P
Prodovo Labs
Free trial

Privacy Policy

Effective date: March 29, 2026 · Last updated: March 29, 2026

1. Introduction

Prodovo Labs LLC (“we,” “us,” or “our”) operates Prodovo Labs, a compliance screening platform for e-commerce sellers. This Privacy Policy explains how we collect, use, store, share, and protect your information when you use our website and Service. By using the Service, you agree to the practices described in this Privacy Policy. If you do not agree, do not use the Service.

This Privacy Policy is incorporated into and subject to our Terms of Service. Capitalized terms not defined here have the meanings given in the Terms.

2. Information We Collect

Account Information

When you create an account, we collect your email address and any profile information you provide (name, company, role). Authentication is handled through Supabase, a third-party authentication provider.

Product Data You Submit

When you use the Service, you may submit product listing text, product images, product URLs, or bill-of-materials documents for analysis (“User Content”). This data is processed to generate your compliance screening report and is stored in your account. You are responsible for ensuring you have the right to submit any data you upload.

Usage Data

We automatically collect anonymized usage data including pages visited, features used, scan counts, referral source, browser type, device type, and general interaction patterns. We use Vercel Analytics for privacy-friendly, cookie-free web analytics. We do not collect IP addresses for analytics purposes.

Payment Information

Payment processing is handled entirely by Stripe, Inc. We do not store, process, or have access to your full credit card numbers, bank account details, or other sensitive payment credentials on our servers. We receive only a transaction confirmation, last four digits of your card, and billing status from Stripe. Stripe's privacy policy governs the handling of your payment data.

Communication Data

If you contact us via email, we collect the content of your communications, your email address, and any information you voluntarily provide.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, operate, maintain, and improve the Service
  • To process your compliance scans and generate screening reports
  • To manage your account and subscription billing
  • To send transactional emails (welcome, scan results, billing notifications, trial reminders)
  • To send product updates and feature announcements (you can unsubscribe at any time)
  • To monitor, detect, and prevent abuse, fraud, or unauthorized use of the Service
  • To comply with applicable legal obligations, legal process, or enforceable governmental requests
  • To enforce our Terms of Service and protect our rights and the rights of others
  • To respond to your questions and support requests

We do not sell your personal information. We do not use your personal information for automated decision-making or profiling that produces legal effects.

4. AI Processing Disclosure

How AI Is Used in the Service

Product data you submit (text, images, documents) is sent to third-party AI providers for the purpose of product identification and analysis. This AI processing is a core part of how the Service works. By using the Service, you consent to this processing.

AI provider: We currently use Anthropic (Claude) for AI-powered product identification. Your product data is sent to Anthropic's API for processing. Anthropic's data usage policies govern how they handle data sent through their API.

What is sent: Product images, listing text, product descriptions, and bill-of-materials information that you submit for scanning. We do not send your email address, name, payment information, or other personal account data to AI providers.

What is not done: We do not use your product data to train AI models. Your submissions are processed solely to generate your individual compliance screening report. We do not share your product data with other users or make it publicly accessible.

AI limitations: AI-generated product identifications may be inaccurate. The compliance screening that follows uses a deterministic, rule-based engine — not AI — to identify regulatory requirements. However, the accuracy of the screening depends on the accuracy of the AI-generated product identification. See our Terms of Service for important disclaimers about Service output accuracy.

5. How We Protect Your Data

We implement commercially reasonable technical and organizational security measures to protect your information, including:

  • Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS (HTTPS)
  • Encryption at rest: Data stored in our database is encrypted at rest
  • Account isolation: Row-level security ensures your scans and reports are only accessible to your authenticated account
  • No data selling: We never sell your personal information or product data to third parties
  • No AI training: We do not use your product data to train AI models
  • Infrastructure providers: We use Vercel (hosting), Supabase (database and authentication), and Stripe (payments) — all of which maintain SOC 2 Type II certifications

No method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially reasonable means to protect your information, we cannot guarantee its absolute security.

