SILVERILE PRIVACY POLICY

1. INTRODUCTION & SCOPE

Silverile Inc. ("Silverile," "we," "us," "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use our Products, including Silverile Cloud Products and StoryCraft-AI (collectively, the "Services").

"Personal Information" or "Personal Data" means any information that identifies, relates to, or could be linked to you or another individual, including name, email address, IP address, device identifiers, usage data, and location information.

This Privacy Policy applies to:

• (a) Visitors to silverile.com and related websites;
• (b) Customers who create Accounts and use the Services;
• (c) Secondary Users and team members accessing Accounts;
• (d) Job applicants submitting applications through Silverile careers portal.

By accessing or using the Services, you consent to the practices described in this Privacy Policy. If you do not agree with our practices, please do not use the Services.

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

Account Registration Information:

When you create an Account, we collect:

• (a) Name (first and last)
• (b) Email address
• (c) Password (securely encrypted)
• (d) Organization name
• (e) Job title
• (f) Phone number (optional)
• (g) Billing and payment information (credit card, address, tax ID)

Account Profile Information:

• (a) Profile photo or avatar
• (b) Bio or description
• (c) Preferred language and timezone
• (d) Communication preferences

Content You Upload:

• (a) Projects, tasks, documents, and files uploaded to the Services;
• (b) Notes, comments, and messages shared within the Services;
• (c) Data imported from third-party tools (Jira, Asana, etc.);
• (d) Attachments, links, and media embedded in content.

Support & Communication:

• (a) Support tickets and inquiries sent to support@silverile.com;
• (b) Feedback, surveys, and feature requests;
• (c) Email, phone, or chat communications with our support team;
• (d) Complaints and dispute resolution communications.

Payment Information:

• (a) Credit card details (processed by third-party payment processor, Stripe);
• (b) Billing address;
• (c) Tax identification number (for enterprise customers);
• (d) Payment history and invoices.

2.2 Information Collected Automatically

Device & Connection Information:

• (a) Device type, operating system, and browser type;
• (b) Device identifiers (IDFA, Android Advertising ID);
• (c) IP address and approximate geolocation (city/country level);
• (d) Internet service provider (ISP);
• (e) Mobile carrier information (for mobile app users).

Usage & Interaction Data:

• (a) Features accessed and actions taken within the Services;
• (b) Projects created, tasks completed, content shared;
• (c) Time spent on specific features or pages;
• (d) Clickstreams and user journey through the Services;
• (e) Search queries and filters used;
• (f) API calls and integration activities.

Account Analytics:

• (a) Login frequency and duration of sessions;
• (b) Number of users invited to Account;
• (c) Storage usage and file sizes;
• (d) Number of projects, tasks, and items created;
• (e) Feature adoption and usage patterns.

Cookies & Tracking Technologies:

• (a) Cookies (persistent and session-based);
• (b) Web beacons and pixels;
• (c) Local storage (localStorage, sessionStorage, IndexedDB);
• (d) Mobile analytics identifiers;
• (e) Server logs.

For details on cookies, see Section 9.

2.3 Information From Third Parties

Third-Party Service Providers:

• (a) Payment processors (Stripe, Square) provide payment data;
• (b) Email service providers confirm email validity;
• (c) Cloud infrastructure providers (AWS) provide server logs;
• (d) Analytics providers (Mixpanel, Segment, Google Analytics) provide aggregated usage data.

Third-Party Applications & Integrations:

• (a) If you connect third-party apps (GitHub, Slack, Jira), those providers may share user information with us;
• (b) We receive limited data required for integration (e.g., user ID, email);
• (c) You control what data is shared via integration settings.

Business Partners & Resellers:

• (a) Partners who refer you to Silverile may share your contact information;
• (b) If you purchase through a reseller, they may provide order and contact information.

Publicly Available Data:

• (a) We may collect information you post publicly on social media, company websites, or directories;
• (b) We may infer your professional role or company from LinkedIn profiles or business cards.

3. HOW WE USE INFORMATION

3.1 Service Delivery

We use your information to:

• (a) Create and maintain your Account;
• (b) Provide the Services you request;
• (c) Process payments and billing;
• (d) Deliver customer support and respond to inquiries;
• (e) Send transactional emails (account confirmations, password resets, invoices);
• (f) Verify your identity and prevent fraud;
• (g) Enforce our terms and policies.

