Legal

Privacy Policy

Effective DateMay 2026
Last UpdatedMay 2026
Version1.0

01 Introduction

This Privacy Policy describes how KORVA Sentinel ("we," "us," or "KORVA"), operated by KORVA Systems · A GORGO Company, collects, uses, and protects your information when you use our website, products, and services.

We've structured this policy in plain language because compliance products should hold themselves to the same documentation standards we help our customers meet.

02 Information We Collect

A. Information You Provide

CategoryExamples
AccountName, email, organization, role, password
Utility ProfilePopulation served, state, system type, ownership, facility count, regulatory status
Compliance DataAssessment responses, documentation you upload, evidence files, vendor information
CommunicationsSupport requests, feedback, AXIOM advisor conversations
BillingBilling address; payment card data is processed by Square and not stored by us

B. Information Collected Automatically

  • Device and browser characteristics
  • IP address and approximate location
  • Usage patterns within the platform (pages viewed, features used, timestamps)
  • Cookies and similar technologies for session management

C. Information from Third Parties

  • Payment processor (Square): transaction confirmation and last four digits of card
  • Authentication providers, if you choose to sign in via single sign-on

03 How We Use Your Information

We use the information we collect to:

  • Deliver the products and services you purchase
  • Generate your compliance reports, gap analyses, and recommendations
  • Process payments and manage your subscription
  • Send service communications (intake confirmations, report delivery, billing notices, security alerts)
  • Improve our regulatory mapping and platform features
  • Detect and prevent fraud, abuse, or security incidents
  • Comply with legal obligations

04 AI Processing

KORVA Sentinel uses artificial intelligence — specifically Anthropic's Claude API — to power the AXIOM compliance advisor and to generate components of your reports. When you interact with AXIOM or trigger AI-generated content:

  • Your queries and relevant context from your utility profile are transmitted to Anthropic for processing
  • Anthropic processes inputs in accordance with its commercial terms
  • We do not use your data to train AI models
  • Anthropic does not retain your data for training under its commercial API terms

What this means for sensitive information: AXIOM is designed to assist with regulatory interpretation, documentation drafting, and compliance reasoning. Avoid pasting credentials, secrets, or live operational data (e.g., active SCADA passwords, network topology with IP addresses) into AXIOM. The platform is not a vault for active security secrets.

05 How We Share Information

We share information only as necessary to operate the service. Our processors and partners include:

ProcessorPurpose
SquarePayment processing
SupabaseSecure database and authentication hosting
AnthropicAI processing for AXIOM advisor (see Section 04)
Email service providerDelivery of service-related communications

We may also disclose information when required by law, valid legal process, or to protect the rights, property, or safety of our users, the public, or KORVA.

What we do NOT do:

  • We do not sell your information
  • We do not use your information for advertising
  • We do not share your compliance data with regulatory agencies unless you authorize the release or we are legally compelled
  • We do not provide your information to data brokers

06 Data Security

We implement reasonable technical and organizational measures to protect your information, including:

  • Encryption in transit (TLS) for data moving between you and the platform
  • Encryption at rest for stored data
  • Access controls limiting personnel access to a need-to-know basis
  • Authentication controls including support for multi-factor authentication
  • Regular security review and incident response procedures

No system is perfectly secure. If a security incident affects your information, we will notify you in accordance with applicable law and the timelines required by it.

07 Data Retention

  • Account data: retained while your account is active
  • Compliance records: retained for up to 7 years after account closure to support regulatory record-keeping requirements applicable to water utility compliance
  • Billing records: retained as required by tax and accounting law (typically 7 years)
  • Anonymized usage analytics: may be retained indefinitely for product improvement

You may request earlier deletion of your data subject to legal retention obligations (see Section 08).

08 Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate or incomplete information
  • Delete your information, subject to legal retention requirements
  • Export your data in a portable format
  • Object to certain processing activities
  • Withdraw consent where processing is based on consent
  • Opt out of non-essential communications

To exercise any of these rights, contact us at info@korvasystems.com. We will respond within the timeframes required by applicable law.

09 California Residents (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), including the right to:

  • Know what personal information we collect, use, and share
  • Request deletion of your personal information
  • Correct inaccurate personal information
  • Limit the use and disclosure of sensitive personal information
  • Opt out of "sale" or "sharing" of personal information (we do not sell or share for cross-context behavioral advertising, but the right exists)
  • Non-discrimination for exercising these rights

To exercise California rights, contact us at info@korvasystems.com.

10 International Users

KORVA Sentinel is operated from the United States and is intended for U.S. drinking water utilities. By using the service, you understand and consent to your information being processed in the United States, which may not provide the same level of data protection as your home jurisdiction.

11 Children's Privacy

KORVA Sentinel is intended for water utility professionals. We do not knowingly collect personal information from children under 16. If we learn we have collected information from a child under 16, we will delete it.

12 Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email and by posting the updated policy with a new "Last Updated" date. Continued use of KORVA Sentinel after a policy update constitutes acceptance of the updated policy.

13 Contact

Questions, requests, or concerns about this policy or your information:

KORVA Systems · A GORGO Company
info@korvasystems.com

← Back to Site Refund Policy Security Policy