Privacy Policy

This Privacy Policy describes how Corvus AI, Inc. ("Corvus," "we," "us," or "our") collects, uses, discloses, and protects information when you use our platform and services (collectively, the "Service"). Corvus is a B2B SaaS platform that provides AI-powered sales intelligence for specialty chemicals companies.

By accessing or using the Service, you acknowledge that you have read and understand this Privacy Policy.

1. Information We Collect

1.1 Account & Authentication Data

When your organization provisions access to Corvus, we collect information necessary to create and manage your account, including your name, business email address, and organizational role. Authentication is managed through a third-party identity provider, which handles credential verification and session management on our behalf.

1.2 Customer Business Data

In the course of using the Service, your organization provides and generates business data, including:

• Target company information (company names, domains, and associated research)
• Account notes, strategies, and qualification assessments created by your users
• Chemical product portfolios and application match data configured by your organization
• Enrichment tables and prospect lists uploaded or created within the platform
• Chat conversations and AI-assisted interactions within the Service

1.3 Voice & Meeting Data

If your organization uses our Meeting Notes feature, we process voice recordings through a third-party transcription provider to generate meeting summaries and action items. Raw audio recordings, resulting transcripts, and summaries are all stored as Customer Business Data and retained in accordance with Section 5. Customer is responsible for providing any required notice to, and obtaining any required consent from, meeting participants before recording.

1.4 Usage & Technical Data

We automatically collect technical information when you interact with the Service, including browser type, device information, IP address, pages visited, features used, session duration, and error logs. We use this data for performance monitoring, troubleshooting, and product improvement.

1.5 Company Research Data

Our platform maintains a shared dataset of publicly available company profile information (e.g., company names, locations, product categories, news events). This data is derived from public sources through our AI research pipeline and is not attributable to any individual user or customer organization. Multiple customers may benefit from shared company profile data. Customer-confidential inputs — including chemical matches, account notes, strategies, chat conversations, meeting transcripts, qualification assessments, and any customer-specific analysis — are never used to create shared data and are never accessible to other customers.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service, including AI-powered research, account qualification, and geographic discovery features
• Authenticate users and enforce tenant-level access controls
• Process and analyze data through our research pipeline using AI models to generate sales intelligence, account strategies, and chemical matching recommendations
• Send transactional communications related to your use of the Service (e.g., research completion notifications, account alerts)
• Monitor and improve the performance, reliability, and security of the Service
• Comply with legal obligations and enforce our Terms of Service

3. Data Sharing & Sub-Processors

We do not sell or share personal information for targeted advertising purposes, and we do not engage in automated profiling that produces legal or similarly significant effects. We share information only as described below.

3.1 Third-Party Service Providers

We use third-party service providers to operate the Service, including for application hosting, database hosting, authentication, asynchronous job execution, AI model processing, geocoding, DNS and CDN services, error tracking, session monitoring, email delivery, voice transcription, and file storage. Each provider processes data only as necessary to perform its designated function and is subject to appropriate data processing obligations. All providers currently used by Corvus are located in the United States. A current list of sub-processors is available upon request.

3.2 AI Model Providers

Customer Business Data may be submitted to third-party AI model providers as part of our research and analysis pipeline. Data is sent only to providers necessary to deliver the requested feature and only under contractual terms that, where applicable, prohibit the use of customer-submitted data for model training. We review provider terms on an ongoing basis. Specific model and provider usage may vary by feature and is subject to change as we optimize the Service.

3.3 Other Disclosures

We may disclose information if required by law, regulation, or legal process; to protect the rights, safety, or property of Corvus, our customers, or the public; or in connection with a merger, acquisition, or sale of assets (in which case you will be notified).

4. Data Security

We implement technical and organizational measures designed to protect your data, including:

• Logical tenant isolation enforced at the database level, ensuring each customer's business data is separated from other customers
• Encryption of data in transit (TLS) and at rest
• Authentication and authorization controls with tenant-level access validation on every request
• Environment-segregated secrets management
• Application performance monitoring and error tracking for rapid incident response
• SOC 2 Type II compliance program currently in progress

No method of transmission or storage is completely secure. While we strive to protect your data, we cannot guarantee absolute security.

5. Data Retention

We retain Customer Business Data for the duration of your organization's subscription. Upon termination of a subscription, we will delete or anonymize tenant-scoped data within 90 days unless a longer retention period is required by law or a valid contractual obligation. Usage and technical data (including error logs and session monitoring data) is retained in accordance with our then-current operational retention schedules, typically no longer than 12 months.

Client-agnostic research data (publicly sourced company profile information) may be retained indefinitely as it is not attributable to any specific customer.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate or incomplete information
• Request deletion of your personal information, subject to our legal and contractual obligations
• Object to or restrict certain processing activities
• Receive your data in a portable format

To exercise any of these rights, please contact us at support@corvusapp.com. We will respond within the timeframe required by applicable law.

7. Cookies & Tracking Technologies

We use cookies and similar technologies for authentication, session management, and analytics. We use session monitoring tools to diagnose usability issues and improve the Service. You may configure your browser to reject cookies, but this may affect your ability to use certain features of the Service.

8. International Data Transfers

The Service is hosted in the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States. By using the Service, you consent to such transfers. We rely on standard contractual clauses and other lawful transfer mechanisms where required.

9. Children's Privacy

The Service is designed for business use and is not directed at individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the effective date above. Your continued use of the Service after such changes constitutes your acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Corvus AI, Inc.
Email: support@corvusapp.com