Privacy Policy

Last Updated: July 1, 2025

1. Introduction

Welcome to Onvoke ("we," "our," or "us"). We are committed to protecting your privacy and handling your data in an open and transparent manner. This Privacy Policy explains how we collect, use, disclose, safeguard, and otherwise process your information when you use our website, our web application, and our browser extension (collectively, the "Services").

Our core service is to transform user workflows into comprehensive documentation. To do this, our browser extension records your actions and captures screen content, which we then use to generate documents with the help of artificial intelligence. We understand the sensitivity of this data and this policy is designed to help you understand exactly what we collect and how we use it.

By creating an account or using our Services, you agree to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with the terms of this policy, please do not use our Services.

2. Information We Collect

We collect several types of information to provide and improve our Services. The data we collect depends on how you use our Services.

A. Information You Provide to Us

  • Account Information: When you create an Onvoke account, we collect your authentication information. We use External Authentication System for this, which means we collect your email address and a hashed password if you sign up directly. If you sign in using a third-party provider like Google, we receive your name and email address from that service.

B. Information Collected by the Onvoke Extension (Your "Workflow Data")

This is the core data we use to create your documentation. When you activate our browser extension and click "Start Recording," we collect the following data until you click "Stop Recording":

  • User Actions: We log all your interactions with the web pages you visit. This includes every click you make and all keystrokes you type into any field.
  • Screenshots: We take periodic screenshots of the active browser tab to visually capture the steps in your workflow.
  • Visited URLs: We record the full URL of all web pages you visit during a recording session.
  • Page Content: We capture the content of the web pages you interact with to provide context for your actions.

This Workflow Data is temporarily stored in our Servers.

C. Information We Generate and Store

  • Generated Documentation: The final output, the documentation created from your Workflow Data, is stored in our database. While you, the user, own this documentation, it is currently stored in a publicly accessible manner. We are actively working to enhance the privacy of this content in our upcoming releases.

D. Information Collected Automatically

  • Usage Data: Like most websites, we may collect standard technical information when you interact with our website and dashboard, such as your IP address, browser type, operating system, and the dates and times of your visits.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To Provide the Core Service: We use your Workflow Data as the primary input for the Standard AI model to generate technical documentation. This is the fundamental purpose of our service.
  • To Operate and Maintain our Services: To create and manage your account, provide you with customer support, and ensure the proper functioning of our Services.
  • For Troubleshooting and Support: Our support team may need to access your account information and the generated documentation to diagnose and resolve technical issues you report.
  • To Improve Our Services: We analyze usage data to understand how our users interact with our Services, which helps us improve the user experience and develop new features.
  • For Security and Legal Compliance: To protect our Services, prevent fraud and abuse, and comply with our legal obligations.

4. How We Share Your Information

We do not sell your personal information. We may share your information with the following third-party service providers who help us operate our business:

  • Supabase: We use Supabase for our backend infrastructure, including authentication, database hosting, and file storage (for your Workflow Data). We implement strong Row-Level Security (RLS) policies to ensure that your raw Workflow Data is segregated and cannot be accessed by other users.
  • Google: We use Google Gemini API to generate your documentation. According to Google's API policies, they do not use this data to train their models without your consent and have their own data handling and retention policies.
  • Legal Requirements: We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to comply with a legal obligation, protect and defend our rights or property, prevent or investigate possible wrongdoing in connection with the Services, or protect the personal safety of users of the Services or the public.
  • Business Transfers: In the event of a merger, acquisition, or asset sale, your information may be transferred. We will provide notice before your information is transferred and becomes subject to a different Privacy Policy.

5. Data Retention and Deletion

We have a clear policy for how long we keep your data:

  • Workflow Data: To protect your privacy, we automatically delete all raw Workflow Data from our Servers on a weekly basis.
  • Generated Documentation: We retain the final documentation you create in our database for as long as your account is active, so you can access it at any time.
  • Account Information: We retain your account information for as long as you have an account with us. If you delete your account, we will delete your personal information in accordance with our standard procedures.

6. Data Security

We take the security of your data seriously and use a combination of technical, administrative, and physical controls to maintain the security of your data. We leverage the robust security features of Supabase, including strong Row-Level Security for our database. Please note that while we are in our MVP stage, the storage for raw Workflow Data (screenshots and logs) is transitioning from public to private access to enhance security. Generated documents are also currently publicly accessible, and we plan to implement stricter access controls soon.

However, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

7. Your Data Rights and Choices

Depending on your location and the laws that apply, you may have certain rights regarding the personal information we hold about you. These may include the right to:

  • Access: You have the right to request a copy of the personal information we hold about you.
  • Correction: You have the right to request that we correct any inaccurate or incomplete information.
  • Deletion: You have the right to request that we delete your personal information and your generated documents.
  • Object to Processing: You have the right to object to our processing of your personal information.
  • Data Portability: You may have the right to receive your data in a structured, commonly used, and machine-readable format.

To exercise any of these rights, please contact us at founders@onvoke.com. We will respond to your request in accordance with applicable law.

8. International Data Transfers

Onvoke is operated from India. Your information, including personal data, will be processed in India and in other countries where our service providers are located (such as the locations of Supabase and Google Cloud servers). These countries may have data protection laws that are different from the laws of your country. By using our Services, you consent to the transfer of your information to countries outside your country of residence.

9. Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information from our files.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: founders@onvoke.com