Privacy Policy

Scope

This policy applies to Corvée’s website, app, account features, AI-assisted timesheet features, voice features, billing flows, and related support communications.

This policy does not apply to websites, products, or services operated by third parties, even if they are linked from Corvée. Third-party services have their own terms and privacy policies.

Who is responsible for your information

For individual users, Corvée generally acts as the controller of personal information used to provide your account and operate the service.

If you use Corvée on behalf of a company, employer, client, or other organization, that organization may be the controller of certain data you submit, and Corvée may act as a service provider or processor for that data. You are responsible for making sure you have authority to submit and process that information through Corvée.

For privacy questions or requests, contact us at privacy@corvee.io.

Information we collect

We collect the following categories of information, depending on how you use Corvée.

Account information

We collect information used to create and manage your account, such as:

• Email address
• Password authentication information, stored securely by our authentication provider
• First name and last name, if provided
• Company name, if provided
• Phone number, if provided
• Account settings and subscription status

Timesheet and work content

We collect the content you create or submit in Corvée, such as:

• Dates
• Hours
• Project references
• Comments
• Action items
• Timesheet entries
• Work notes
• AI-generated or AI-assisted entry drafts that you save

Reference data you provide

You may provide reference data to help Corvée understand your work context, such as:

• Contacts, including names, titles, companies, email addresses, and notes
• Acronyms and expansions
• Projects, clients, billing rates, keywords, and project notes

Voice input

If you use voice features, audio captured in your browser is sent to a third-party speech-to-text provider for transcription. Corvée does not intentionally store voice recordings in your account or on Corvée servers after transcription.

The resulting transcript may be processed by Corvée and its AI providers to help create timesheet entries or other work records.

Chat and assistant input

Text you submit to the in-app assistant, including transcribed voice input, may be processed to generate or update timesheet entries.

Recent in-app assistant conversation history may be stored in your browser’s local storage, using a key such as corvee_chat_<userId>. This local chat history is stored on your device, not as a server-side transcript in your Corvée account. You can clear it from inside the app or by clearing browser storage.

Billing information

Paid subscriptions are processed by a third-party payment processor. Corvée does not see or store your full card number.

Corvée may store billing-related identifiers and status information, such as:

• Payment processor customer ID
• Subscription ID
• Price or plan ID
• Subscription status
• Billing portal or checkout status metadata

The payment processor may collect payment card details, billing address, tax information, and other information needed to process payments, prevent fraud, and comply with legal obligations.

Preferences and settings

We collect settings and preferences used to personalize the service, such as:

• Theme preference
• Accent color
• Base color preferences
• Language settings
• Default duration or timesheet formatting preferences
• AI feature toggles
• Other app settings saved in your profile

Some preferences may also be stored in cookies, such as corvee-theme, corvee-accent, corvee-base-light, and corvee-base-dark.

Usage, device, and technical information

We may collect limited technical information to operate, secure, troubleshoot, and improve the service, such as:

• Browser and device information
• IP address
• Log data
• Error events
• Approximate usage metrics
• Feature usage information
• Authentication and security events

Where practical, we use aggregated or non-identifying usage information for analytics and product improvement.

Information you should not submit

Corvée is designed for professional timekeeping, work-note organization, and billing-support workflows. You should not submit unnecessary sensitive information.

Do not submit sensitive personal data, health data, financial secrets, passwords, regulated information, confidential client information, or data you are not authorized to use unless it is strictly necessary for your lawful use of Corvée and you have the right to process it.

You are responsible for the content you submit, including any personal information about coworkers, clients, employees, contractors, contacts, or other third parties.

How we use information

We use information to:

• Create, authenticate, and manage accounts
• Provide, operate, and maintain Corvée
• Save, display, edit, export, and delete timesheet entries and related content
• Process voice input into transcripts
• Process text, transcripts, and reference data through AI features
• Manage subscriptions, billing, taxes, discounts, and payment status
• Personalize settings, appearance, and preferences
• Provide support and respond to requests
• Send service-related messages, such as account, security, billing, or policy notices
• Monitor reliability, debug errors, prevent abuse, and secure the service
• Improve the product using aggregated or anonymized usage information
• Enforce our Terms of Service
• Comply with legal obligations

AI and speech processing

Corvée uses third-party AI and speech-to-text providers to provide core product features.

