Privacy Policy

NivasaPro Inc. ("NivasaPro", "we", "us", or "our") operates the NivasaPro property management platform, including the Niva AI assistant, available at https://www.nivasapro.ai and associated mobile and API interfaces (the "Service").

NivasaPro acts as the data controller for personal information collected through the Service. For questions about this policy or your data, contact us at privacy@nivasapro.ai.

We use the information we collect to:

• Provide, operate, and improve the NivasaPro platform and Niva AI assistant.
• Process and respond to maintenance requests, approvals, and tenant communications on your behalf.
• Send transactional emails such as maintenance approval requests, repair notifications, rent reminders, and account alerts via Mailgun.
• Generate AI-powered insights, summaries, triage assessments, and the ROMI Score™ report.
• Authenticate users and maintain account security using JSON Web Tokens (JWT).
• Analyse usage patterns to improve product features and fix bugs.
• Comply with legal obligations and enforce our Terms of Service.
• Communicate with you about product updates, new features, and relevant content (you may opt out at any time).
• Respond to ROMI Score™ assessment leads and send the personalised report to the email address you provide.

We do not sell your personal information to third parties. We do not use your property or tenant data to train AI models without explicit consent.

If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data under the following legal bases:

• Contract performance — processing necessary to provide the Service under our Terms of Service (e.g., managing maintenance requests, sending notifications).
• Legitimate interests — improving our platform, preventing fraud, and ensuring security, where those interests are not overridden by your rights.
• Legal obligation — processing required to comply with applicable law.
• Consent — for marketing communications and optional analytics. You may withdraw consent at any time without affecting prior processing.

We share your information only in the following circumstances:

NivasaPro uses AI language models (currently Claude by Anthropic and Gemini by Google) to power the Niva assistant and the ROMI Score™ assessment. When you interact with Niva, your messages and relevant context (property details, maintenance history) are sent to the AI provider to generate a response.

What this means for your data:

• Conversation content is transmitted to AI providers for the sole purpose of generating responses.
• We configure these providers under zero-data-retention policies where available, meaning conversation content is not used to train their models.
• AI-generated outputs (maintenance summaries, triage assessments, ROMI scores) are stored in your account and may be seen by other authorised users of your organisation.
• Automated decisions made by Niva (such as maintenance priority classification) can be reviewed, overridden, or appealed by contacting support.

No automated decision made by Niva produces legal or similarly significant effects without human review.

We use the following types of cookies and similar technologies:

• Strictly necessary cookies — required for authentication (JWT session management) and security. These cannot be disabled.
• Functional cookies — remember your preferences such as theme and language settings.
• Analytics cookies — help us understand how the Service is used (e.g., page views, feature engagement). We use privacy-respecting analytics and do not share this data with advertising networks.
• Bot protection — Cloudflare Turnstile is used on public forms to distinguish humans from automated bots. Turnstile may set cookies or use browser signals for this purpose.

You can control non-essential cookies through your browser settings. Disabling strictly necessary cookies will impair your ability to use the Service.

We retain your personal information for as long as your account is active or as needed to provide the Service. Specifically:

• Account data — retained for the duration of your account plus 30 days after deletion to allow recovery.
• Maintenance and financial records — retained for 7 years to support legal and tax obligations, unless you request earlier deletion.
• AI conversation transcripts — retained for 12 months, then anonymised or deleted.
• ROMI Assessment data — retained for 24 months from the date of assessment. You may request deletion at any time.
• Server logs — retained for 90 days.
• Marketing preferences — retained until you unsubscribe or request deletion.

When retention periods expire, data is securely deleted or anonymised so it can no longer be associated with you.

We implement industry-standard technical and organisational measures to protect your personal information, including:

• Encryption in transit (TLS 1.2+) for all data transmitted between your browser and our servers.
• Encrypted storage for sensitive fields including passwords (bcrypt hashing) and API keys.
• JWT-based authentication with short-lived tokens and secure signing secrets.
• Role-based access controls limiting data access to authorised personnel.
• Regular dependency updates and security patching.
• MongoDB Atlas security features including network isolation and encryption at rest.

No method of transmission or storage is 100% secure. If you suspect a security incident, please contact us immediately at privacy@nivasapro.ai.

The Service is not directed at children under 18 years of age. We do not knowingly collect personal information from anyone under 18. If you believe we have inadvertently collected such information, please contact us at privacy@nivasapro.ai and we will delete it promptly.

NivasaPro is operated primarily from the United States. If you access the Service from outside the United States, your information may be transferred to and processed in the United States or other countries where our service providers operate.

For transfers from the EEA or UK to the United States, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, and/or the UK International Data Transfer Addendum, to ensure an adequate level of protection.

The Service may contain links to third-party websites or integrations. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access through NivasaPro. We are not responsible for the privacy practices of third parties.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Effective date" at the top of this page.
• Notify registered users by email or in-app notification at least 14 days before the changes take effect.
• For significant changes affecting how we process data you have already provided, seek your consent where required by law.

Continued use of the Service after the effective date constitutes acceptance of the revised policy. If you do not agree, you should delete your account before the changes take effect.

For privacy-related questions, requests, or concerns, please contact us at:

We aim to respond to all privacy requests within 30 days. For urgent security concerns, please mark your subject line "URGENT — Security".