Octavia WORKS \u2190 Back to app

Privacy Policy

Effective date: July 10, 2026 · Last updated: July 10, 2026

This Privacy Policy is provided as a general template and has not been reviewed by a licensed attorney in your jurisdiction. Before relying on it for a live product handling real user data, have it reviewed by qualified counsel, particularly for GDPR representative obligations, sector-specific rules, and any jurisdictions beyond the United States and European Union.

1. Who we are

Octavia Works is operated by Sankhya Ventures, LLC ("Sankhya Ventures," "we," "us," or "our"), a Delaware limited liability company with a registered address at 2810 N Church St. Ste. 40809, Wilmington, DE 19802, United States.

For the purposes of the EU General Data Protection Regulation ("GDPR") and the UK GDPR, Sankhya Ventures, LLC is the data controller of personal data processed through Octavia Works, except where we act as a processor on behalf of a business customer.

2. Scope

This Policy explains how we collect, use, disclose, and protect personal data when you use the Octavia Works website and service (the "Service"). It applies to visitors, registered users, and anyone whose data we process in connection with the Service. It does not apply to third-party websites or services we link to, including Google, Stripe, and Anthropic, each of which maintains its own privacy policy.

3. Personal data we collect

CategoryExamplesSource
Account & identity dataName, email address, profile picture, unique Google account identifierGoogle Sign-In, provided when you authenticate
Profile preferencesPreferred name, work description, standing instructions, appearance/font settingsProvided by you in My Account
Usage & query dataThe text of requests you submit, timestamps, token counts, per-query costGenerated as you use the Service
Billing dataWallet balance, transaction history, invoice records; not full card numbersGenerated by the Service; card details are handled entirely by Stripe
Technical dataIP address (processed transiently by our hosting infrastructure), browser type, device informationAutomatically collected by Cloudflare, our hosting provider

What we deliberately don't keep

The text of your requests is retained only long enough to generate an invoice line-item summary for the billing session it belongs to (see Section 6). Once that summary is generated, the underlying request text is permanently deleted from our database. We do not build a persistent chat history or long-term transcript of your requests.

4. How we use personal data, and our legal basis

PurposeLegal basis (GDPR Art. 6)
Authenticate you and maintain your accountPerformance of a contract
Process your queries through our AI pipeline and return a responsePerformance of a contract
Apply your saved preferences and instructions to personalize responsesPerformance of a contract; consent (you choose to set these)
Calculate usage, maintain your wallet balance, and process paymentsPerformance of a contract
Generate invoices, including a brief AI-written description of a billing sessionPerformance of a contract; legal obligation (recordkeeping)
Detect, prevent, and investigate fraud, abuse, or security incidentsLegitimate interests
Comply with legal obligations (tax, accounting, lawful requests)Legal obligation

5. How your requests are processed

Octavia Works answers your requests using a multi-stage AI processing pipeline. Submitting a query causes its text (together with any preferences you've set) to be sent to our AI infrastructure provider for processing, and the resulting response is streamed back to you. We do not control, and are not responsible for, the internal workings of our AI infrastructure provider's models, but we have contractual and technical safeguards in place governing how that provider may use data we send it.

A short, separate AI-generated description of what a billing session was used for (for invoicing purposes only) is created using a lightweight, separate process from the one that answers your queries, and is written in general terms rather than reproducing your original text.

6. Data retention

DataRetention
Query textUntil the billing session it belongs to is invoiced (typically within hours), then permanently deleted
Invoice records (summary description, amount, date)Retained for the lifetime of your account plus the period required by applicable tax and accounting law
Account & profile dataRetained until you delete your account or request erasure
Wallet & transaction ledgerRetained for the lifetime of your account plus the period required by applicable financial recordkeeping law
Technical/server logsRetained by our infrastructure providers for a limited operational period (typically weeks), per their own policies

7. Cookies and similar technologies

Octavia Works itself does not set advertising or analytics cookies, and does not use any third-party tracking or advertising technology. To keep you signed in and remember your interface preferences (such as theme and chat font), the Service stores a small amount of data in your browser's local storage. This is strictly necessary for the Service to function and does not require consent under applicable law, in the same way a "strictly necessary" cookie would not.

When you sign in with Google, or complete a payment through Stripe Checkout, those providers may set their own cookies on their own domains, governed by their own privacy and cookie policies:

The cookie notice shown when you first visit lets you acknowledge this. Choosing "Necessary only" means we will not introduce any additional non-essential cookies without asking you again; it does not retroactively affect cookies already set by Google or Stripe during sign-in or checkout, which are their own tools.

8. Who we share data with

We do not sell personal data. We share personal data only with the following categories of service providers, each acting as our processor (or as an independent controller for their own purposes, as noted), strictly to operate the Service:

ProviderPurposeData involved
AnthropicAI processing of queriesQuery text, preference context
Cloudflare, Inc.Hosting, database, content deliveryAll Service data, in transit and at rest
Stripe, Inc.Payment processing (independent controller)Payment details, billing email
Google LLCAuthentication (independent controller)Name, email, profile picture, account identifier

We may also disclose personal data where required by law, to protect our legal rights, or in connection with a merger, acquisition, or sale of assets, subject to standard confidentiality protections.

9. International data transfers

We and our service providers are based in, or process data in, the United States. If you are located in the European Economic Area, the United Kingdom, or Switzerland, your personal data will be transferred outside of those regions. Where required, such transfers are made subject to appropriate safeguards, such as the European Commission's Standard Contractual Clauses, or reliance on a provider's own certified transfer mechanism.

10. Your rights

Depending on your location, you may have some or all of the following rights regarding your personal data:

To exercise any of these rights, contact us at [email protected]. We will respond within the timeframe required by applicable law.

11. Data security

We use technical and organizational measures designed to protect personal data, including encryption in transit, access controls, and reliance on infrastructure providers that maintain industry-standard security certifications. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

12. Children's privacy

The Service is not directed to, and is not intended for use by, anyone under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will take steps to delete it.

13. Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will update the "Last updated" date above and, where required by law, provide additional notice. Continued use of the Service after changes take effect constitutes acceptance of the revised Policy.

14. Contact us

Sankhya Ventures, LLC
2810 N Church St. Ste. 40809
Wilmington, DE 19802, United States
Email: [email protected]