6. Data Sharing and Sub-Processors

We share your information only with the following categories of recipients:

Service Providers (Sub-Processors)

ProviderPurposeData Shared
VercelHosting, CDN, serverless functionsRequest logs, anonymized analytics
SupabaseDatabase, authentication, file storageAccount data, product data, scan results
StripePayment processing, subscription managementEmail, billing details (not stored by us)
ResendTransactional email deliveryEmail address, email content
AnthropicAI product identificationProduct images, listing text, BOM data

Legal and Safety Disclosures

We may disclose your information if required to do so by law, regulation, legal process, or enforceable governmental request, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a government request.

Business Transfers

In connection with a merger, acquisition, reorganization, or sale of all or substantially all of our assets, your information may be transferred as part of that transaction. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

We do not sell, rent, lease, or trade your personal information to advertisers, data brokers, or any other third parties.

7. Data Retention

We retain your account data and scan history for as long as your account is active or as needed to provide the Service. If you delete your account or request deletion, we will remove your personal data and scan results within 30 days. Some data may be retained longer if required by law or for legitimate business purposes (e.g., billing records, dispute resolution).

Anonymized, aggregated data that cannot be used to identify you may be retained indefinitely for analytics and product improvement purposes.

8. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

All Users

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your account and associated data
  • Data portability: Export your scan reports in PDF and CSV formats
  • Opt out of marketing: Unsubscribe from marketing emails at any time via the unsubscribe link in any email

California Residents (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (as amended by the California Privacy Rights Act) provides you with additional rights:

  • Right to Know: You may request the categories and specific pieces of personal information we have collected about you, the sources, the business purpose, and the categories of third parties with whom we share it
  • Right to Delete: You may request that we delete the personal information we have collected from you, subject to certain exceptions
  • Right to Correct: You may request that we correct inaccurate personal information
  • Right to Opt Out of Sale/Sharing: We do not sell or share (as defined by CCPA/CPRA) your personal information. No opt-out is required, but this right is available to you
  • Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights

Categories of personal information collected in the preceding 12 months: Identifiers (email address, name), commercial information (subscription history, scan usage), internet activity (usage data, pages visited), and professional information (company, role).

Other State Privacy Laws

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and other states with consumer privacy laws may have similar rights to access, delete, correct, and opt out. We honor all applicable state privacy requests. Contact us at the address below to exercise your rights.

To exercise any privacy right, contact us at privacy@prodovo.io. We will respond to verifiable requests within 45 days (or such shorter period as required by applicable law). We may need to verify your identity before processing your request.

9. Cookies and Tracking

We use only essential cookies required for authentication and session management. We do not use advertising cookies, third-party tracking cookies, or cross-site tracking technologies.

Our web analytics (Vercel Analytics) are cookie-free, privacy-friendly, and do not track individual users across sites. We do not participate in ad networks or use retargeting pixels.

10. Children's Privacy

The Service is designed for business use by adults and is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If you believe that a child under 18 has provided us with personal information, please contact us at privacy@prodovo.io and we will take steps to delete that information promptly.

11. International Data Transfers

The Service is operated from and hosted in the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States. By using the Service, you consent to the transfer of your information to the United States, which may have different data protection laws than your country of residence.

12. Do Not Track

Some web browsers transmit “Do Not Track” (DNT) signals. Because there is no universally accepted standard for how to respond to DNT signals, we do not currently respond to DNT signals. However, we do not engage in cross-site tracking regardless of DNT settings.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. Material changes will be communicated via email or through a notice in the Service at least 15 days before taking effect. The “Last updated” date at the top of this page reflects the most recent revision.

Your continued use of the Service after the effective date of a revised Privacy Policy constitutes your acceptance of the revised policy. If you do not agree to the changes, you should stop using the Service and contact us to delete your account.

14. Contact

If you have questions about this Privacy Policy, want to exercise your privacy rights, or have a complaint about our data practices, contact us at:

Prodovo Labs LLC

Email: privacy@prodovo.io

Website: prodovo.io