervisory authority
The right to withdraw consent at any time for processing based on consent
The right not to be subject to automated decision-making, including profiling, that produces legal effects

10.3 Additional Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including:

The right to know what personal information is collected, used, shared, or sold
The right to delete personal information held by businesses
The right to opt-out of the sale of personal information
The right to non-discrimination for exercising your CCPA rights
The right to correct inaccurate personal information
The right to limit use and disclosure of sensitive personal information

10.4 How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@corverna.com. We will respond to your request within 30 days.

To opt out of marketing communications, you can use the "unsubscribe" link in any marketing email we send, or contact us directly with your request.

11. Cookies and Tracking

We use cookies and similar tracking technologies to track activity on our website and hold certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our service.

11.1 Types of Cookies We Use

Type	Purpose	Duration
Essential Cookies	Necessary for the website to function properly	Session to 1 year
Preference Cookies	Remember your preferences and settings	1 year
Analytics Cookies	Help us understand how visitors interact with our website	Up to 2 years

12. Children's Privacy

Our service is not intended for use by children under the age of 18. We do not knowingly collect personally identifiable information from children under 18. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us. If we become aware that we have collected personal data from children without verification of parental consent, we take steps to remove that information from our servers.

13. Links to Other Websites

Our service may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

14. Changes to This Privacy Policy

We may update our Privacy Policy from time to time without notice. We will post the new Privacy Policy on this page and update the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

15. Contact Information

If you have any questions about this Privacy Policy, please contact us:

Email: privacy@corverna.com
Address: 123 Documentation Way, Suite 400, Dover, DE 19901

By using Corverna's services, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.