Legal

Privacy policy.

Last updated: May 28, 2026

This policy explains what data Ayuvam collects, how we use it, and what control you have over it. We try to keep it readable and short. If anything's unclear, email hello@ayuvam.com and we'll clarify.

1. What we collect

We try to collect as little as possible. Specifically:

  • Account info: name, email, and (if you sign up with Google) your Google profile picture URL. If you use email/password, we store a hashed password — never the original.
  • Workspace content: files, links, tags, notes, and anything else you upload. We store these so the Service can show them back to you and to the clients you share with.
  • Share-link metadata: when a share link was last accessed, the email address it was sent to (if you provided one). We use this so you can see whether your client has opened the link.
  • Basic usage logs: the standard request logs your browser sends to any web server (IP address, user agent, request paths). We use these for debugging and abuse prevention.

We do not use third-party analytics, behavioral tracking pixels, or session replay tools.

2. How we use it

We use your data only to operate Ayuvam:

  • To deliver the Service (storing and showing your work).
  • To send transactional emails — sign-in confirmations, share-link invites you trigger, billing receipts.
  • To respond to your support questions.
  • To enforce our terms and prevent abuse.

We do not sell your data. We do not use it to train AI models. We don't email you marketing without your consent.

3. Who we share it with

Ayuvam runs on a few infrastructure services. Each handles a specific slice of your data, under their own privacy policies:

  • Neon — hosts the Postgres database that stores your account and workspace metadata. (neon.tech)
  • Vercel — hosts the application code and (via Vercel Blob) the files you upload. (vercel.com)
  • Resend — sends transactional emails on our behalf. (resend.com)
  • Google — handles OAuth sign-in when you choose "Continue with Google".
  • Paddle — processes payments and handles tax compliance when you subscribe to a paid plan. (paddle.com)

We don't share your data with anyone else. We only disclose data to law enforcement if we receive a valid legal request and have no choice.

4. Your clients

When you create a share link, the people who open it can see the content of that workspace. That's the whole point. We don't collect information from those visitors beyond standard request logs and the "last accessed" timestamp on the share link.

5. Retention

We keep your data for as long as your account is active. When you delete your account, we delete your content within 30 days. Some backup snapshots may persist for up to 90 days, after which they're permanently removed.

Some data we retain longer for legal/financial reasons — for example, invoice records we're required to keep for tax purposes.

6. Your rights

You can, at any time:

  • Access the data we have about you (most of it is visible in the app).
  • Correct anything wrong by editing your profile or content.
  • Request an export of your content. Email hello@ayuvam.com — we'll respond within 7 days.
  • Delete your account. This permanently removes your content (see §5).

If you're in the EU/UK and want to invoke GDPR rights, write to the same email — we honor those rights regardless of where you live.

7. Cookies

We use cookies for one purpose only: to keep you signed in. The session cookie is set by our authentication library and expires when you sign out or after 30 days of inactivity. We don't use third-party cookies, advertising cookies, or analytics cookies.

8. Security

We use industry-standard practices to protect your data — TLS in transit, at-rest encryption on the database and file storage, hashed passwords (bcrypt), and the principle of least privilege internally.

No system is perfectly secure. If we discover a breach affecting your data, we'll notify you promptly and explain what happened and what to do.

9. Children

Ayuvam is for use by people 18 and older. We don't knowingly collect data from anyone under 18. If we learn we have, we delete it immediately.

10. Changes

We may update this policy occasionally. If we make material changes, we'll notify you in-app or by email at least 30 days before they take effect.

11. Contact

Privacy questions, data requests, or concerns — write to hello@ayuvam.com. We try to respond within 7 days.