Privacy at a glance
This summary is provided for convenience. The full policy below contains the complete explanation.
Customer-controlled knowledge
Customers choose the website pages, FAQs and other knowledge sources connected to their Amevia agent.
Visitor interaction data
Amevia may process visitor messages, page context and information submitted through enabled lead or action flows.
Operational data
Amevia may process account, usage, request and error information needed to operate and secure the service.
Configured providers
Infrastructure, AI, email, analytics and payment providers are used only where configured for the service.
1.Scope
This Privacy Policy applies to:
- getamevia.com and other Amevia public pages;
- Amevia account creation and authentication;
- the Amevia workspace and dashboard;
- website onboarding and configuration;
- the Amevia widget installed on customer websites;
- visitor conversations with an Amevia agent;
- lead forms and other enabled visitor actions;
- support, sales, billing and privacy requests submitted through Amevia contact flows.
Third-party websites and services linked from Amevia have their own policies. A customer website using the Amevia widget remains responsible for its own privacy notice and for explaining how it uses Amevia on that website.
2.Who operates Amevia
Amevia is a product of Dioartis Grup SRL.
| Field | Value |
|---|---|
| Product | Amevia |
| Operator | Dioartis Grup SRL |
| Website | getamevia.com |
| Privacy contact | getamevia.com/contact?topic=security |
Field
Product
Value
Amevia
Field
Operator
Value
Dioartis Grup SRL
Field
Website
Value
getamevia.com
Field
Privacy contact
Value
getamevia.com/contact?topic=security
Registered office, company registration numbers and any dedicated privacy email address will be published here only when verified and approved for public display.
3.Roles and responsibilities
Public website and direct account relationship
Dioartis Grup SRL generally determines how information is processed for the public website, Amevia accounts, contact requests, product administration, service security and billing where enabled.
Customer website visitor data
For conversations and leads collected through a customer’s website:
- the customer normally determines why Amevia is used and which features are enabled;
- Amevia processes information to provide the configured service;
- exact roles may depend on the use case, contract and configuration.
Depending on the context, Dioartis Grup SRL may act as a controller, processor or service provider with distinct responsibilities. Customers are responsible for providing their own visitors with appropriate privacy information and obtaining any required permissions.
4.Information we process
A. Account information
May include name, email address, organization name, login and session information, account preferences, selected plan and workspace or website associations.
B. Website and knowledge information
May include website URL, pages and extracted text, FAQs, policies, product or service information, manually added knowledge, source status and scan or synchronization timestamps.
C. Agent and widget configuration
May include agent name, role, tone, languages, fallback rules, prohibited topics, widget presentation settings, greeting, suggested questions and installation status.
D. Visitor interaction information
Where enabled, may include visitor messages, agent responses, source page URL, session or conversation identifiers, timestamps, action selections, device or technical information, approximate network information and conversation outcome.
E. Lead information
May include information voluntarily submitted by a visitor, such as name, email, company, request details and conversation context. The current lead-capture flow does not collect telephone numbers.
F. Usage and operational information
May include IP address, browser and device type, timestamps, product areas accessed, request counts, error events, scan events, installation checks, entitlement usage and diagnostic logs.
G. Contact-request information
May include name, work email, company, website, account email, request category, subject, message, technical references and consent acknowledgement submitted through the Contact page.
H. Billing information
Paid billing is not currently enabled. Amevia does not currently collect payment-card information through the product. This section will be updated before payment processing becomes available.
5.How information is collected
Information provided directly
Examples include signup, account settings, knowledge entries, the Contact form and visitor lead forms where enabled.
Information collected through product use
Examples include conversations, scans, installation checks, usage counters and operational logs.
Information collected from customer websites
Examples include pages selected for scanning and visitor interactions through the widget.
Information received from configured providers
Where configured, providers may support authentication delivery, infrastructure, analytics, email, AI inference or payment services.
We do not purchase personal information from data brokers.
6.How information is used
Amevia uses information for specific product purposes, including to:
- create and operate Amevia accounts;
- connect and manage customer websites;
- scan and prepare approved knowledge;
- configure and display website agents;
- respond to visitor requests;
- recommend relevant products, services or pages where enabled;
- capture visitor contact information when enabled;
- store and display conversations and leads;
- produce usage summaries, analytics and insights where enabled;
- apply plan limits and entitlements;
- detect errors, abuse and security issues;
- provide support and respond to requests;
- send transactional or account notifications where email delivery is configured;
- process billing where enabled;
- improve reliability and usability;
- comply with legal obligations.