Legal Basis: Contractual necessity (necessary to provide Services).

3.2 Service Personalization & Improvement

We use your information to:

• (a) Understand how you use the Services to improve features;
• (b) Customize your experience and recommendations;
• (c) Conduct analytics and usage analysis;
• (d) Test new features and functionalities;
• (e) Identify and fix bugs and security issues;
• (f) Optimize performance and availability;
• (g) Train AI models to improve StoryCraft-AI accuracy (see AI Terms for details).

Legal Basis: Legitimate business interests (improving Services, user experience).

3.3 Communications & Marketing

We use your information to:

• (a) Send product announcements and feature updates;
• (b) Send newsletters and educational content;
• (c) Invite you to webinars, events, or user research studies;
• (d) Request feedback or participation in surveys;
• (e) Market Silverile products to you via email, ads, or phone.

Legal Basis: Consent (for promotional emails; you may opt-out anytime) or legitimate interests.

3.4 Security & Legal Compliance

We use your information to:

• (a) Detect and prevent fraud, abuse, and unauthorized access;
• (b) Investigate security incidents and data breaches;
• (c) Comply with applicable laws and regulations (GDPR, DPDP Act, CCPA, etc.);
• (d) Respond to legal requests from law enforcement or courts;
• (e) Enforce our contracts and defend against legal claims;
• (f) Protect the rights, property, and safety of Silverile, customers, and the public.

Legal Basis: Legal obligation, legitimate interests, public interest.

3.5 Aggregation & De-Identification

We aggregate and anonymize your data to create:

• (a) Industry reports and statistics;
• (b) Anonymized case studies and success metrics;
• (c) Product benchmarking and competitive analysis;
• (d) Research insights on software development practices.

De-identified data is not subject to this Privacy Policy and may be used freely.

4. HOW WE DISCLOSE INFORMATION

4.1 Service Providers & Subprocessors

We share your information with third-party vendors who provide services on our behalf:

All subprocessors are contractually obligated to protect your data and comply with GDPR, DPDP Act, and CCPA requirements.

4.2 Team Members & Account Collaborators

If you invite Secondary Users to your Account, they may view:

• (a) Your profile information (name, email, title);
• (b) All projects, tasks, and content you share with the Account;
• (c) Comments, messages, and collaboration history;
• (d) Your usage of the Account.

Account Admins can see all member activity, including login times and content access. You control who you invite and what permissions they receive.

4.3 Silverile Partners & Resellers

If you purchase through a Silverile partner or reseller, we may share your:

• (a) Contact information (name, email, company);
• (b) Order and subscription information;
• (c) Usage analytics and feature adoption metrics.

Partners are contractually obligated to keep your information confidential and use it only to support your Account.

4.4 Aggregated & Anonymized Data

We share anonymized, aggregated data with:

• (a) Research institutions for academic studies;
• (b) Industry analysts and consultants;
• (c) Public reports and benchmarks.

De-identified data cannot be linked back to you and is not subject to this Privacy Policy.

4.5 Legal Requests & Law Enforcement

We disclose your information if required by law or if we have a good-faith belief that disclosure is necessary to:

• (a) Comply with a subpoena, court order, or government request;
• (b) Enforce our Terms of Service and other agreements;
• (c) Protect the security or integrity of the Services;
• (d) Protect the rights, privacy, safety, or property of Silverile, users, or the public;
• (e) Detect, investigate, or prevent fraud, security issues, or other illegal activities.

Notice & Transparency: We will notify you of legal requests where legally permitted (see Section 4.6).

4.6 Government Requests & Law Enforcement Guidelines

Silverile publishes Guidelines for Law Enforcement Requests at silverile.com. When we receive legal requests, we:

• (a) Notify the user within 30 days, unless legally prohibited;
• (b) Challenge requests we believe are overbroad or invalid;
• (c) Disclose the minimum information required;
• (d) Publish transparency reports on government requests annually.

4.7 Business Transfers

If Silverile is acquired, merges, or sells assets:

• (a) Your information may be transferred as part of the transaction;
• (b) We will provide notice to you before the transfer;
• (c) You may opt-out by requesting data deletion before the transfer.

