Privacy Policy

Data Processing Agreement

Last updated: June 12, 2026

This Data Processing Agreement ("DPA") forms part of the Terms of Service between Quivra ("Processor", "we") and the customer ("Controller", "you") and applies wherever we process personal data on your behalf in the course of providing the quivra.io service.

1. What we process, and why

2. Subprocessors

We use the following subprocessors to deliver the service. Each is bound by its own data protection terms.

SubprocessorPurposeLocation
RailwayApplication hosting & databaseUnited States
StripePayment processing & billingUnited States
ResendTransactional email deliveryUnited States
AnthropicAI fix generation & AI-visibility checksUnited States
OpenAIAI-visibility checksUnited States
PerplexityAI-visibility checksUnited States
Google (Gemini, Search Console, PageSpeed)AI-visibility checks & search data integrationsUnited States
DataForSEOKeyword & backlink dataUnited States
PostHogProduct analyticsUnited States

3. Security

All data is encrypted in transit (TLS) and at rest. Access to production systems is restricted to authorized personnel. Passwords are stored as salted bcrypt hashes. API keys are stored as SHA-256 hashes.

4. Data subject rights

We assist you in responding to data subject requests (access, correction, deletion, portability). Deleting your account removes your sites, audits, keywords, and tracking data. To exercise any right, contact support@quivra.io.

5. Data retention & deletion

Customer data is retained for the life of the account. Upon account deletion, associated data is removed from production systems within 30 days, except where retention is required by law (e.g., billing records).

6. International transfers

Where personal data originating in the EEA/UK is transferred to the United States, we rely on Standard Contractual Clauses with our subprocessors where applicable.

7. Breach notification

We will notify affected customers without undue delay after becoming aware of a personal data breach affecting their data.

8. Contact

Questions about this DPA or our data practices: support@quivra.io.