Privacy Policy
Effective Date: March 31, 2026 | Version 1.0
Data Controller: PvT Consulting Inc, d/b/a ShowOps.AI
Contact: legal@pvtconsulting.com
Applies To: ShowOps web platform, mobile application, and related services
Jurisdictions: United States, EU/EEA, United Kingdom, Canada, and other regions where ShowOps operates
This Privacy Policy explains how PvT Consulting Inc, d/b/a ShowOps.AI ("ShowOps", "we", "us", or "our") collects, uses, discloses, and protects information about you when you use our software platform, mobile application, and related services (collectively, the "Services"). It also explains your privacy rights and how applicable law protects you.
1.Information We Collect
1.1 Information You Provide Directly
- Account information: name, email address, job title, company name, and password
- Profile information: profile photo, preferences, and settings
- Payment information: billing address, payment card details (processed and tokenized by Stripe — we do not store raw card numbers), and transaction history
- Communications: messages you send us, support requests, and survey responses
- User-generated content: any data, files, or content you upload or create through the Services
1.2 Information Collected Automatically
- Usage data: pages or features accessed, actions taken, time spent, and feature usage patterns
- Device information: device type, operating system, browser type and version, and device identifiers
- Log data: IP address, access timestamps, referring URLs, and error logs
- Location data: general geographic location inferred from IP address (not precise GPS unless explicitly granted)
- Cookies: session identifiers, preferences, and analytics data (see Section 8)
1.3 Information from Third Parties
- Your employer or organization (if your account is provisioned by them)
- Authentication providers (e.g., Google, Microsoft SSO) when using single sign-on
- Payment processors (e.g., Stripe) — limited transaction confirmation data only
- Publicly available sources for business verification purposes
2.How We Use Your Information
| Purpose | Data Used | Legal Basis (GDPR) |
|---|---|---|
| Providing and improving the Services | Account, usage, device data | Contract performance |
| Processing payments and billing | Payment and account data | Contract performance |
| Account communications | Contact information | Contract performance |
| Product updates and marketing (opt-out available) | Email, usage data | Legitimate interests / Consent |
| Security and fraud prevention | Log, device, usage data | Legitimate interests |
| Analytics and improvement | Usage, device, log data | Legitimate interests |
| Legal compliance | As required by law | Legal obligation |
| Enforcing Terms of Service | Account, usage, log data | Legitimate interests |
3.Legal Bases for Processing (GDPR / UK GDPR)
If you are in the EEA, UK, or another jurisdiction requiring a lawful basis, we rely on:
- Contract performance: Processing necessary to provide the Services or fulfil contractual obligations.
- Legitimate interests: Security, fraud prevention, analytics, and improving the Services — where not overridden by your rights.
- Legal obligation: Processing required to comply with applicable law.
- Consent: Where we rely on consent (e.g., marketing emails), you may withdraw at any time without affecting prior processing.
4.Data Sharing and Disclosure
We do not sell your personal data.
4.1 Service Providers. We engage trusted third-party vendors (cloud infrastructure, payment processing, email delivery, analytics, support tools) who are contractually obligated to protect your data and may only process it on our instructions.
4.1.1 AI-Powered Features. ShowOps includes an AI chat assistant powered by Anthropic (Claude). When you use the chat feature, your messages and relevant event context are sent to Anthropic's API for processing. Anthropic processes this data solely to generate responses and does not use it to train models. For more information, see Anthropic's Privacy Policy. You should not include sensitive personal data (e.g., social security numbers, financial account numbers) in chat messages.
4.2 Business Transfers. In a merger, acquisition, or asset sale, your information may be transferred. We will notify you via email and/or prominent notice prior to such transfer.
4.3 Legal Requirements. We may disclose information if required by law, court order, or to protect rights, property, safety, or prevent illegal activity.
