Privacy Policy

Last updated: March 10, 2026

1. Introduction

Divan ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI advisory platform and related services (collectively, the "Service").

By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our policies and practices, please do not use the Service.

2. Information We Collect

2.1 Information You Provide Directly

  • Account Information: When you sign in using Google authentication, we receive your name, email address, and profile picture from your Google account.
  • Profile Information: Any additional information you choose to add to your profile, such as display name or preferences.
  • Conversation Data: The messages you send to AI advisors and the responses generated.
  • User Preferences: Your selected advisors, settings, and customization choices.
  • Communications: Information you provide when you contact us for support or feedback.

2.2 Information Collected Automatically

  • Device Information: Device type, operating system, browser type and version, and unique device identifiers.
  • Usage Data: Pages visited, features used, time spent on pages, click patterns, and interaction data.
  • Log Data: IP address, access times, referring URLs, and error logs.
  • Location Data: General geographic location based on IP address (country/region level only).

2.3 Information from Third Parties

  • Google OAuth: Basic profile information when you authenticate with Google.
  • Analytics Providers: Aggregated usage statistics and performance data.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Provision

  • Create and manage your account
  • Authenticate your identity and maintain session security
  • Provide AI advisor conversations and personalized responses
  • Save and display your conversation history
  • Process your preferences and customization choices

3.2 Service Improvement

  • Analyze usage patterns to improve features and user experience
  • Train and improve our AI models (using anonymized or aggregated data)
  • Debug issues and optimize performance
  • Develop new features and services

3.3 Communication

  • Send service-related notifications and updates
  • Respond to your inquiries and support requests
  • Notify you of changes to our policies or Service

3.4 Safety and Security

  • Detect and prevent fraud, abuse, and security threats
  • Enforce our Terms of Service and other policies
  • Comply with legal obligations

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We share information with third-party service providers who perform services on our behalf:

  • Supabase: Database hosting and authentication services
  • Google: OAuth authentication
  • AI Service Providers: To process and generate AI advisor responses
  • Analytics Providers: To help us understand Service usage
  • Payment Processors: If you make purchases (e.g., Stripe for future premium features)

4.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid legal requests, such as subpoenas, court orders, or government regulations.

4.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or use of your personal information.

4.4 With Your Consent

We may share your information for other purposes with your explicit consent.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Service. Specifically:

  • Account Information: Retained until you delete your account
  • Conversation History: Retained to provide continuity; you may delete conversations at any time
  • Usage Data: Retained for up to 24 months for analytics purposes
  • Log Data: Retained for up to 12 months for security and debugging

After account deletion, we may retain certain information as required by law or for legitimate business purposes, such as fraud prevention.

6. Data Security

We implement appropriate technical and organizational security measures to protect your personal information, including:

  • Encryption of data in transit using TLS/SSL
  • Encryption of sensitive data at rest
  • Regular security assessments and monitoring
  • Access controls and authentication requirements
  • Secure infrastructure provided by reputable cloud providers

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and store information:

  • Essential Cookies: Required for basic Service functionality, such as maintaining your session
  • Functional Cookies: Remember your preferences and settings
  • Analytics Cookies: Help us understand how users interact with the Service

You can control cookies through your browser settings. Note that disabling certain cookies may affect Service functionality.

8. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

8.1 General Rights

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information
  • Portability: Request a copy of your data in a portable format
  • Opt-out: Opt out of certain data processing activities

8.2 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to know what personal information we collect, use, and disclose
  • Right to delete your personal information
  • Right to opt out of the "sale" or "sharing" of personal information
  • Right to non-discrimination for exercising your privacy rights
  • Right to limit use of sensitive personal information

We do not sell your personal information in the traditional sense. However, some data sharing for analytics purposes may constitute a "sale" under CCPA.

8.3 European Users (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, you have rights under the General Data Protection Regulation (GDPR):

  • Right of access to your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent at any time
  • Right to lodge a complaint with a supervisory authority

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have data protection laws that are different from the laws of your country. We take appropriate safeguards to ensure that your personal information remains protected in accordance with this Privacy Policy.

10. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@askdivan.com.

If we learn that we have collected personal information from a child under 13, we will take steps to delete that information as quickly as possible.

11. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated Privacy Policy on the Service and updating the "Last updated" date. Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have any questions about this Privacy Policy, want to exercise your privacy rights, or have concerns about our data practices, please contact us:

Email: support@askdivan.com

View Terms of Service →