Dataravn Privacy Policy

This Privacy Policy applies to the Dataravn website, SaaS backup platform, browser extension, account registration and login, supported integrations, Podio-related workflows, backup and synchronization features, session handling, customer support and service communications. 

This Privacy Policy does not replace any separate Data Processing Agreement, subscription terms or customer agreement that may apply between Dataravn and a business customer. 

When Dataravn processes personal data on behalf of a business customer, Dataravn will usually act as a data processor and the customer will usually act as the data controller. When Dataravn decides why and how personal data is processed, Dataravn acts as the data controller. 

The data we collect depends on how you use Dataravn and which integrations you enable. 

a. Account information 

When you create or use a Dataravn account, we may collect your name, email address, company or organisation name, login or authentication details, subscription or account status, user role, account permissions and communication preferences. 

We use this information to create, administer, secure and support your Dataravn account. 

b. Backup and integration data 

Dataravn processes data from supported third-party SaaS applications and integrations so that we can provide backup, recovery, synchronization and related service features. 

Depending on the integration and permissions granted by the customer or authorized user, this may include workspace or organization data, user and role information, project, task, workflow or application data, metadata from supported SaaS platforms, files, records, comments, activity data and other customer-controlled content needed to perform backup, restore, synchronization or monitoring functions. 

Dataravn does not claim ownership of customer data. Customer data remains owned by the customer or the relevant rights holder. 

c. Podio and workflow session cookies 

For certain Podio-related backup workflows, the Dataravn browser extension may process Podio or workflow session cookies. 

After you sign in on Podio’s workflow site, the extension reads cookies for the Podio-related domains needed for the backup workflow. This allows your authenticated session to be represented on Dataravn servers and used to run backup features as the authenticated user, after you have explicitly started the login flow. 

The extension does not access cookies from unrelated domains. 

d. Browser extension data 

When you use the Dataravn browser extension, we may process the link code used to pair the browser with a Dataravn backup account, the extension token returned by our servers after successful pairing, the authentication tab identifier, temporary login and error status, cookie-related data held briefly during the login flow, your user agent string, the timestamp associated with the cookie payload, and tab or window usage needed to open the login tab and return you to the Dataravn application. 

The extension token may be used for later re-authentication, so you do not need to enter a new link code each time. 

e. Technical and usage data 

When you use our website, product, extension or services, we may collect limited technical data, such as IP address, browser type and version, device information, operating system, user agent string, timestamps, login and authentication events, error logs, system logs, security logs and service usage information. 

We use this data to operate, secure, maintain, troubleshoot and improve the service. 

f. Support and communication data 

If you contact us for support or another inquiry, we may process your name, email address, company details, message content, support ticket information and technical information needed to resolve the issue. 

g. Payment and subscription data 

If you subscribe to a paid plan, we may process subscription-related information such as plan type, billing status, payment status, invoice details, and subscription renewal or cancellation details. 

Where payment processing is handled by a third-party payment provider, payment card details may be processed directly by that provider and not stored by Dataravn.

We use personal data and customer data to provide and administer Dataravn. In practice, this includes: 

• providing, operating and maintaining the Dataravn service; 
• creating and managing user accounts; 
• authenticating users; 
• connecting browsers, extensions and backup accounts; 
• performing backup, recovery, synchronization and related service functions; 
• maintaining authenticated sessions for supported integrations; 
• processing Podio-related backup workflows; 
• showing status, success and error messages; 
• securing the service and preventing unauthorized access; 
• monitoring system performance and reliability; 
• troubleshooting technical issues; 
• providing customer support; 
• communicating about the service; 
• managing subscriptions and billing; 
• complying with legal obligations; and 
• enforcing applicable terms and protecting our rights. 

We do not sell, rent or trade user data. We do not use data collected through the browser extension for advertising. 

Where Dataravn acts as a data controller, we rely on one or more of the following legal bases. 

a. Performance of a contract 

We process data where it is necessary to provide the Dataravn service, manage accounts, perform backup functions, provide support and administer subscriptions. 

b. Legitimate interests 

We may process data where it is necessary for our legitimate interests, including service security, fraud prevention, troubleshooting, system monitoring, product improvement and protecting Dataravn, our customers and users from unauthorized or harmful activity. 

c. Consent or user-initiated action 

Some processing is based on consent or a user-initiated action. For example, this may apply when a user starts the Podio login process and pairs the browser extension with a Dataravn account. 

d. Legal obligation 

We may process data where necessary to comply with applicable laws, accounting requirements, regulatory obligations or lawful requests. 

Where Dataravn acts as a data processor on behalf of a customer, we process personal data according to the customer’s instructions and the applicable data processing agreement. 

The Dataravn browser extension supports account pairing, login flow, session handling and backup-related functionality. 

The extension may use browser permissions to open the login tab, read Podio-related session cookies after you complete the login flow, store temporary authentication and session-related values locally in the browser, communicate with Dataravn servers, pair the browser with the correct Dataravn backup account and maintain authenticated backup functionality. 

The extension is intended to access only the data needed to provide Dataravn’s supported functionality. The extension does not sell user data or use extension data for advertising.

a. Data stored on your device or browser 

The browser extension may store the following data locally, for example using chrome.storage.local: link code, extension token, authentication tab identifier, temporary login state, temporary error state and cookie-related data held briefly during the login flow. 

This local storage is used for authentication, pairing and session handling. 

b. Data stored on Dataravn servers 

When you complete the Podio login flow or use Dataravn backup services, relevant data may be sent to and processed on Dataravn servers. 