When you use AI or voice features:

• Voice audio may be sent to a speech-to-text provider only to create a transcript.
• Transcripts, chat messages, and work notes may be sent to an AI processing provider to generate, rewrite, classify, or structure timesheet entries.
• Relevant account preferences may be included, such as language preference, default duration, or comment style.
• Relevant reference data may be included, such as matching contacts, acronyms, or projects, so the assistant can produce more useful entries.

We do not use customer content to train Corvée models. We use business/API offerings from AI providers that, according to their applicable terms, do not use API-submitted customer content to train their models unless we explicitly opt in.

AI-generated output may be incomplete, inaccurate, or inappropriate for your intended use. You are responsible for reviewing, correcting, and approving entries before relying on them for billing, payroll, reporting, client submission, tax purposes, legal compliance, employment records, or any other purpose.

Legal bases for processing, GDPR and similar laws

If GDPR, UK GDPR, or similar privacy laws apply to your personal information, we rely on the following legal bases, depending on the context:

Contract

We process information when it is necessary to provide Corvée under our Terms of Service, including account access, saved entries, AI features, voice transcription, subscription management, and support.

Legitimate interests

We process information when necessary for legitimate business interests, such as securing the service, preventing abuse, debugging issues, improving reliability, understanding aggregate usage, enforcing our Terms, and developing product improvements. We consider the impact on your privacy and use safeguards where appropriate.

Consent

We may rely on consent where required, such as for optional cookies, certain communications, or optional features where applicable. You may withdraw consent where consent is the legal basis, but this does not affect processing that happened before withdrawal.

Legal obligations

We process information when necessary to comply with legal obligations, such as tax, accounting, payment, fraud prevention, dispute, or compliance requirements.

How we share information

We do not sell your personal information.

We may share information with the following categories of recipients:

Service providers and subprocessors

We use third-party providers to operate Corvée. These providers may process information only as needed to provide services to Corvée, subject to their applicable terms and data protection commitments.

Provider categories include:

• Database and authentication providers
• Hosting providers
• AI processing providers
• Speech-to-text providers
• Payment processors
• Analytics providers
• Email or service communication providers
• Error logging, security, and monitoring providers

Payment processors

Payment processors handle payment methods, subscription billing, taxes, fraud checks, and related payment records. Their processing is also governed by their own terms and privacy policies.

Legal, safety, and compliance

We may disclose information if we believe it is necessary to comply with law, respond to legal process, enforce our Terms, prevent fraud or abuse, protect the security of Corvée, protect users, or protect rights, property, or safety.

Business transfers

If Corvée or brands & things is involved in a merger, acquisition, financing, reorganization, or sale of assets, information may be disclosed or transferred as part of that transaction, subject to appropriate confidentiality and privacy protections.

Subprocessors and provider inquiries

To keep this policy accurate as the product evolves, we generally describe service providers by category instead of listing each provider by name in the public policy.

If you need the current list of providers for compliance, security review, or due diligence, contact privacy@corvee.io.

Current provider categories include:

• Database and authentication providers
• Hosting and infrastructure providers
• AI processing providers
• Speech-to-text providers
• Payment processors
• Email and service communication providers
• Analytics providers
• Error logging, security, and monitoring providers

Cookies and local storage

Corvée uses cookies and browser storage to operate the service and remember preferences.

We may use:

• Authentication cookies so you can sign in and stay signed in.
• Preference cookies, including corvee-theme, corvee-accent, corvee-base-light, and corvee-base-dark, to remember appearance settings. These may last about one year unless you clear them.
• Browser local storage, including corvee_chat_<userId>, to keep recent in-app assistant history on your device.

