Privacy Policy

This policy explains how Aucava (“Aucava”, “we”, “us”) collects, processes and protects personal data. Aucava is a trading name of Sip Champagnes Ltd, a company registered in England and Wales (company number 12664906, VAT number 350413635). We are the data controller for the purposes of UK GDPR and the Data Protection Act 2018.

You can contact our privacy team at privacy@aucava.ai.

1. What we collect

We collect the minimum data necessary to deliver our service and run our business. Specifically:

• Website visitors: aggregated, anonymous analytics data (page views, device type, country) via Vercel Analytics. No cookies, no cross-site tracking, no personal identifiers.
• Prospects: the name, email, company, and meeting notes you provide when booking a demo or contacting us.
• Customers: the operational data you route through the Aucava platform (orders, invoices, customer records, supplier records) and the user accounts of your team members who log in to approve or override AI actions.

2. How we use it

We use personal data to deliver the Aucava service, respond to enquiries, send operational and billing communications, and meet our legal and regulatory obligations. We do not sell personal data and we do not share it with third parties for marketing purposes.

3. AI and model training

We do not use customer data to train foundation models. Customer data is processed through foundation models (via Amazon Bedrock) under inference-only terms that explicitly prohibit model-provider training. Where we fine-tune domain models, we do so on anonymised, aggregated data only, and only with your prior written consent.

3a. Use of Google user data — Limited Use disclosure

Aucava's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We access Google user data only through OAuth scopes that the authorised tenant user has explicitly granted. We do not transfer Google user data to third parties except as necessary to provide or improve the service, to comply with applicable law, or as part of a merger, acquisition or sale of assets with notice to users. We do not use Google user data for advertising. We do not permit humans to read Google user data except (a) with explicit user consent, (b) for security purposes, (c) to comply with applicable law, or (d) where the data is aggregated and used for internal operations in accordance with the Limited Use requirements.

4. Where your data is stored

Customer data is hosted on Amazon Web Services in the UK and EU (London and Dublin regions). We do not transfer personal data outside the UK/EU except where an adequacy decision applies or with appropriate safeguards in place (Standard Contractual Clauses, UK IDTA).

5. Sub-processors

The current list of sub-processors Aucava uses to deliver its service is published at /sub-processors. It includes each sub-processor's purpose, the category of data they process, and their processing location. We give customers at least 30 days' notice by email before adding a new sub-processor to that list.

5a. Slack workspace data

When you install the Aucava Slack app in your workspace, Aucava receives only the Slack events that your workspace admin explicitly authorises at install time.

What Aucava receives: messages in channels your team explicitly invites the Aucava bot into, direct messages sent to the Aucava bot, and basic bot lifecycle events (for example, when a user opens the Aucava app home tab).

What Aucava does not receive: direct messages between users where Aucava is not a participant, and messages in channels the bot has not been invited to.

Processing location: UK / EU.

Retention: Slack events are purged from hot storage within 30 days. Audit records are kept for the duration of the customer contract and deleted within 90 days of termination.

How to uninstall: in Slack, go to Apps → Manage → Aucava → Remove App. Removing the app revokes Aucava's access automatically; no further action is required.

6. How long we keep it

We retain personal data only for as long as necessary for the purposes for which it was collected. Customer operational data is retained for the duration of the contract and deleted or anonymised within 90 days of termination unless a longer period is required by law (e.g. tax records).

7. Your rights

Under UK GDPR you have the right to access your personal data, to request correction or deletion, to object to or restrict processing, and to data portability. To exercise any of these rights, email privacy@aucava.ai. We will respond within one month.

You also have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.

8. Security

We operate industry-standard controls: encryption at rest and in transit, role-based access control, immutable audit logs, least-privilege engineering access, and regular security review. We can provide a security overview and walk your team through the architecture under NDA.

9. Cookies

The Aucava marketing site does not set marketing or tracking cookies. We use Vercel Analytics, which uses anonymous, aggregated measurements and does not place cookies on your device.

10. Changes to this policy

We may update this policy to reflect changes in our practices or in applicable law. Material changes will be communicated to customers directly. The “last updated” date above reflects the most recent revision.

11. Contact

Sip Champagnes Ltd (trading as Aucava)
48 Warwick Street, London, W1B 5AW, United Kingdom
Company registered in England & Wales no. 12664906
VAT no. 350413635
Email: privacy@aucava.ai