How Sorvyn collects, uses, and protects your personal data.
Sorvyn ("we", "us", "our") is an AI automation platform for service businesses. We provide pre-built workflow automations that help businesses save time on repetitive tasks such as meeting summaries, email categorization, lead follow-up, and daily digests.
Sorvyn is operated by Patrick Martins Ribeiro, based in Luxembourg, European Union.
Data Controller: Patrick Martins Ribeiro, Sorvyn
Contact: patrick@mrmedia.ai
Jurisdiction: Luxembourg, European Union
When you use Sorvyn, we collect the following categories of personal data:
Your name, email address, and profile picture from your Google account when you sign in via Google OAuth.
Access to your Gmail, Google Calendar, and Google Drive — only to the extent required to run your activated automations.
Execution logs, time saved per automation, success/failure status, and metadata from your workflow runs.
Subscription status and billing history. Payment card details are processed and stored by Stripe — we never see or store your card number.
Settings you provide when activating workflows, such as email addresses, category rules, and automation preferences.
IP address, browser type, and access timestamps automatically logged by our hosting provider (Vercel) for security purposes.
Important: We practice data minimization. We only collect what is strictly necessary to deliver your automations. We do not sell your data. We do not use your data for advertising.
We use your personal data for the following purposes:
We do not use your data to train AI models, sell to third parties, or serve advertisements.
Under the General Data Protection Regulation (GDPR), we process your personal data on the following legal bases:
Sorvyn uses the following third-party services to deliver our platform. Each acts as a data processor under our instruction:
| Service | Purpose | Data Shared | Privacy Policy |
|---|---|---|---|
| Google OAuth | User authentication and access to Gmail, Calendar, Drive | Account info, email content, calendar events | View → |
| Supabase | Database storage and authentication backend | Account data, workflow configs, execution logs | View → |
| Stripe | Payment processing and subscription management | Email address, subscription status | View → |
| Anthropic (Claude API) | AI processing for automation content generation | Email content, meeting notes (processed, not stored) | View → |
| n8n | Workflow automation execution engine | Automation configurations, execution data | View → |
| Vercel | Platform hosting and content delivery | IP address, browser type, access logs | View → |
Regarding Anthropic (Claude API): When your automations process email content or meeting notes using AI, this content is sent to Anthropic's API for processing. Anthropic does not use API data to train their models and does not retain this data permanently. See Anthropic's privacy policy for full details.
We retain your personal data for as long as necessary to provide our services and comply with legal obligations:
When you delete your account, we permanently delete all personal data within 30 days, except where retention is required by law.
As a resident of the European Union (or any user of Sorvyn), you have the following rights regarding your personal data:
Request a copy of all personal data we hold about you.
Request correction of inaccurate or incomplete data.
Request deletion of your personal data ("right to be forgotten").
Request that we restrict processing of your data in certain circumstances.
Receive your data in a structured, machine-readable format.
Object to processing of your data for certain purposes.
Withdraw your Google account permissions at any time via Google account settings.
File a complaint with the Luxembourg data protection authority (CNPD).
To exercise any of these rights, contact us at patrick@mrmedia.ai. We will respond within 30 days.
Luxembourg Supervisory Authority: Commission Nationale pour la Protection des Données (CNPD)
Website: cnpd.public.lu
Address: 15, Boulevard du Jazz, L-4370 Belvaux, Luxembourg
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:
In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours as required by GDPR Article 33.
Sorvyn uses minimal cookies strictly necessary for the platform to function:
Because we only use strictly necessary cookies, we are not required to display a cookie consent banner under the ePrivacy Directive. However, you can clear cookies at any time through your browser settings, which will log you out of Sorvyn.
Sorvyn is a professional business automation platform intended for use by adults and businesses. We do not knowingly collect personal data from individuals under the age of 16.
If you believe a minor has provided us with personal data, please contact us at patrick@mrmedia.ai and we will delete it promptly.
We may update this Privacy Policy from time to time as our platform evolves or legal requirements change. When we make material changes, we will:
Your continued use of Sorvyn after the effective date of any changes constitutes your acceptance of the updated policy.
If you have any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact us: