← Back to imdave.ai
imdave

Privacy Policy

Last updated: 29 April 2026

1. Who we are (data controller)

MVT Management is the data controller for personal data processed through imdave. Registered office: 1 Allied Business Centre, Coldharbour Lane, Harpenden, England, AL5 4UT. Contact: hello@imdave.ai.

This policy explains what personal data we collect, why, how we process it, and your rights under UK GDPR.

2. What we collect

  • ·Account data: name, email, password (hashed)
  • ·Usage data: chat messages you exchange with AI agents, project briefs, files you upload, agent outputs delivered to you
  • ·Payment data: payment method, billing address, invoice history. Card details handled by Stripe — we never see or store card numbers.
  • ·Technical data: IP address, browser type, device type, session timestamps, error logs
  • ·Inferred data: preferences, tone settings, brand information, design direction provided during onboarding or via the intake form
  • ·Token consumption data: AI agents used, tokens consumed per task, features activated — used for billing transparency and operational debugging
  • ·Trial conversion data: trial start date, daily message counts, free preview generations, subscription activation events — retained for fraud prevention and product analytics

3. Why we process your data

  • ·Provide the Service (you can't use it without us processing your messages and files)
  • ·Generate invoices and process payments
  • ·Send transactional emails (account confirmations, invoices, service updates)
  • ·Detect abuse and protect the Service
  • ·Comply with legal obligations (tax records, accounting)
  • ·Improve the Service (aggregate, anonymous analysis)

Legal bases: contract (providing the Service), legal obligation (tax records), legitimate interests (security, service improvement), consent (marketing emails, if any).

4. Who we share data with

Sub-processors we use to operate the platform:

  • ·Anthropic — AI inference: we send your chat messages to Anthropic's Claude API to generate AI responses. anthropic.com/legal/privacy
  • ·Stripe — payments. stripe.com/gb/privacy
  • ·Vercel — hosting and sandbox/production deploys. vercel.com/legal/privacy-policy
  • ·Cloudflare — DNS and domain registration. cloudflare.com/privacypolicy
  • ·Supabase — database (account data, messages, projects). supabase.com/privacy
  • ·Brevo — transactional email. brevo.com/legal/privacypolicy
  • ·Flux / Replicate — image generation for premium proposals and image features
  • ·Leonardo, Runway, FAL — additional media generation where used

We do not sell your data to third parties. We do not use your chat content to train AI models beyond the scope of providing a response to you.

5. International transfers

Some sub-processors (e.g. Anthropic, Stripe) are US-based or operate globally. Data transfers outside the UK are covered by Standard Contractual Clauses or equivalent safeguards required under UK GDPR.

6. How long we keep your data

  • ·Active accounts: for as long as you use the Service
  • ·After cancellation: 30-day grace period (full data), then 60 days cold storage, then deletion
  • ·Invoice and tax records: 7 years (UK tax law)
  • ·Refund eligibility records and feature-use audit logs: retained for the duration of the account plus 7 years
  • ·Backups: rolling 30-day backup cycle, deleted thereafter

7. Aggregate and anonymous data

We may generate aggregate statistics that cannot identify you. This data is not subject to the retention rules above.

8. Your rights

Under UK GDPR you have the right to:

  • ·Access — request a copy of your personal data
  • ·Correct — update inaccurate data (most fields editable in account settings)
  • ·Delete — request deletion (subject to legal retention requirements on invoices)
  • ·Restrict — limit how we process your data
  • ·Port — receive your data in machine-readable format
  • ·Object — to processing based on legitimate interests
  • ·Withdraw consent — for processing based on consent

To exercise any of these, email hello@imdave.ai. We’ll respond within one month. If you’re unsatisfied, you can complain to the ICO: ico.org.uk

9. Security

We protect your data using encryption in transit (TLS), encryption at rest, access controls, and audit logging. If a breach affects your data, we’ll notify you and the ICO within 72 hours of becoming aware, as required by UK GDPR.

10. Children

The Service is not intended for under-18s. We do not knowingly collect data from children.

11. Changes

We may update this policy. Material changes will be notified by email at least 14 days in advance.

12. Contact

Data protection questions: hello@imdave.ai
Postal: 1 Allied Business Centre, Coldharbour Lane, Harpenden, England, AL5 4UT

Terms·Privacy·Cookies