Last updated: April 4, 2026
IVAS Corp ("IVAS", "we", "us", or "our") operates the ivas.dev website and the IVAS hosted AI memory API (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
IVAS Corp
Wyoming C-Corporation | EIN: 41-5311268
1309 Coffeen Ave, Suite 1200
Sheridan, WY 82801
admin@ivas.dev
IVAS Corp is the data controller responsible for your personal data processed through the Service at ivas.dev.
| Data | When | Required |
|---|---|---|
| Name | Account signup | Yes |
| Email address | Account signup (used for verification and communication) | Yes |
| Phone number | Optional, for SMS notifications (requires TCPA consent) | No |
| Company name | Optional, provided during signup | No |
| What you're building | Optional, provided during signup | No |
| Data | Purpose |
|---|---|
| API usage data | Endpoints called, timestamps, and response times for billing and performance monitoring |
| IP addresses | Collected from API calls for security, rate limiting, and abuse prevention |
| Cookies (analytics) | Google Analytics 4, only placed with your explicit consent |
Payment processing is handled entirely by Stripe. We never see, receive, or store your credit card numbers, bank account details, or other payment credentials. Stripe processes your payment data in accordance with PCI DSS Level 1 standards. For Stripe's privacy practices, see stripe.com/privacy.
When you use the IVAS API, your AI agents store and retrieve memory data through our Service. This data is stored in isolated, per-customer SQLite databases. We do not access, read, analyze, or use your memory vault contents for any purpose other than providing the Service to you. Your memory data belongs to you.
We use the information we collect for the following purposes:
If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data under the following legal bases:
| Legal Basis | Applies To |
|---|---|
| Contract performance | Account creation, service delivery, billing, and API access |
| Legitimate interests | Security monitoring, abuse prevention, service improvement, and debugging |
| Consent | Analytics cookies (Google Analytics 4), SMS notifications, and marketing communications |
| Legal obligation | Tax records, fraud prevention, and responding to lawful requests |
You may withdraw consent at any time without affecting the lawfulness of processing performed prior to withdrawal.
We share your data only with the following third-party processors, strictly for the purposes described. Each processor is bound by data processing agreements.
| Provider | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing | Billing email, payment method tokens |
| Resend | Transactional email delivery | Email address, name |
| Twilio | SMS delivery | Phone number (only if SMS opted in) |
| Google Analytics 4 | Website analytics | Anonymized usage data, cookies (with consent only) |
| Cloudflare Turnstile | Bot protection | IP address, browser fingerprint |
We do not sell, rent, lease, or trade your personal information to any third party. We do not share data with advertisers or data brokers. This applies to all users, including California residents under the CCPA.
Each customer's memory vault is stored in a physically separate SQLite database file. There is no shared database between customers. One customer's data cannot be accessed by another customer's API keys.
We implement industry-standard security measures including but not limited to: API key authentication, rate limiting, IP-based abuse detection, encrypted storage volumes, automated security updates, and access logging. While no method of transmission or storage is 100% secure, we take reasonable and appropriate measures to protect your data.
| Scenario | Retention Period |
|---|---|
| Active accounts | Data retained while the account remains active |
| Trial accounts (not upgraded) | 90 days after trial expiry, then permanently deleted |
| Cancelled paid accounts | 30 days after cancellation, then permanently deleted |
| API usage logs | 90 days (for billing and debugging), then purged |
| Backups | 7 daily, 4 weekly, 12 monthly backups retained per schedule |
When data is permanently deleted, it is removed from all active databases. Backup copies are purged as they rotate out according to the backup schedule described above.
We use essential cookies for session management and authentication. These cookies are strictly necessary for the Service to function and are always active. They do not track you across websites.
We use Google Analytics 4 (GA4) to understand how visitors interact with our website. Analytics cookies are only placed with your explicit consent. You may grant or withdraw consent at any time via the cookie consent banner on our website.
