Our commitments Data journey Legal basis AI processing Sub-processors Transfers Retention Your rights California Security Cookies Children Changes
Privacy

Honest intelligence
starts here.

CHOIVE tells businesses the truth about where they stand — even when the answer is uncomfortable. This page applies the same standard to your data. Every sentence on this page is written to inform you, not protect us.

Last updated: 1 July 2026
Version 1.0 — initial policy
Data questions: hello@choive.com
VERDICT 01
We do not sell your data. Not to anyone. Not ever.
Your business information enters CHOIVE for one reason — to run your diagnostic. It exits CHOIVE for nothing else. This is not a policy. It is how the product is built.
VERDICT 02
We do not track you across the internet.
No advertising pixels. No cross-site cookies. No behavioural profiles. No Google Analytics building a shadow record of your browsing. When you leave choive.com, we lose track of you. That is the design.
VERDICT 03
Your data is not how we make money.
CHOIVE's revenue comes from businesses paying for diagnostics and reports. The moment we monetise your data another way, this product loses its integrity. We will not do that.
What actually happens

Every step your data takes
when you run a diagnostic.

From the moment you hit the button to the moment your result appears. Nothing omitted. Nothing softened.

1
You submit your business information Enters CHOIVE
Business name, category, city, and website URL. Optionally: a one-line description and known competitors. This hits CHOIVE's serverless function running on Netlify's infrastructure. Nothing is stored at this point — the diagnostic begins immediately.
2
Live search signals are pulled Serper receives query terms
Your business name, category, and city are used to run search queries via Serper's API. This tells us what currently exists in search about your category — what competitors appear, what signals they carry. Serper receives query strings only, not your full form submission.
3
Your website is inspected Apify receives your URL
Your website URL is fetched to check technical AI selection signals: schema markup, llms.txt, H1, meta description, title tag. Review and citation data is also checked. Only your website URL and business name are shared with Apify — nothing else.
4
Claude analyses everything Anthropic receives your data + evidence
This is the most important step to understand. All collected evidence — your business information, the search results, the website inspection findings, the citation data — is sent to Anthropic's Claude API. Claude generates your score, identifies the competitor AI recommends instead of you, writes your findings, and produces your priority actions. This is entirely automated. No human at CHOIVE reviews your individual result. Per Anthropic's API terms, your data is not used to train their models.
5
Your result is stored so you can return to it Supabase
The complete diagnostic result is written to our Supabase database, tied to a unique job ID. This is what makes your shareable link permanent. Your business name, category, city, and result are stored. No account or login required.
6
If you give us your email, we send your link Resend — only if you choose
Entirely optional. If you enter your email to save your result, that address and your result link are sent via Resend's email API. Your email is stored alongside your result in Supabase. You are not added to any marketing list — the only email you receive is the one you asked for.
7
If you pay, Stripe handles everything CHOIVE never sees your card
All payment processing runs through Stripe. CHOIVE does not receive, store, or have access to your card details at any point. Stripe sends us a payment confirmation and the associated job ID. That is all we receive from a transaction.
AI and automated processing

Your score is generated by AI.
Here is exactly what that means.

Most companies bury this. We lead with it because it is the most important thing to disclose. CHOIVE's entire product is automated AI assessment. You have a right to understand it completely.

What Claude does with your data — step by step
Receives your business data and all collected evidence. Search results, website signals, citation data, and your form inputs are assembled into a single structured brief and sent to Claude via Anthropic's API.
Scores your business across four pillars. Clarity, Trust, Difference, and Ease — each scored out of 25. The total becomes your CHOIVE Index. This is automated. No human reviews or adjusts your individual score.
Identifies who AI recommends instead of you. Claude simulates the queries your potential customers ask AI platforms and observes which competitor appears in the responses. This is the displacement signal at the top of your result.
Writes your findings, verdict, and priority actions. Every sentence in your result — the summary, the pillar findings, the recommended fixes — is written by Claude. Entirely automated.
If you purchase a Report, Claude generates the complete PDF. The personalised letter, the score projection, the competitor signal table, and the 30-day implementation plan are all produced by Claude from your diagnostic data.