7.Legal grounds
Depending on the context and applicable law, processing may rely on:
- performance of a contract, or steps requested before entering a contract;
- legitimate interests, such as securing the service, preventing abuse, improving reliability and responding to business enquiries, where those interests are not overridden;
- consent, where required for optional features or non-essential technologies;
- compliance with legal obligations, such as accounting, tax, regulatory or lawful-request requirements.
Customers are responsible for identifying an appropriate basis for visitor-data processing on their own websites.
8.Website content and knowledge
Customers choose which websites and sources to connect. Where scanning is available, Amevia may fetch publicly reachable pages from those websites. Extracted content may be stored and prepared for retrieval. Customers can review or remove knowledge according to available product controls. Excluded, blocked or unsupported content may not be imported.
Customers must have authority to submit or connect the content they use with Amevia. Customers should not upload confidential, unlawful or third-party content unless they are authorized to process it through Amevia.
9.Visitor conversations
Where the widget is installed and enabled, Amevia may process visitor messages and page context to generate responses. Conversations may be stored in the customer workspace and reviewed according to the customer’s plan and configuration. Where analytics features are enabled, conversations may support topic, outcome or knowledge-gap summaries.
10.Leads and contact information
Lead capture is controlled by the customer. Visitors choose whether to submit information. Submitted information may be linked with conversation context. The customer may use the lead according to its own privacy notice. Amevia stores and displays lead information as needed for the configured service, and lead exports may occur where supported.
The customer is responsible for its later use of the lead.
11.Accounts and authentication
Account creation currently collects full name, organization name, work email and password. Sessions are maintained with an httpOnly session cookie named amevia_session, with a maximum age of 14 days under the current implementation.
Email verification and password-reset delivery depend on a configured transactional email provider. Until that provider is configured, verification and reset messages may not be sent automatically.
12.Payments
Paid billing is not currently enabled. Amevia does not currently collect payment-card information through the product.
If payment processing is enabled later, full payment-card details should be handled by the configured payment provider. This section will then describe billing contact information, invoices, transaction identifiers and any fraud or compliance checks that apply.
13.Contact requests
Information submitted through /contact is used to respond to the request, maintain necessary records and protect the service. Request-type-specific fields may be collected for sales, support, billing, security, privacy or partnership enquiries. Delivery may use a configured email provider or, until delivery is configured, a mailto fallback that opens the sender’s email client.
Do not send passwords, API keys or payment-card information through the contact form.
15.Analytics and operational logs
Product and website-agent analytics
Where enabled in the product, Amevia may generate interaction analytics and related summaries for the customer workspace. These features are distinct from public-website marketing analytics, which are not currently configured on getamevia.com.
Operational logs
Operational logs may include request metadata, error events, IP addresses or similar identifiers needed for performance, abuse prevention and security. Monitoring and alerting details depend on the final production configuration.
16.AI and service providers
Amevia may use providers for hosting and databases, storage and delivery, AI inference, transactional email, analytics and monitoring, payment processing and customer support. Providers are used only where configured.
| Category | Purpose | Example data involved | Status |
|---|---|---|---|
| Infrastructure | Hosting, databases, storage and delivery | Application and operational records needed to run the product | Production provider to be selected |
| AI processing | Generate website-agent responses | Approved knowledge context and visitor messages needed for a response | Not configured |
| Account, notification and support delivery | Account email addresses and message content required for delivery | Not configured | |
| Analytics and operations | Service health, errors and product-usage monitoring | Operational metrics, error details and usage counters | Development only |
| Payments | Process paid plans when enabled | Billing contact and transaction identifiers; card data handled by provider | Not configured |
Category
Infrastructure
Purpose
Hosting, databases, storage and delivery
Example data involved
Application and operational records needed to run the product
Status
Production provider to be selected
Category
AI processing
Purpose
Generate website-agent responses
Example data involved
Approved knowledge context and visitor messages needed for a response
Status
Not configured
Category
Purpose
Account, notification and support delivery
Example data involved
Account email addresses and message content required for delivery
Status
Not configured
Category
Analytics and operations
Purpose
Service health, errors and product-usage monitoring
Example data involved
Operational metrics, error details and usage counters
Status
Development only
Category
Payments
Purpose
Process paid plans when enabled
Example data involved
Billing contact and transaction identifiers; card data handled by provider
Status
Not configured
Provider details may be updated as production infrastructure is finalized. Secret values, endpoints and infrastructure topology are not published in this policy.
