Back to pricing

Privacy Policy

Last updated June 22, 2026.

This Privacy Policy explains how Serava, Inc. ("Serava," "we," "us") collects, uses, shares, and protects information when you visit serava.ai, request a target-map preview, subscribe to Serava Pro, book a target-review call, contact us, or otherwise use the Service. By using the Service, you acknowledge this Policy. If you do not agree, do not use the Service.

1. Information we collect

Information you provide. Account and contact information (name, email, phone, company/firm), acquisition criteria (geographies, industries, revenue and headcount ranges, deal-size targets, notes), seller-interest submissions, shortlist and pipeline entries, notes, statuses, and any messages you send us. If you book a call, we receive the calendar metadata (time, time zone, contact email) from Cal.com.

Payment information. Stripe handles payment cards and billing details. Serava receives only billing metadata such as the last four digits of the card, card brand, country, customer ID, subscription ID, payment status, trial dates, and amount. Serava does not store full card numbers.

Usage and device data. IP address, user-agent, referrer, pages viewed, preview generations, upgrade-CTA clicks, checkout starts and completions, target views, shortlist changes, export activity, workflow status changes, search queries, and similar product-analytics events. Some events are stored in our database; some are sent to privacy-respecting analytics (Cloudflare Web Analytics, server logs).

Authentication data.If you sign in with Google, we receive your Google account ID, email, name, and profile image as authorized by you under Google's consent screen. We do not receive your Google password.

Business and business-owner data in our database.Our target maps are built from publicly available sources: business registries and secretary-of-state filings, professional license boards, company websites, business directories and review sites, and other open web pages. This is primarily firmographic data about companies, but it also includes business-contact and owner/principal information, such as an owner or principal's name, a business phone number, a business or contact email where published, a website, and a LinkedIn URL. Some of this is personal information about those individuals under laws such as the California Consumer Privacy Act (as amended, the "CCPA/CPRA") and the GDPR. We collect it from the sources above, not from the individual directly. If you are an individual described in our database, see the section "Individuals in our business database" below for how to opt out, suppress, or delete your information.

2. How we use information

We use information to:

  • Build, deliver, refresh, and refine free target-map previews;
  • Provision and bill Pro subscriptions;
  • Authenticate you, secure your account, and prevent fraud and abuse;
  • Route follow-up, including target-review call invitations and onboarding emails;
  • Improve matching, enrichment, ranking, coverage, and reliability;
  • Diagnose conversion friction, debug errors, and measure feature performance;
  • Comply with legal obligations and enforce our Terms.

A note on "selling" and "sharing." We do not sell or share youraccount or usage information to advertisers, and we do not use Customer Content to train third-party foundation models. However, because we make the business-owner contact information described above available to paying subscribers, that activity may be treated as a "sale" or "sharing" of those individuals' personal information under the CCPA/CPRA and similar laws. We disclose this plainly and provide an opt-out and deletion path in the "Individuals in our business database" section below.

3. Legal bases (EEA/UK users)

Where the GDPR or UK GDPR applies, we process personal data on the following legal bases: (a) performance of a contract - to deliver the Service you requested; (b) legitimate interests - to operate, secure, and improve the Service, prevent abuse, and grow our business in a way that does not override your rights; (c) consent - for optional communications you opt into, and where required by law for analytics or cookies; and (d) legal obligation - to comply with tax, accounting, and law-enforcement requests.

4. Sharing with service providers

We share information with vetted processors that help us run the Service, including:

  • Stripe - payment processing, subscription management, tax calculation.
  • Resend - transactional and product emails.
  • Cloudflare - edge delivery, caching, DDoS protection, bot mitigation, Web Analytics.
  • Fly.io - application hosting and database hosting.
  • Google - sign-in (OAuth); optional Search Console measurement for SEO.
  • Cal.com - call scheduling for target-review and target-review calls.
  • Telegram - internal operational alerts (e.g., checkout, signup) routed to the founder.

Each processor is bound by its own terms and processes data on our behalf, except payment processors, which act as independent controllers for fraud and regulatory purposes. We may also disclose information (i) to comply with law, lawful process, or government requests; (ii) to protect rights, safety, or property; or (iii) in connection with a merger, acquisition, or sale of assets, with notice where required.

