Privacy Policy

Integrava is an AI support platform operated by Customer Success Point. For the purposes of applicable data protection law, Customer Success Point is the data controller for personal data processed through the Integrava service, except where your organization acts as controller of data you upload or collect from your own customers.

Privacy enquiries and data subject requests: contact@integrava.ai

This policy applies to:

• Visitors to our marketing site and documentation
• Users who register for or administer an Integrava workspace (owners, admins, agents, and other roles)
• End users who interact with an Integrava embed widget, email assistant, or help center published by a customer workspace

If you use Integrava on behalf of an organization, your organization may have its own privacy notice for end-customer interactions. Integrava processes that data as a processor/service provider on your organization's instructions.

Account and workspace data — name, email address, password hash, workspace name, role, team invitations, email verification and password-reset tokens, and audit logs of administrative actions.

Authentication and session data — when you sign in, a session token is stored in your browser's local storage so the dashboard can authenticate API requests. We do not use third-party advertising cookies on the Integrava application.

Knowledge and content you upload — documents, URLs, text, metadata, extracted content, embeddings, and AI-generated summaries that you or your team add to train the assistant. This may include personal data if present in your source material.

Conversations and support tickets — messages, subjects, ticket status, assignee information, internal notes, CSAT scores, custom fields, mass-incident records, and playground or investigation threads.

Email channel data — if you connect Gmail or Microsoft 365, we store connected inbox addresses, OAuth tokens (encrypted), email thread metadata, message bodies, and sender/recipient addresses needed to provide shared inbox and AI-assisted replies.

Integration credentials and synced content — encrypted API keys and OAuth tokens for connected services (for example Notion, Zendesk, Google Drive, Mixpanel, Stripe, and custom HTTP integrations), plus content synced from those systems into your workspace.

AI configuration — your workspace's encrypted AI provider API keys and related settings. AI requests are sent to the provider you configure; we do not use your content to train foundation models.

Embed widget and SDK end-user data — session identifiers, optional external user IDs, display labels, traits, IP-derived request metadata, allowed-domain checks, and chat messages submitted through widgets you deploy.

Analytics and usage — workspace analytics events (for example tickets created, messages sent, token usage estimates), saved reports, and operational metrics used for billing limits and product performance.

Billing and trial integrity — Stripe customer and subscription identifiers, billing email, organization email domain (for business accounts), hashed checkout IP address, and payment-method fingerprint used to detect duplicate free-trial abuse. Payment card details are handled by Stripe, not stored on Integrava servers.

Support and operator access — if you grant temporary support access, platform operators may view workspace configuration and troubleshooting data for the limited period you approve. Operator actions are logged.

• Provide, secure, and maintain the Integrava platform
• Authenticate users and enforce workspace roles and entitlements
• Generate AI-assisted responses grounded in your knowledge base
• Operate email, embed, CRM, workflow, QA, and analytics features you enable
• Process subscriptions, trials, invoices, and abuse prevention
• Send transactional emails (invitations, password reset, verification, export delivery)
• Improve reliability, security, and support quality
• Comply with legal obligations and respond to lawful requests

We process data on the legal bases of contract performance, legitimate interests (security, fraud prevention, and service improvement), and consent where required (for example optional marketing communications, if offered).

We share personal data only as needed to run the service:

• Infrastructure — cloud hosting, databases, object storage, and caching (for example AWS services in regions you deploy to)
• Payments — Stripe for checkout, subscriptions, and customer billing portal
• AI providers — the model provider configured in your workspace settings (requests include prompts and retrieved knowledge context)
• Email delivery — SMTP/SES or similar providers for transactional mail
• Connected integrations — third-party systems you authorize (Notion, Zendesk, Google, Microsoft, Mixpanel, and others)

We do not sell personal data. We require subprocessors to protect data under contractual obligations appropriate to their role.

We retain personal data for as long as your workspace account is active and as needed to provide the service, resolve disputes, enforce agreements, and meet legal requirements. When you delete content or close a workspace, we delete or anonymize data within a reasonable period unless retention is required by law or legitimate business needs (for example billing records or security logs).

Workspace owners can delete many categories of data directly in the dashboard (tickets, knowledge documents, team members, and integrations). Contact us if you need assistance with a broader deletion request.

We use technical and organizational measures including encryption of sensitive credentials, workspace isolation, access controls, domain-restricted embed widgets, audit logging, and infrastructure security practices. No method of transmission or storage is completely secure; please use strong passwords and limit team access to what each role requires.

Integrava may process data in the European Union and other countries where our infrastructure providers operate. Where personal data is transferred outside the European Economic Area, we rely on appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms, consistent with applicable law.

Depending on your location, you may have rights to access, rectify, erase, restrict, object to, or port your personal data, and to withdraw consent where processing is consent-based. You may also lodge a complaint with your local supervisory authority.

To exercise these rights, email contact@integrava.ai. We may need to verify your identity and, for end-customer data handled on behalf of a workspace, coordinate with that workspace's administrator.

Integrava is a business service and is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us and we will take appropriate steps to delete it.

We may update this policy from time to time. Material changes will be reflected on this page with an updated "Last updated" date. Continued use of the service after changes take effect constitutes acceptance of the revised policy where permitted by law.

Questions about this policy or our data practices: contact@integrava.ai

Product documentation: Documentation