5. DATA SECURITY & ENCRYPTION

5.1 Encryption at Rest

• (a) All customer data is encrypted using AES-256 encryption while stored in our databases;
• (b) Backup copies are also encrypted;
• (c) Encryption keys are stored separately and rotated regularly.

5.2 Encryption in Transit

• (a) All data transmitted between your device and Silverile servers is encrypted using TLS 1.2 or higher (HTTPS);
• (b) We use certificate pinning for mobile applications to prevent man-in-the-middle attacks.

5.3 Access Controls

• (a) Silverile employees access data only when necessary for support, security, or maintenance;
• (b) Access is logged, monitored, and restricted by role;
• (c) We perform background checks on employees with data access;
• (d) All employees sign confidentiality agreements.

5.4 Multi-Factor Authentication (MFA)

• (a) MFA is available for all customers;
• (b) Enterprise customers may enforce MFA for all team members;
• (c) Account recovery options are available if you lose your MFA device.

5.5 Audit Logs & Monitoring

• (a) We maintain audit logs of all access and modifications to customer data (minimum 6 months; Enterprise: up to 2 years);
• (b) Automated monitoring detects suspicious activity and potential breaches;
• (c) Penetration testing and security assessments are conducted quarterly;
• (d) Annual SOC 2 Type II audits verify our security controls.

5.6 Incident Response

If we discover a security breach:

• (a) We respond within 24 hours and begin containment;
• (b) We notify affected customers within 72 hours (or as required by law);
• (c) We provide details on the breach, affected data, and remediation steps;
• (d) We cooperate with law enforcement investigations if necessary.

6. DATA RETENTION & DELETION

6.1 Retention Periods

We retain your information for as long as necessary to provide the Services and comply with legal obligations:

6.2 Data Deletion Upon Request

You may request deletion of your Account and personal data at any time by:

• (a) Logging into your Account and selecting "Delete Account";
• (b) Emailing legal@silverile.com with a deletion request.

Upon deletion request:

• (a) Your Account and all associated projects/tasks are deleted within 30 days;
• (b) We cease processing your personal data (except where legally required);
• (c) Automated backups may retain data for up to 90 days;
• (d) You may download your data before deletion.

6.3 Mandatory Retention

We may retain your information longer if:

• (a) Required by law (tax records, audit requirements);
• (b) Necessary to defend legal claims or disputes;
• (c) You have consented to longer retention;
• (d) Required for security or fraud detection.

7. YOUR PRIVACY RIGHTS & CHOICES

7.1 Access & Portability

You have the right to:

• (a) Access and review all personal information we hold about you;
• (b) Receive a copy of your data in a portable format (CSV, JSON);
• (c) Request we transfer your data to another service provider.

How to Request: Email legal@silverile.com with "Data Access Request" in the subject line.
Response Time: 30 days (or 45 days for CCPA).

7.2 Correction & Update

You may:

• (a) Update your profile information (name, email, phone) in Account Settings;
• (b) Request we correct inaccurate personal data;
• (c) Provide additional context for data we hold about you.

7.3 Deletion & Erasure

You have the right to request deletion of your personal data, subject to:

• (a) Legal retention requirements (tax, audit);
• (b) Legitimate interests (fraud investigation, legal defense);
• (c) Backup retention periods (up to 90 days).

How to Request: Email legal@silverile.com with "Data Deletion Request" in the subject line.

7.4 Restriction & Objection

You may:

• (a) Restrict processing of your data (we'll stop processing but retain data);
• (b) Object to marketing communications (we'll remove you from marketing lists);
• (c) Object to profiling or automated decision-making;
• (d) Withdraw consent for specific uses (analytics, feedback collection).

How to Request: Email legal@silverile.com or change preferences in Account Settings.

7.5 Opt-Out of Marketing

• (a) Email Marketing: Click "Unsubscribe" in any marketing email;
• (b) Push Notifications: Disable in Account Settings > Notifications;
• (c) Cookies: See Section 9 for cookie opt-out;
• (d) Targeted Ads: Opt out via browser privacy settings or do-not-track signals.

7.6 Global Privacy Control (GPC)

We honor Global Privacy Control (GPC) signals sent by your browser. If your browser has GPC enabled, we will:

• (a) Not use cookies for targeted advertising;
• (b) Honor opt-out-of-sale requests for CCPA purposes;
• (c) Limit data sharing to non-marketing purposes.

