Legal

Privacy Policy

Last updated: June 25, 2026

This policy describes what Validova collects, how we use it, and the commitments we make about the data you trust us with — including a dedicated disclosure of our use of Google APIs. Validova is operated by Solvara LLC, a New Mexico limited liability company.

1. Who we are

"Validova," "we," "us," and "our" refer to Solvara LLC, the company that builds and operates the Validova platform. Our contact details are at the bottom of this page.

Validova is a sending tool. It lets one person — or a small team — compose branded HTML email templates inside HubSpot or Pipedrive and deliver them through their own Gmail or Google Workspace account. Throughout this policy, "you" means the person using Validova, and "your recipients" means the contacts you choose to email.

2. What we collect

We try to collect as little as possible. In practice, that means three categories:

Account information. Your name, business email address, company name, role, and billing details. You give this to us when you sign up, subscribe, or update your profile.

Template and configuration data. The HTML templates you create, the brand assets (logos, colors, fonts) you upload, the merge-field mappings you configure, and any settings tied to your account or team.

Operational metadata. Limited records about how Validova is used — sign-in timestamps, whether a send succeeded or failed, which CRM record a template was rendered against, and basic diagnostic logs. We use this to keep the product working and to support you when something breaks.

3. What we do not collect

We do not read, view, scan, index, or store the contents of your Gmail inbox or sent folder. We do not analyze your email history, your replies, or messages unrelated to a Validova send.

We do not sell personal information, share it with data brokers, or use your or your recipients' data to train artificial intelligence or machine-learning models. We do not run advertising on Validova.

Required disclosure

4. Google API Data Disclosure

Validova's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

When you connect a Gmail or Google Workspace account to Validova, we use Google OAuth to request the minimum scope required to send email on your behalf. That scope is the gmail.send permission.

We use this access for one purpose only: to deliver the message you composed in Validova through your Google account so that, from your recipient's perspective, the email arrives from you. We commit, explicitly, that we will not:

  • Read, view, download, or store the contents of your inbox, drafts, archives, or sent folder.
  • Scan, analyze, or index any messages other than the message you specifically ask Validova to send.
  • Use Google user data to develop, train, or improve any generalized or non-personalized machine-learning or artificial-intelligence models.
  • Transfer Google user data to third parties, except as strictly necessary to provide or improve user-facing features prominent in Validova, or to comply with applicable law.
  • Allow humans to read Google user data, except (a) with your explicit affirmative consent for specific messages, (b) when necessary for security investigations or to comply with law, or (c) when the data has been aggregated and anonymized and is used for internal operations.
  • Sell Google user data, under any circumstances.

The OAuth token we receive is encrypted at rest and used solely to call the Gmail send endpoint with the message you composed. You can revoke Validova's access at any time at myaccount.google.com/permissions; revocation takes effect immediately and stops all future sends through that account.

If you ever have questions about how we handle Google data, write to privacy@validova.com.

5. Third-party CRM integrations (HubSpot & Pipedrive)

Validova interfaces with HubSpot and Pipedrive to deliver its core feature: a floating widget that appears inside a CRM record and pre-fills your branded template with the variable fields on that record (contact name, deal stage, loan amount, and similar).

In this exchange, Validova acts solely as a data processor. Your CRM provider is the controller of the contact and deal data inside your CRM. We only display and pull the variable field data required to render the template you chose, on the record you opened. We do not bulk-export your CRM database, replicate it into our own systems, or use CRM contact data for any purpose other than to populate the email you are about to send.

All data exchanged with HubSpot and Pipedrive flows over their official APIs using OAuth credentials you control. You can disconnect either integration from your CRM settings at any time, which immediately revokes Validova's access.

HubSpot and Pipedrive each have their own privacy practices. Their handling of your data is governed by the agreement you have with them, not by this policy.

6. How we use what we collect

We use the data described in Section 2 to:

  • Operate the Validova service — authenticate you, render templates, deliver sends, and keep the product available.
  • Bill you accurately and process subscription payments through our payment processor.
  • Provide support — when you email us about a broken send or a misfiring merge field, we look at the operational metadata for your account to diagnose it.
  • Communicate with you about your account, security events, and material product changes. We send marketing email only if you opted in, and you can opt out at any time.
  • Protect Validova — detect abuse, prevent spam sends through our infrastructure, and enforce our Terms of Service.
  • Comply with our legal obligations.

7. Subprocessors

We rely on a small number of vetted vendors to run Validova. Each is bound by a written agreement that requires confidentiality and a level of data protection at least as strict as this policy.

Our current subprocessors are: Amazon Web Services (US-region hosting), Stripe (subscription billing and payments), and Sentry (error monitoring).

We will update this list if it changes materially. For an up-to-date subprocessor list, email support@validova.com.

8. Security

Data is encrypted in transit using TLS 1.2 or higher and at rest using AES-256. OAuth tokens are stored encrypted with envelope encryption; only the Validova send service can decrypt them at the moment of use.

We restrict employee access to production systems on a need-to-know basis, log administrative actions, and review our access policies regularly. No system is perfectly secure, but we treat the data you give us as if it were our own.

9. Data retention

We retain account, template, and configuration data for as long as your account is active. When you cancel, we keep your data for up to 30 days in case you reopen the account, and then delete it from production systems. Backups are purged on a rolling 90-day cycle.

Operational logs are kept for up to 12 months for security and debugging. Billing records are retained for the period required by tax and accounting law (typically 7 years).

10. Your rights

You can access, correct, export, or delete the personal data we hold about you at any time. Most of this is available directly in your account settings; for anything that isn't, email support@validova.com and we will respond within 30 days.

Users in the European Economic Area, the United Kingdom, and Switzerland have additional rights under the GDPR and equivalent laws, including the right to object to processing and the right to lodge a complaint with a supervisory authority.

California residents have rights under the CCPA/CPRA, including the right to know, the right to delete, the right to correct, and the right to opt out of "sale" or "sharing." We do not sell personal information.

11. International transfers

Validova is operated from the United States, and our infrastructure is hosted in the United States. If you access Validova from another country, you understand that your data will be transferred to and processed in the U.S. Where required, we rely on the Standard Contractual Clauses approved by the European Commission for cross-border data transfers.

12. Children

Validova is a business tool and is not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us data, contact us and we will delete it.

13. Changes to this policy

If we change this policy materially, we will update the "Last updated" date and, for significant changes, notify active account holders by email at least 30 days before the change takes effect. Continued use of Validova after the effective date means you accept the revised policy.

14. Contact us

Privacy questions, data requests, and security disclosures all go to the same place. We respond.

Solvara LLC
Attn: Privacy
1209 Mountain Road Pl NE, Ste R
Albuquerque, NM 87110, USA
privacy@validova.com · (818) 612-8140