AI Usage Auditor · Beta

Data handling & privacy statement

Rivoryn Limited (trading as AICVS) · Last updated: 12 June 2026

A plain-English statement about how the AICVS AI Usage Auditor (Beta) handles data you send us. This is informational, not legal advice. A Data Processing Agreement (DPA) is available on request.

What we process

We analyse AI usage logs you provide - typically: who used an AI feature, in which tool or workflow, a summary of the prompt and output, a timestamp, and the data classes involved. We do not require access to your production systems or credentials.

How we process it

Deterministic by default. Detection runs on rules and patterns. Your data is not sent to any external AI model unless you explicitly enable the optional LLM layer - and you choose the provider, including a fully local/offline model so data never leaves your infrastructure.
Tenant isolation. Each customer's records are scoped to their account; one customer cannot read another's data.
Redaction at rest. When enabled, secrets and PII in stored prompts/outputs are masked before storage.
In transit. The hosted service is served over HTTPS.

What we do NOT do

We do not sell or share your data.
We do not use your data to train models.
We do not make legal determinations - output is indicative triage evidence for human review.

Sub-processors

Hosting: Render (compute/storage for the hosted app), in the EU region.
Optional LLM provider: only if you enable it - Anthropic or OpenAI, or a local model of your choice. If you use a local model, there is no third-party LLM sub-processor.

Retention & deletion

We retain analyses and reports for the duration of the engagement and delete on request. Contact privacy@aicvs.io to request deletion or export of your data.

Data residency

Data is hosted in the European Union (Frankfurt). If you require a specific region or arrangement, we can discuss it.

Your responsibilities

Send only data you're authorised to share; minimise or redact before sending where possible (our template encourages summaries, not raw sensitive values). If the data contains personal data, you remain the controller; we act as processor under a DPA, available on request.

Roles (GDPR)

For most engagements, you are the data controller and AICVS is the data processor. A Data Processing Agreement is available on request.

Boundary. AICVS is a Beta monitoring/triage tool. Compliance framework references are indicative tags to guide human review; they are not legal advice, a conformity assessment, or certification.

Contact: privacy@aicvs.io · Entity: Rivoryn Limited, Limerick, Ireland.

← Back to the AI Usage Auditor