Korvix

Privacy Policy

Last updated: July 11, 2026

This Privacy Policy explains what data Korvix ("Korvix", "we") collects, why, and how we protect it. It reflects how the product actually works.

1. Data we collect

  • Account data: your name/business name, email, and hashed password. Passwords are stored using bcrypt and are never stored or logged in plaintext.
  • Website & crawl data: pages, titles, metadata, links, and content of the sites you connect, so Korvix can analyze and improve them.
  • Search data: when you connect Google Search Console, we ingest your clicks, impressions, and average position (read-only) to measure results.
  • Integration credentials: the access tokens needed to act on your connected services (see Security).
  • Billing data: handled by our payment processor, Stripe. We do not store full card numbers.
  • Product/usage data: basic logs and events needed to operate, secure, and improve the service.

2. How we use it

We use your data to crawl and analyze your site, propose and (with your permission) execute changes, measure outcomes with before/after search data, provide support, process payments, and secure the service. We do not sell your personal data.

3. How Korvix learns across customers

Korvix improves by learning which kinds of changes tend to work. Any cross-customer learning uses aggregated, de-identified outcome statistics only, subject to minimum-sample and distinct-customer thresholds designed so that no individual customer's data can be reconstructed from a shared insight. Your raw site, search, and store data are never shared with other customers.

4. Security

Integration credentials (Shopify access tokens, Google refresh tokens) are encrypted at rest using AES-256-GCM. Secrets are redacted from API responses and are never returned to the browser. Access is scoped per organization; requests for another organization's data are rejected. We use TLS in transit and follow least-privilege practices.

5. Third parties (sub-processors)

We share data with service providers strictly to operate Korvix, including: Stripe (payments), Shopify and Google Search Console (the integrations you connect), our hosting and database provider, and, where enabled, an email provider for transactional messages and error/monitoring tooling. Each processes data only to provide their service. See our Data Processing Addendum for details.

6. Data retention and deletion

We retain your data while your account is active. You can delete a site or your account at any time; on deletion we remove your associated data (disconnecting an integration preserves content already published to your store). You may request an export or deletion by contacting us.

7. Your rights

Depending on your location, you may have rights to access, correct, export, or delete your personal data, and to object to certain processing. To exercise these, contact us at the address below.

8. Changes

We will update this policy and the "Last updated" date when our practices change, and notify account holders of material changes.

9. Contact

Privacy questions or requests: support@korvixseo.com.