8. REGIONAL PRIVACY DISCLOSURES

8.1 GDPR (European Union & EEA)

Applicability: If you are located in the EU, EEA, or access Silverile from these regions.

Your Rights Under GDPR:

• (a) Right of access to personal data
• (b) Right to rectification (correction)
• (c) Right to erasure ("right to be forgotten")
• (d) Right to restrict processing
• (e) Right to data portability
• (f) Right to object to processing
• (g) Right not to be subject to automated decision-making
• (h) Right to lodge a complaint with your national data protection authority

Legal Basis for Processing:

Data Transfers to USA:

Silverile transfers your data to the USA for cloud hosting and processing. We rely on:

• (a) Standard Contractual Clauses (SCCs) with data processors;
• (b) Adequacy findings (where applicable);
• (c) Your consent for specific transfers.

See the Data Processing Addendum (silverile.com/legal/dpa) for details.

Data Protection Officer:
For GDPR inquiries, contact: dpo@silverile.com

Data Processing Addendum (DPA):
Silverile has signed the EU Standard Contractual Clauses and offers a DPA for enterprise customers. See silverile.com/legal/dpa.

8.2 UK Data Protection Act (UK GDPR)

Applicability: If you are located in the UK or access Silverile from the UK.

Your Rights Under UK GDPR:
Same as GDPR rights listed in Section 8.1, enforced under UK law.

Data Transfers from UK:

We rely on:

• (a) Standard Contractual Clauses (approved by UK ICO);
• (b) Equivalence findings for transfers to other adequacy jurisdictions.

Supervisory Authority:
UK Information Commissioner's Office (ICO): ico.org.uk

8.3 Digital Personal Data Protection (DPDP) Act (India)

Applicability: If you are an Indian resident or your personal data is processed in India.

Your Rights Under DPDP Act:

• (a) Right to access personal data (Section 17)
• (b) Right to correction/completion (Section 18)
• (c) Right to deletion/erasure (Section 19)
• (d) Right to nomination (Section 20)
• (e) Right to grievance redressal (Section 21)
• (f) Right to opt-out of profiling (Section 22)

Legal Basis for Processing (DPDP Act):

• (a) Explicit consent (primary basis)
• (b) Contractual necessity (service delivery)
• (c) Legal obligation
• (d) Vital interests
• (e) Legitimate interests

Grievance Officer:
Name: [Grievance Officer Name]
Email: grievance@silverile.com
Phone: [Phone]
Mailing Address: 1941 W Blaylock Dr, Phoenix, AZ 85085, USA
Response SLA: 30 days from receipt of grievance.

Escalation: If unsatisfied with Silverile's response, contact the Data Protection Board of India.

Cross-Border Transfers:

Data transfers outside India are governed by:

• (a) DPDP Act Schedule 1 (bilateral adequacy if applicable);
• (b) Consent for specific transfers;
• (c) Data localization requirements (if applicable).

8.4 California Privacy Laws (CCPA/CPRA)

Applicability: If you are a California resident or your personal data is collected from California.

Your Rights Under CCPA/CPRA:

• (a) Right to know what personal information is collected
• (b) Right to delete personal information
• (c) Right to opt-out of "selling" personal information
• (d) Right to correct inaccurate personal information
• (e) Right to request data limiting use to purposes disclosed
• (f) Right to opt-out of automated decision-making/profiling
• (g) Right to non-discrimination for exercising CCPA rights

Do We "Sell" Personal Information?
No. Silverile does not sell personal information in the CCPA sense (sharing for valuable consideration). We may share:

• (a) Usage analytics with business partners (aggregated/de-identified);
• (b) Contact info with authorized resellers and partners.

Such sharing is disclosed above and may be subject to opt-out rights.

Sensitive Personal Information:
Silverile does not intentionally collect sensitive personal information (SSN, financial account numbers, biometric data) unless necessary for specific purposes and with your consent.

Retention Limits:
We do not retain personal information longer than necessary to fulfill the purposes disclosed, except where legally required.

Data Subject Requests:

California consumers may request access, deletion, correction, or opt-out by:

• (a) Email: privacy@silverile.com with "CCPA Request"
• (b) Mail: Silverile Inc., Attn: Privacy, 1941 W Blaylock Dr, Phoenix, AZ 85085

Response Time: 45 days.
Authorized Agent: You may designate an authorized agent to submit requests on your behalf (with power-of-attorney).