5. Cookies and similar technologies

We use a small set of strictly-necessary cookies for authentication and session management, and cookieless or privacy-respecting analytics where possible. We do not run third-party advertising trackers on the Service. Where required by law, we will request consent for non-essential cookies.

6. Data retention

We retain account, mandate, shortlist, and workflow data for as long as your account is active and for a reasonable period afterward to support reactivation, audit, security, dispute resolution, and legal obligations (typically up to seven (7) years for billing records, shorter for product analytics). Free previews not linked to an active account may be pruned earlier. You can request earlier deletion at any time, subject to the limits below.

7. Security

We use industry-standard safeguards including TLS in transit, encrypted backups, least-privilege access for staff, server-side authorization checks on every dashboard, isolated billing webhooks with signature verification, and edge-level rate limiting and bot mitigation. No system is perfectly secure; if you believe your account has been compromised, contact sadra@serava.ai immediately.

8. Your rights

Depending on where you live, you may have rights to access, correct, delete, port, restrict, or object to the processing of your personal data, and to opt out of certain disclosures or automated decision-making. California residents have rights under the CCPA/CPRA, including the right to know, delete, correct, opt out of the "sale" or "sharing" of personal information, limit use of sensitive personal information, and not be discriminated against for exercising these rights. As explained above and in the "Individuals in our business database" section, our provision of business-owner contact data to subscribers may be a "sale" or "sharing"; you may opt out and request deletion using the methods in that section or below. EEA, UK, and Swiss residents have rights under the GDPR/UK GDPR (access, rectification, erasure, restriction, portability, and objection), including the right to lodge a complaint with your local supervisory authority. To exercise any of these rights, email sadra@serava.ai. We will verify your request and respond within the timeframe required by applicable law.

9. International transfers

We are based in the United States and our service providers may operate globally. Where personal data is transferred from the EEA, UK, or Switzerland to a country without an adequacy decision, we rely on appropriate safeguards such as Standard Contractual Clauses and supplementary measures imposed by our processors.

10. Children

The Service is not directed to children under 16, and we do not knowingly collect personal information from children. If you believe a child has provided information to us, contact us so we can delete it.

11. Individuals in our business database (notice, opt-out, deletion)

Our target maps and Pro exports include business-contact and owner/principal information sourced from public records and the open web (see Section 1). We did not collect this information from you directly. For residents of California and other states with comparable laws, the categories of personal information we may process about a listed individual are: identifiers (name, business email and phone); professional or employment-related information (role, company, owner tenure); and internet/inference data (publicly posted profiles and model-derived estimates). The sources are public business registries, license boards, company websites, business directories, and review sites. The business purpose is to help acquirers identify and contact potential acquisition targets. Because we make this information available to paying subscribers, that activity may constitute a "sale" or "sharing" of personal information under the CCPA/CPRA and similar laws.

Do Not Sell or Share My Personal Information / opt out / delete / correct.If you are an individual described in our data, you may at any time ask us to (a) opt you out of any "sale" or "sharing," (b) suppress your contact details from target maps and exports, (c) delete your information, or (d) correct it. Email sadra@serava.ai with the company name and your request. You do not need an account; we will verify your request, honor it within the time required by applicable law (generally up to 45 days under the CCPA, extendable once), and we will not discriminate against you for exercising these rights. Authorized agents may submit requests with proof of authorization. Under the GDPR/UK GDPR, this notice also serves as our Article 14 notice for personal data obtained from sources other than you, and our legal basis for processing is our legitimate interest in operating a B2B acquisition-sourcing service, balanced against your rights, with a right to object at any time.

You can submit any of these requests with the form below, or by email to sadra@serava.ai. The form reaches us immediately so we can act within the legal window.

Submit a privacy request

No account needed. We verify every request and never discriminate for exercising your rights.

12. Changes to this Policy

We may update this Policy from time to time. Material changes will be communicated by email to the address on file or by a notice on the Service at least thirty (30) days before they take effect, except where a faster change is required for legal, security, or fraud-prevention reasons. The "Last updated" date at the top reflects the current version.

13. Contact

Privacy questions, requests, or complaints? sadra@serava.ai.

Last updated June 22, 2026. Prior versions available on request.