What your score is not. It is not a human judgement. Not a legal assessment. Not a commercial guarantee. It is an AI-generated analysis of publicly observable signals at the time of the diagnostic. Signals shift. Scores can be re-run. The product is designed to reflect reality — not to flatter.

A note on profiling. Under GDPR Article 4(4), what CHOIVE does constitutes profiling — automated processing of data to evaluate aspects of a business. Specifically: its market position, AI recommendation likelihood, competitive standing, and structural gaps. We name this directly because the law requires it and because you deserve to know. The result of that profiling is your CHOIVE Index and everything that flows from it. Your right to object to this profiling is described in the Your Rights section.

Your right to challenge an automated result. If you believe your score is based on inaccurate data, or if the result has affected you in a way you consider unjust, email hello@choive.com with "Automated decision review" in the subject. We examine the specific data and methodology behind your diagnostic and respond within 14 days. This right exists regardless of where you are in the world.

On Anthropic's use of your data. When your information is sent to Anthropic's API, it is processed under Anthropic's API terms. Per those terms, Anthropic does not use API inputs to train its models. Your business data is used for your diagnostic session only.

Sub-processors

Every company that touches your data.
No omissions.

If a service receives any part of your data as part of delivering CHOIVE, it is in this table. We will update it before adding any new processor.

Company What they receive Why Where Transfer safeguard
Anthropic Business name, category, city, website, optional description, competitors, and all collected evidence Core AI diagnostic engine — generates your score, findings, competitor identification, and report United States Standard Contractual Clauses (SCCs)
Serper Business name, category, and city as search query terms Retrieves live search signals for your category United States SCCs
Apify Website URL and business name Website inspection and independent citation data retrieval EU — Czech Republic No transfer — EU-based
Supabase Diagnostic results, business name, category, city, job IDs, email addresses if provided Database — stores results to power the shareable link United States SCCs
Resend Email address and result link or Report PDF Delivers result emails and Report PDFs United States SCCs
Stripe Payment card details — handled entirely by Stripe. CHOIVE receives only a confirmation and job ID. Payment processing United States SCCs + EU-US Data Privacy Framework
Netlify IP address and standard request logs Hosting and serverless function execution United States SCCs
International transfers

If you are in the EU or UK — read this.

Most of CHOIVE's infrastructure runs on US-based services. If you are in the European Economic Area or the United Kingdom, your data crosses borders when you use CHOIVE. That is not something we hide — it is how the internet works for a global product built on best-in-class tools.

The legal safeguards that govern those transfers:

  • Anthropic, Supabase, Resend, Netlify, Serper: Standard Contractual Clauses (SCCs) — the EU-approved legal mechanism for US data transfers.
  • Stripe: SCCs plus certification under the EU-US Data Privacy Framework.
  • Apify: EU-based. No international transfer.

Using CHOIVE means accepting that the delivery of the diagnostic requires your business information to be processed in the United States under these safeguards. If that is not acceptable, do not run a diagnostic.

EU representative. As CHOIVE grows its European user base, we are in the process of appointing an EU representative under GDPR Article 27. Until that appointment is confirmed and published here, data queries from EEA residents are handled directly by the team at hello@choive.com with the same 48-hour response commitment.

Retention

Exactly how long we keep each type of data.
Not "a reasonable period." Specific dates.

Data How long Why
Free diagnostic results 90 days from creation Powers the shareable link during a reasonable retrieval window
Paid Analysis results 24 months from purchase Supports retrieval, re-access, and dispute resolution
Report PDF content 24 months from purchase Enables redelivery if the original email was not received
Email addresses 24 months from collection Supports result redelivery on request
Payment records 7 years Tax law. Non-negotiable. Cannot be deleted earlier regardless of request.
Server and request logs 90 days, rolling Security monitoring — overwritten automatically

After a retention period ends, data is deleted from active systems. Any residual copies in automated backups are overwritten within 30 days. To request early deletion of anything except payment records, email hello@choive.com — subject: "Data deletion." We confirm within 30 days.

Your rights

Seven things you can ask us to do.
With exactly how to ask.