You can control cookies and local storage through your browser settings. Some features may not work properly if required authentication cookies or storage are blocked.

Data retention

We retain personal information for as long as needed to provide Corvée, comply with legal obligations, resolve disputes, enforce our Terms, secure the service, and maintain business records.

In general:

• Account and content data are retained while your account exists.
• You may edit or delete timesheet entries, contacts, acronyms, and projects from inside the app.
• When you delete your account, Corvée removes active account data from its systems immediately.
• Deleted account data may remain in backups for up to six months before removal through normal backup lifecycle processes.
• Voice recordings are not intentionally retained by Corvée after transcription.
• Billing, payment, tax, accounting, fraud prevention, dispute, and legal records may be retained as required by law or legitimate business needs.
• Corvée may retain minimal deletion audit information, such as a deletion timestamp and non-personal deletion record, to demonstrate that deletion was completed.
• Local chat history stored in your browser may remain on your device until you clear it in the app or through browser storage settings.

Deleted accounts may not be recoverable.

Your choices

You may:

• Edit or delete timesheet entries, contacts, acronyms, and projects from inside the app.
• Change account profile fields and preferences.
• Disable AI lookup features for contacts or acronyms in Settings where available.
• Clear local chat history from the app or browser storage.
• Cancel paid subscriptions through the app, billing portal, or other supported billing path.
• Delete your account from Settings where available.
• Contact us at privacy@corvee.io for privacy questions or requests.

Your privacy rights

Depending on where you live, you may have rights regarding your personal information. These may include the right to:

• Access personal information we hold about you
• Correct inaccurate personal information
• Delete personal information
• Receive a copy of your personal information in a portable format
• Restrict certain processing
• Object to certain processing
• Withdraw consent where processing is based on consent
• Lodge a complaint with a data protection authority

To exercise privacy rights, contact privacy@corvee.io. We may need to verify your identity before fulfilling a request. We will respond within the timeframe required by applicable law.

Some requests may be limited where information is needed to provide the service, comply with law, prevent fraud or abuse, protect security, resolve disputes, enforce agreements, or preserve legal rights.

International data transfers

Corvée is operated from Puerto Rico and the United States. Your information may be processed in the United States, Puerto Rico, and other countries where we or our service providers operate.

If GDPR, UK GDPR, or similar laws apply and information is transferred internationally, we rely on appropriate safeguards where required, such as vendor data protection terms, standard contractual clauses, adequacy decisions, or other lawful transfer mechanisms.

Security

We use reasonable technical and organizational measures designed to protect personal information.

These measures may include:

• HTTPS encryption in transit
• Authentication and session controls
• Database row-level access controls
• Server-side handling of API keys and credentials
• Access controls for administrative systems
• Least-privilege access where practical
• Logging, monitoring, and debugging tools where appropriate
• Vendor security controls provided by hosting, database, payment, and AI providers

No online service can guarantee perfect security. You are responsible for protecting your login credentials and for using Corvée in a secure environment.

If you believe your account or data has been compromised, contact privacy@corvee.io.

Children’s privacy

Corvée is a professional productivity tool and is not directed to children. You must be at least 18 years old, or the legal age required to enter into a binding contract in your jurisdiction, to use Corvée.

We do not knowingly collect personal information from children. If you believe a child has provided personal information to Corvée, contact us so we can take appropriate action.

Do Not Track and automated signals

Some browsers send Do Not Track signals. There is no consistent industry standard for how online services should respond to these signals, so Corvée does not currently respond to Do Not Track signals.

If legally required in the future, Corvée may support additional privacy preference signals.

Changes to this policy

We may update this Privacy Policy from time to time.

When we make material changes, we will provide notice through the product, by email, or by another reasonable method where appropriate. The current version of this policy applies to your use of Corvée.

Contact

Questions or requests about this Privacy Policy can be sent to:

privacy@corvee.io

General support questions can be sent to:

info@corvee.io

Response times may vary.