9. COOKIES & TRACKING TECHNOLOGIES

Note: Silverile publishes a separate Cookies & Tracking Notice at silverile.com/legal/cookies. This section provides a summary.

9.1 Cookie Types

9.2 Cookie Consent

• (a) First Visit: You will see a cookie banner requesting consent for non-essential cookies;
• (b) Preference Center: Click "Manage Cookies" to customize consent per category;
• (c) Granular Control: Enable/disable individual tracking vendors;
• (d) Global Privacy Control (GPC): If enabled, we honor GPC signals and skip the banner.

9.3 Tracking Technologies

Beyond cookies, we use:

• (a) Web Beacons/Pixels: Small images that track page visits and conversions;
• (b) Local Storage: Browser storage for user preferences;
• (c) Mobile Analytics IDs: Device identifiers for app usage tracking;
• (d) Server Logs: IP addresses, timestamps, and request data.

9.4 Third-Party Tracking

• (a) Google Analytics: Tracks pageviews and user behavior (anonymized);
• (b) Mixpanel: Custom event tracking for feature usage;
• (c) Facebook Pixel: Conversion tracking for advertising;
• (d) LinkedIn Insight Tag: Professional audience analytics.

You may opt-out of third-party tracking in the Cookie Preference Center.

9.5 Do Not Track (DNT)

Some browsers include a "Do Not Track" (DNT) signal. Currently, there is no industry-wide standard for DNT. However:

• (a) We honor browser-based privacy modes (incognito/private browsing);
• (b) We honor Global Privacy Control (GPC) signals;
• (c) You may opt-out of non-essential cookies and tracking at any time.

10. CONTACT & GRIEVANCE OFFICER

10.1 Privacy Inquiries

For privacy-related questions or requests, contact:

Email: legal@silverile.com
Phone: [Phone Number]
Mailing Address:
Silverile Inc.
Privacy Team
1941 W Blaylock Dr
Phoenix, AZ 85085
USA

Response Time: 30 business days.

10.2 Grievance Officer (DPDP Act & India)

For DPDP Act grievances and data principal requests, contact:

Name: [Grievance Officer Name]
Title: [Title]
Email: grievance@silverile.com
Phone: [Phone]
Mailing Address: (same as above)
Response SLA: 30 days from receipt.
Escalation: If unsatisfied, contact the Data Protection Board of India.

10.3 Data Protection Officer (GDPR)

For GDPR-related inquiries, contact:
Email: dpo@silverile.com

10.4 Complaint Rights

You have the right to lodge a complaint with your national data protection authority:

• (a) EU/EEA: Your local Data Protection Authority (edpb.eu)
• (b) UK: Information Commissioner's Office (ico.org.uk)
• (c) India: Data Protection Board of India (data-protection-board.in)
• (d) California: California Attorney General (oag.ca.gov)

11. CHANGES TO THIS POLICY

11.1 Updates & Amendments

Silverile may update this Privacy Policy at any time. Changes will be effective 30 days after posting on silverile.com/legal/privacy-policy. Continued use constitutes acceptance.

11.2 Notification

For material changes (affecting your rights), Silverile will:

• (a) Post the update on silverile.com/legal;
• (b) Send email notification to your registered email address;
• (c) Provide 30 days to review before changes take effect.

11.3 Archive

Previous versions are archived at silverile.com/legal/archives with effective dates.

11.4 Email Subscription

Subscribe to privacy updates at silverile.com/legal/subscribe.

12. DEFINITIONS

• "Personal Information" or "Personal Data": Any information that identifies, relates to, or could be linked to an individual.
• "Processing": Any operation performed on personal data (collection, storage, use, sharing, deletion).
• "Controller": Entity that determines the purposes and means of processing (Silverile is controller for some data; Customer is controller for other data).
• "Processor": Entity that processes data on behalf of a controller (Silverile acts as processor in some cases; see DPA).
• "Subprocessor": Third-party vendor engaged by Silverile to process data (e.g., AWS, Stripe).
• "Legitimate Interest": Business interest of Silverile that does not override individual rights.
• "Consent": Affirmative, freely given, informed agreement to processing.

By using Silverile Services, you acknowledge having read, understood, and agreed to this Privacy Policy.

Last Updated: January 2, 2026