Access
Want to know everything we hold about you? Ask. We send it within 30 days. No charge.
Correction
Something we hold is wrong? Tell us. We correct it within 14 days.
Deletion
Want it gone? We delete everything except legally-mandated payment records within 30 days.
Challenge automated processing
Dispute your AI-generated score. We review the data and methodology and respond within 14 days.
Portability
Want your data in a portable format? We provide it as JSON or CSV within 30 days.
Restriction
Want us to pause processing while a complaint is active? We apply a hold within 48 hours of your request.
Withdraw consent
Gave us your email and now want out? Email "Unsubscribe" to hello@choive.com. Done within 24 hours. No friction.

One email does it: hello@choive.com — subject: "Data rights request." No forms, no ticket systems, no waiting rooms. If you are in the EEA or UK and our response does not satisfy you, you have the right to escalate to your local supervisory authority.

California residents

If you are in California, you have additional rights under the CCPA.

California has the strongest consumer data rights in the United States. If you are a California resident using CHOIVE, those rights apply to you. Here is what they mean in practice — not in legal abstractions.

Right to know. You can ask us what personal information we collect about you, why we collect it, and who we share it with. The data journey section above answers this for everyone. California residents can also request a formal disclosure — email hello@choive.com with "CCPA — right to know" in the subject.

Right to delete. You can ask us to delete personal information we have collected about you. We will do so within 30 days, subject to legal retention requirements. Email us with "CCPA — deletion request."

Right to opt out of sale. CHOIVE does not sell personal information. There is nothing to opt out of. This is not a policy position — it is how the product works. We have no advertising revenue, no data broker relationships, and no mechanism through which your data is transferred in exchange for value.

Right to non-discrimination. Exercising any CCPA right will not result in you receiving a different level of service, a higher price, or any other penalty. The diagnostic works the same regardless of whether you have exercised data rights.

How to submit a CCPA request. Email hello@choive.com — include "CCPA request" in the subject and specify which right you are exercising. We respond within 45 days. No fee. No verification process beyond confirming you are the person whose data is at issue.

Security

What we do to protect your data. And what we commit to if something goes wrong.

HTTPS everywhere. Encrypted storage at rest. Role-based database access — the number of people who can touch production data is deliberately small. We do not log sensitive form inputs beyond what the diagnostic requires.

Something will eventually go wrong somewhere. If a breach puts your data at risk:

  • We notify the relevant supervisory authority within 72 hours of discovering it — as required by law.
  • We notify you immediately if the breach creates a high risk to your rights. Not when it is convenient. Immediately.
  • We document every incident internally, regardless of whether notification is legally required.

If you think your data has been compromised, email hello@choive.com now. Security reports go to the top of the queue.

Cookies

Minimal. Functional. Nothing that follows you.

CHOIVE uses only the cookies required for the service to function. There is no advertising infrastructure, no behavioural analytics platform, and no third-party tracking script embedded anywhere on this site.

  • Session cookies — maintain your active diagnostic. Expire when you close your browser. Disabling them breaks the diagnostic.
  • Nothing else.

Because we use only strictly necessary cookies, no consent banner is required. If this changes, we update this section and add the right controls before touching anything.

Children

CHOIVE is not for anyone under 18.

CHOIVE is a professional business intelligence tool. It is built for adults who own, operate, or manage businesses. We do not knowingly collect personal data from anyone under 18. We do not market to minors. The service has no features designed for or directed at children.

If you believe a minor has submitted data through CHOIVE — whether by running a diagnostic or making a purchase — email hello@choive.com immediately. We will delete all associated data without delay and, where a purchase was made, issue a full refund.

Parents and guardians who discover that a minor in their care has used CHOIVE should contact us. We take these cases seriously and resolve them the same day.

Changes

If this policy changes, here is how you will know.

The date at the top of this page changes whenever this policy changes. For material changes — anything that meaningfully affects how we collect, use, or share your data — we post a notice on the CHOIVE homepage for at least 14 days before the change takes effect.

Previous versions are available on request. If a material change is not acceptable to you, email us to delete your data before the new version kicks in. Using CHOIVE after that date means you accept the updated policy.

We do not apply policy changes retroactively to data already collected under a prior version.

Questions about this policy

Questions about this policy.
Reach us directly.

No ticket system. No privacy form that routes to nobody. If something on this page is unclear, or if how we handled your data does not feel right — send an email. We read everything and respond within 48 hours.

hello@choive.com
For data rights requests, include "Data rights request" in the subject line.