Last Updated: Mar 16, 2026

Privacy Policy

1. Introduction

Civio Inc. (“Civio,” “we,” “our,” or “us”) is a California-based company that operates the website civio.ai and provides an AI-powered government sales orchestration platform (the “Services”). This Privacy Policy describes how we collect, use, and share information when business representatives and authorized users (“Users”) access our Services.

Civio’s customers are technology vendors and consulting firms selling to U.S. government agencies. The personal data we process is professional in nature—names, work email addresses, and job information associated with business use. We do not market to or collect data from individuals acting in a personal or consumer capacity.

By accessing civio.ai or using our Services, you acknowledge that you have read and understood this Privacy Policy.

2. Information We Collect

2.1 Information You Provide Directly

Full name and professional email address
Job title, company name, and employer domain
Content submitted through platform features (e.g., RFX inputs, qualification notes, proposal drafts)
Correspondence with Civio, including support requests and sales conversations

2.2 Information Collected Automatically

Usage analytics: pages visited, features accessed, session duration, and frequency of use
Device and browser metadata: IP address, browser type, operating system, and referring URL
Server and API log data
Cookies and similar technologies (see Section 6)

2.3 Information from Third Parties

If you sign in via a federated identity provider (e.g., Google Workspace SSO), we receive your name, email, and profile identifier from that provider
We may receive firmographic data (company size, industry) from B2B data providers to improve product relevance

2.4 Information We Do Not Collect

We do not collect Social Security numbers, payment card data, health information, or other sensitive personal data. We do not collect personal data from individuals under the age of 18.

3. How We Use Your Information

We use personal data to:

Provide and operate the Services, including account management and platform functionality
Personalize the user experience based on role, company, and usage patterns
Analyze platform usage in aggregated or pseudonymized form to improve product quality
Send transactional communications (e.g., account verification, security alerts, product updates)
Send marketing communications about Civio—you may opt out at any time (see Section 8)
Respond to support inquiries
Detect and prevent fraud, abuse, and security incidents
Comply with applicable law and enforce our Terms of Service

We do not sell personal data. We do not use your data to train AI models without your employer’s explicit consent.

4. Sharing and Disclosure

We do not sell, rent, or trade personal data. We may share information with:

4.1 Service Providers

We work with third-party vendors who support platform operations, including:

Cloud infrastructure (e.g., Amazon Web Services)
Vector database and AI infrastructure (e.g., Pinecone)
Analytics and monitoring tools
CRM and communication platforms

All service providers are contractually required to protect personal data consistent with this Privacy Policy and to use it only as directed by Civio.

4.2 AI Providers

Our platform may transmit user-submitted content to AI/LLM API providers to power platform features. We are finalizing our AI vendor selection and will update this policy accordingly. Any AI provider we engage will be required to process data solely on our behalf and not use it to train foundational models without explicit consent.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, personal data may be transferred to a successor entity under equivalent privacy protections.

4.4 Legal Disclosure

We may disclose personal data as required by law, regulation, or court order, or to protect the rights, property, or safety of Civio, our users, or the public.

5. Data Retention

We retain personal data for as long as needed to fulfill the purposes in this Privacy Policy:

Account data: duration of account plus up to 3 years after closure
Usage analytics: up to 24 months, then aggregated or deleted
Support and communications records: up to 3 years
Legal hold data: as required by applicable law

6. Cookies and Tracking Technologies

We use cookies and similar technologies to operate and improve the Services:

Strictly necessary — required for authentication, security, and core functionality
Analytics — pseudonymized usage tracking to improve the product
Preference — storing your settings and UI preferences

We do not use advertising or cross-site behavioral tracking cookies. You may manage cookies through your browser settings. Disabling strictly necessary cookies may impair platform functionality.

7. Data Security

Civio maintains industry-standard security measures, including:

Encryption in transit (TLS 1.2+) and at rest (AES-256 or equivalent)
Role-based access controls and least-privilege principles
Regular security assessments and vulnerability management
Breach notification procedures consistent with California law

Our infrastructure providers, including AWS, maintain SOC 2 Type II and ISO 27001 certifications. Civio is actively pursuing its own application-level SOC 2 Type II certification and will update this policy upon completion.

No electronic transmission or storage is 100% secure. We are committed to protecting your data using commercially reasonable practices.

8. Your Privacy Rights

Civio’s users interact with our Services in a business capacity. Under the California Consumer Privacy Act (CCPA/CPRA), personal data collected in a B2B context is subject to limited consumer-facing obligations. Nonetheless, we respect the following rights:

Access — request information about the personal data we hold about you
Correction — request correction of inaccurate data
Deletion — request deletion of your personal data, subject to legal retention obligations
Opt-out of marketing — unsubscribe from marketing emails via the unsubscribe link or by contacting us

To submit a request, email privacy@civio.ai. We will respond within 45 days as permitted under California law. We may verify your identity or your authority to act on behalf of your employer before processing a request.

9. Third-Party Services and Integrations

The Services may link to or integrate with third-party tools (e.g., CRM platforms, government procurement databases). This Privacy Policy does not govern third-party services. We encourage you to review their privacy policies independently.

10. Children’s Privacy

Our Services are designed for business professionals and are not directed at individuals under 18. We do not knowingly collect personal data from minors and will delete any such data if discovered.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will post the revised policy on civio.ai with an updated effective date. Your continued use of the Services after the effective date constitutes acceptance of the revised policy.

12. Governing Law

This Privacy Policy is governed by the laws of the State of California, without regard to conflict of law principles. Civio’s Services are intended for use by businesses with a presence in the United States. We do not direct the Services to international markets and make no representation that this policy complies with the laws of any jurisdiction outside the United States.