18.International processing
Amevia may use providers in different countries. Information may be processed outside the person’s country. Protection mechanisms depend on provider location, contract and applicable law. Final transfer mechanisms will be documented once production providers are selected.
This policy does not currently claim a specific hosting region, adequacy decision or standard contractual clause package.
19.Retention
Information is retained only as long as reasonably needed for the service, security, contractual or legal purpose, subject to final production retention settings.
| Data category | Typical retention | What determines it |
|---|---|---|
| Account data | While the account remains active, then as needed for security or legal purposes | Account status and operational needs |
| Website knowledge | While the website remains connected and knowledge is retained | Customer configuration and removal actions |
| Conversations | Plan settings currently indicate 7 days (Free), 90 days (Starter) or 12 months (Growth) | Plan entitlements and website retention settings |
| Leads | While needed for the configured service and customer review | Customer configuration and supported removal workflows |
| Contact requests | As needed to respond, maintain records and protect the service | Request type and legal needs |
| Billing records | Not applicable while paid billing is disabled | Accounting and legal requirements once enabled |
| Operational logs | As needed for security, debugging and reliability | Production logging and infrastructure settings |
Data category
Account data
Typical retention
While the account remains active, then as needed for security or legal purposes
What determines it
Account status and operational needs
Data category
Website knowledge
Typical retention
While the website remains connected and knowledge is retained
What determines it
Customer configuration and removal actions
Data category
Conversations
Typical retention
Plan settings currently indicate 7 days (Free), 90 days (Starter) or 12 months (Growth)
What determines it
Plan entitlements and website retention settings
Data category
Leads
Typical retention
While needed for the configured service and customer review
What determines it
Customer configuration and supported removal workflows
Data category
Contact requests
Typical retention
As needed to respond, maintain records and protect the service
What determines it
Request type and legal needs
Data category
Billing records
Typical retention
Not applicable while paid billing is disabled
What determines it
Accounting and legal requirements once enabled
Data category
Operational logs
Typical retention
As needed for security, debugging and reliability
What determines it
Production logging and infrastructure settings
20.Security
Amevia uses technical and organizational measures intended to protect information, including access controls, secure production transport where configured, secret management, validation, logging and dependency maintenance where implemented. Details are summarized on the Security & privacy page.
No internet service can guarantee absolute security. Amevia does not claim SOC 2, ISO 27001 or end-to-end encryption for website-agent conversations at this stage.
21.Your choices and rights
Depending on location and applicable law, you may have rights to request access, correction or deletion; object to or restrict certain processing; withdraw consent where processing is based on consent; request portability where applicable; and complain to a competent data-protection authority.
These rights may be subject to legal conditions, exceptions and verification. We may need to verify identity and authority before completing a request. Do not send identity documents through an insecure public message unless a secure process is provided.
Requests concerning a customer website
If the request concerns a conversation or lead submitted through a customer’s website, the visitor should normally contact that website operator first. Amevia will assist the customer where required by the applicable relationship and law. Amevia may not always be able to identify or delete visitor data without customer context.
22.Children’s privacy
Amevia is designed as a business website-agent service and is not directed specifically to children. Customers should not configure Amevia to collect children’s personal information without an appropriate lawful basis, notice and safeguards.
If you believe a child has submitted information inappropriately, contact us with enough non-sensitive context to investigate.
23.Changes to this policy
This policy may change as product functionality, providers or law changes. The Last updated date will change when material updates are published. Material changes may be communicated through the website, account or email where appropriate. Archived versions may be retained later.
We do not promise email notification for every minor wording change.
24.Contact
Dioartis Grup SRL operates Amevia. For privacy questions, data requests or security concerns, use the Contact page with the appropriate request type.