This may include Podio or workflow session cookie data, user agent string, timestamp, extension token, account and backup metadata, and data required to provide backup, synchronization or recovery functionality. 

Sensitive data stored in our database is encrypted using the AES-256-CBC encryption algorithm.

We take the protection of personal data and customer data seriously. We use technical and organizational measures designed to protect data against unauthorized access, loss, misuse, alteration, disclosure or destruction. 

These measures may include encryption of sensitive stored data, encryption in transit where applicable, access controls, authentication controls, limited access to production systems, logging and monitoring, backup procedures, internal security rules, procedures for handling access rights, and ongoing security maintenance and review. 

Access to personal data and customer data is limited to personnel and service providers who need it for legitimate business or technical purposes. 

No method of transmission or storage is completely secure. However, we take reasonable steps to protect data in a way that reflects the nature of the data and the risks involved. 

We do not sell personal data. 

We may share data with third-party service providers only where necessary to provide, host, secure, support or operate the Dataravn service. These providers may include: 

• hosting or infrastructure providers, including PHASES-operated server infrastructure; 
• email delivery providers, such as SendGrid; and 
• payment providers, such as Stripe. 

These providers are permitted to process data only for the purpose of providing services to Dataravn and must protect the data in accordance with applicable contractual and legal requirements. 

We may also disclose data if required by law, court order or public authority request, or where necessary to protect our legal rights, users, systems or the security of the service.

Dataravn is operated by PHASES ApS, a Danish company. 

Where personal data is transferred outside the European Economic Area, we will use appropriate safeguards required under applicable data protection laws. These safeguards may include EU Standard Contractual Clauses, adequacy decisions, contractual data protection obligations, or other lawful transfer mechanisms. 

We do not rely on transfer mechanisms that are no longer valid under applicable data protection laws.

We retain data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required by law, contract, accounting obligations, dispute resolution or legitimate business needs. 

a. Account data 

Account data is retained for as long as the user or customer account remains active. 

b. Backup and integration data 

Backup and integration data is retained for as long as necessary to provide the Dataravn backup service, unless the customer deletes the data or terminates the account. 

c. Session-related data 

Session-related data is retained for the period needed to maintain the backup process. A saved session may be refreshed or reset approximately every two hours so the backup process can continue. 

Session-related data is retained until the user deletes the account from the Dataravn backup tool, unless a longer retention period is required for legal, accounting, security, backup integrity, or dispute-resolution reasons. 

d. Extension of local data 

Data stored locally in the browser extension may remain in the user’s browser until it is removed by the extension, reset through the extension, deleted by uninstalling the extension or cleared through browser extension storage settings. 

e. Support and logs 

Support communications and technical logs may be retained for as long as necessary to provide support, maintain security, troubleshoot issues, comply with legal obligations, and protect our rights.

Users may delete their account from the Dataravn backup tool. 

When a user deletes an account, Dataravn removes data associated with that user in accordance with our deletion process, unless retention is required for legal, accounting, security, backup integrity, or dispute-resolution purposes. 

Users do not have a separate control inside the extension to delete individual session details. Deleting the account from the Dataravn backup tool removes the data associated with that user, including session-related data stored for the backup service, subject to the limitations above.

Depending on applicable law, users may have the following rights regarding their personal data: 

• the right to access personal data; 
• the right to correct inaccurate personal data; 
• the right to request deletion of personal data; 
• the right to restrict processing; 
• the right to object to processing; 
• the right to data portability; 
• the right to withdraw consent where processing is based on consent; and 
• the right to lodge a complaint with a data protection authority. 

To exercise these rights, please contact us using the contact details in this Privacy Policy. 

We will respond to valid requests within the timeframe required by applicable law. Under the GDPR, this is generally within one month of receiving the request, unless an extension is permitted by law. 

Some rights may be limited where Dataravn processes data on behalf of a business customer. In those cases, we may need to refer the request to the relevant customer acting as data controller. 

Some data processed by Dataravn may belong to, or be controlled by, a business customer. 

Where Dataravn acts as a processor, the customer is responsible for determining what data is backed up, which users are authorized, which integrations are enabled, the lawful basis for processing customer-controlled data and how to respond to data subject requests where applicable. 

Dataravn will assist customers as required under applicable data processing terms. 

If we become aware of a personal data breach affecting personal data processed by Dataravn, we will take appropriate steps to investigate, mitigate and respond to the incident. 

Where required by applicable law or contractual obligations, we will notify affected customers or users without undue delay. 

Where Dataravn acts as a data processor, we will assist the relevant data controller with breach notification obligations as required under applicable data protection law. 

Dataravn is intended for professional and business users. Our services are not intended for children under the age of 18, and we do not knowingly collect personal data from children. 

Our website may use cookies or similar technologies to provide functionality, improve performance, analyze usage and maintain security. 

Where required by law, we will request consent before placing non-essential cookies. Necessary cookies may be used without consent where they are required for website functionality, security or service delivery. 

Users may manage cookies through browser settings or any cookie preference tool provided on our website. 

We may send service-related communications, such as account, security, subscription or technical notices. 

We may send marketing communications only where permitted by applicable law. Users may opt out of marketing communications at any time by following the unsubscribe instructions or contacting us. 

Service-related communications may still be sent where necessary for account administration, security or legal purposes. 

We may update this Privacy Policy from time to time to reflect changes in our services, integrations, legal requirements, security practices, or business operations. 

When we update this Privacy Policy, we will revise the “Last updated” date. If changes are material, we may provide additional notice through our website, product, email, or another appropriate channel. 

For privacy questions, data requests, or account deletion requests, please contact: 

Email: [email protected]