4.4 With Your Consent. We may share information when you have explicitly consented.
5.International Data Transfers
Your data may be transferred to and processed in countries other than your country of residence, including the United States. For transfers from the EEA or UK to countries without an adequacy decision, we rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- The UK International Data Transfer Agreement (IDTA) where applicable
- Other lawful transfer mechanisms under applicable law
You may request a copy of the applicable transfer mechanism by contacting legal@pvtconsulting.com.
6.Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected.
| Data Category | Retention Period |
|---|---|
| Account data | Duration of account + 3 years after closure |
| Payment/billing records | 7 years (tax and financial compliance) |
| Usage and log data | Up to 24 months |
| Support communications | 3 years from resolution |
| Marketing consent records | Until consent withdrawn + 3 years |
| Backup copies | Up to 90 days after deletion from primary systems |
7.Your Privacy Rights
7.1 Rights Under GDPR / UK GDPR (EEA and UK Users)
- Right of access: Request a copy of the personal data we hold about you
- Right to rectification: Request correction of inaccurate or incomplete data
- Right to erasure: Request deletion of your data, subject to exceptions
- Right to restriction: Request that we limit how we use your data
- Right to data portability: Receive your data in a structured, machine-readable format
- Right to object: Object to processing based on legitimate interests or for direct marketing
- Right to withdraw consent: Withdraw at any time without affecting prior processing
- Right to lodge a complaint: Contact your national supervisory authority
7.2 Rights Under CCPA / CPRA (California Residents)
- Right to know what personal information we collect, use, disclose, and sell (we do not sell personal information)
- Right to delete personal information, subject to exceptions
- Right to correct inaccurate personal information
- Right to opt out of sale or sharing (not applicable — we do not sell or share for cross-context behavioral advertising)
- Non-discrimination: We will not discriminate against you for exercising your rights
7.3 Exercising Your Rights. Contact us at legal@pvtconsulting.com. We will respond within the timeframe required by law (30 days for GDPR; 45 days for CCPA). We may need to verify your identity before processing your request.
8.Cookies and Tracking Technologies
ShowOps currently uses only strictly necessary cookies (session authentication and security) that do not require consent under applicable privacy laws. We do not use analytics, functional, or marketing cookies at this time. If we introduce optional cookies in the future, we will update this policy and provide appropriate consent mechanisms.
| Category | Purpose | Required? |
|---|---|---|
| Strictly Necessary | Authentication, security, session management | Yes — cannot be disabled |
| Functional | Remembering preferences and settings | Optional |
| Analytics | Understanding feature usage and improving the product | Optional |
| Marketing | Personalised communications (if opted in) | Optional — consent required |
9.Data Security
We implement appropriate technical and organisational measures to protect your data:
- Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
- Role-based access controls with least-privilege principles
- Multi-factor authentication for internal and administrative access
- Regular security assessments and penetration testing
- Incident response procedures and breach notification protocols
No method of transmission or storage is 100% secure. In the event of a data breach affecting your rights, we will notify you and applicable regulators as required by law.
10.Children's Privacy
Our Services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child, we will take steps to delete it. If you believe we have collected data from a child, please contact us at legal@pvtconsulting.com.
11.Changes to This Policy
We may update this Privacy Policy from time to time. For material changes, we will notify you by email and/or by posting a prominent notice in the Services at least 30 days before changes take effect. Continued use after the effective date constitutes acceptance.
12.Contact Us
| Privacy Inquiries | legal@pvtconsulting.com |
| Mailing Address | PvT Consulting Inc, d/b/a ShowOps.AI 7044 Winnetka Ave, Los Angeles, CA 91306, USA |
| EU Representative | To be appointed before EU launch |
| UK Representative | To be appointed before UK launch |
| DPO | Not applicable at current scale — under review |
We aim to respond to all privacy-related inquiries within 30 days. For GDPR complaints, you also have the right to contact your local supervisory authority.
This Privacy Policy was last updated on March 31, 2026.