This policy describes what data ifivo collects, why we collect it, and the choices you have. It applies to the ifivo website, the ifivo agent gateway, the dashboard at /app, and the MCP server.
Data we collect
Account data. Email, name, organization name, organization slug.
Agent action data. The fields customers route through the gateway: vendor, action type, amount, risk score, free-form metadata, and the policy decision. Customers control what goes into metadata.
Operational data. Request logs (IP, user agent, timestamps), error traces, and aggregate usage counters.
ifivo does not intentionally collect payment card data, government IDs, or health information. Do not put any of those in action metadata.
How we use data
- To operate the gateway, evaluate policies, and return decisions.
- To show you the dashboard, approvals queue, and audit log.
- To detect abuse and debug incidents.
- To improve the product in aggregate. We do not train foundation models on your data.
Retention
- Action logs: retained for the duration of your subscription plus 30 days, unless you delete them sooner.
- Approval decisions: retained to preserve audit integrity for 7 years, unless contractually overridden.
- Account data: kept while the account is active; deleted within 30 days of account closure, except as required by law.
Your rights
If you are in the EU, EEA, UK, or California, you have rights to access, correct, export, and delete your personal data. Email privacy@ifivo.com and we will respond within 30 days.
Contact
Privacy questions: privacy@ifivo.com. Security reports: security@ifivo.com.