You can control cookies through your browser settings. Disabling essential cookies may prevent you from using certain features of the Service. You can opt out of Google Analytics at any time using the Google Analytics Opt-Out Browser Add-on.
If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights under the General Data Protection Regulation:
| Right | Description | How to Exercise |
|---|---|---|
| Access | Request a copy of the personal data we hold about you | GET /api/v1/account/export or email us |
| Rectification | Request correction of inaccurate or incomplete data | Email admin@ivas.dev |
| Erasure | Request deletion of your personal data | DELETE /api/v1/account or email us |
| Data portability | Receive your data in a structured, machine-readable format (JSON) | GET /api/v1/account/export |
| Restrict processing | Request that we limit how we process your data | Email admin@ivas.dev |
| Object to processing | Object to processing based on legitimate interests | Email admin@ivas.dev |
| Withdraw consent | Withdraw previously given consent at any time | Cookie banner, email, or account settings |
We will respond to all GDPR requests within 30 days. If we need additional time, we will notify you within the initial 30-day period. You also have the right to lodge a complaint with your local data protection supervisory authority.
If you are a California resident, the California Consumer Privacy Act (CCPA) and its amendment, the California Privacy Rights Act (CPRA), provide you with the following rights:
You have the right to request that we disclose what personal information we collect, use, and share about you. The categories of personal information we collect are described in Section 2 of this policy.
You have the right to request deletion of your personal information. You can exercise this right via the DELETE /api/v1/account API endpoint or by contacting us at admin@ivas.dev.
IVAS Corp does not sell personal information as defined under the CCPA/CPRA. We have never sold personal information and have no plans to do so. Because we do not sell data, there is no need to submit an opt-out request, but we honor such requests nonetheless.
We will not discriminate against you for exercising any of your CCPA rights. We will not deny you services, charge different prices, or provide a different quality of service because you exercised your privacy rights.
You may designate an authorized agent to submit requests on your behalf. Authorized agents must provide proof of written authorization and identity verification. Contact admin@ivas.dev to submit an authorized agent request.
When you submit a CCPA request, we will verify your identity by matching the information you provide with the information we have on file. We will respond to verifiable consumer requests within 45 days.
If you provide your phone number and opt in to SMS notifications, we may send you service-related text messages via Twilio. By opting in, you provide your express written consent under the Telephone Consumer Protection Act (TCPA).
You can stop receiving SMS messages at any time by:
Opting out of SMS will not affect your ability to use the Service.
The Service is not directed at children under the age of 13 (or under the age of 16 in the EEA). We do not knowingly collect personal information from children. If we discover that we have inadvertently collected personal data from a child under the applicable age, we will promptly delete that information.
If you are a parent or guardian and believe that your child has provided personal information to us, please contact us at admin@ivas.dev and we will take steps to delete such information.
Our servers are located in the United States (DigitalOcean data centers). If you access the Service from outside the United States, your information will be transferred to and processed in the United States.
For users in the EEA and UK, we rely on the following transfer mechanisms as applicable:
By using the Service, you acknowledge that your data will be processed in the United States, where data protection laws may differ from those in your jurisdiction.
In the event of a personal data breach that poses a risk to your rights and freedoms:
Breach notifications will include the nature of the breach, the categories and approximate number of individuals affected, the likely consequences, and the measures taken or proposed to address the breach.
We may update this Privacy Policy from time to time. When we make material changes, we will:
We encourage you to review this page periodically. Continued use of the Service after changes are posted constitutes your acknowledgment of the updated policy. For material changes that affect how we process your data, we will seek your consent where required by law.
If you have questions about this Privacy Policy, want to exercise your data rights, or have a privacy concern, please contact us:
Email: admin@ivas.dev
Address: 1309 Coffeen Ave, Suite 1200, Sheridan, WY 82801
Website: ivas.dev
We aim to respond to all privacy inquiries within 30 days.