Previ AI Privacy Policy

Last updated: August 11, 2025

Introduction

Previ AI is an AI‑powered HR assistant that helps organizations answer employee questions, draft communications, and analyze HR information. Protecting privacy is fundamental to our mission. This Privacy Policy explains what information we collect, how we use and share it, and the choices available to you. By using Previ AI you agree to the practices described here.

Roles. Under our enterprise agreements, your employer (the “Customer”) is the controller/business and Previ is the processor/service provider. We process personal data only under the Customer’s instructions.

What Information We Collect

1) Information you provide

  • Chat content – any text you enter into Previ AI, which may include personally identifiable information (PII) or sensitive HR data.

  • Uploaded documents – files such as policies or handbooks you choose to upload. We support two kinds of uploads: (a) Chat uploads attached within a conversation, and (b) Reference Library uploads added for ongoing reuse by your organization.

  • Account details – names, business email addresses, roles, and similar information needed to create user accounts.

2) Information collected automatically

  • Usage metadata – timestamps, feature flags, error logs, and aggregate statistics.

  • Device and network data – IP address, browser type, operating‑system version.

  • Cookies – limited to functional and analytics purposes; no advertising cookies.

3) Data from connected HR systems

If your organization enables an integration (e.g., BambooHR, Workday), Previ AI processes only the fields authorized by the administrator, such as employee names, titles, or work emails.

How We Use Information

  • To deliver the service – generating responses, maintaining context, and displaying results.

  • LLM processing – securely transmitting prompts to our model provider (currently OpenAI) to generate answers. OpenAI does not use API data to train its public models and deletes it after 30 days. Previ does not use Customer Content to train models.

  • Service improvement – analyzing de‑identified usage patterns to improve accuracy and reliability.

  • Security and compliance – detecting abuse, preventing fraud, and meeting legal obligations.

  • Communications – sending service updates or responding to support requests.

We never sell personal information or use it to build marketing profiles.

Sharing Information

  • Service providers – limited to subprocessors required to run Previ AI (e.g., OpenAI, cloud hosting). All are bound by strict confidentiality and data‑processing agreements.

  • Within your organization – data is accessible to authorized users and admins only; cross‑tenant access is technically blocked.

  • Legal compliance – disclosures only when required by law, with notice where permitted.

  • Business transfers – data may transfer as part of a merger or acquisition, subject to the same protections.

California disclosure. We do not sell or share personal information as defined by California law (CPRA).

Data Retention

  • Chat history and chat‑attached uploads are retained for 120 days, then permanently deleted. If a partner integration or model provider applies a shorter retention period to the copies they process, we follow that shorter window for those copies.

  • Reference Library uploads are retained until the Customer deletes them or the account terminates. Upon termination, we delete these uploads within up to 60 days as part of account closure.

  • LLM provider retention is up to 30 days for abuse monitoring (separate from Previ retention).

  • Account records persist while the customer account is active and for up to 60 days after termination.

  • Backups containing deleted data roll off automatically within standard backup lifecycles.

Security

We use TLS encryption in transit, AES‑256 encryption at rest, role‑based access controls, continuous monitoring, and annual penetration tests. Our infrastructure is hosted in SOC 2 and ISO 27001 certified data centers. Previ AI itself is working toward SOC 2 Type II certification.

Your Rights

Employees should direct access, correction, or deletion requests to their employer. We assist customers in fulfilling rights under laws such as the CCPA/CPRA. We support deletion or export of personal data on verified request. If a request is denied, residents of Colorado, Connecticut, or Virginia may appeal through their employer; we will support the appeal process upon verified request.

Responsible AI & EEOC Compliance

Previ AI is an assistive tool. Outputs may be inaccurate and must be reviewed by qualified HR personnel. Customers must not rely solely on AI for employment decisions and must ensure compliance with equal‑employment laws.

International Transfers

Data is stored in the United States. If we later serve other regions, we will implement appropriate transfer safeguards.

Changes to This Policy

We may update this Privacy Policy and will notify customers of material changes at least 30 days in advance.

Contact Us

Questions or privacy requests? Email feedback@previ.com or write to Previ, Inc. at our mailing address listed on our website.