Request a Demo

Privacy Policy

Last updated: February 2026
Version 2.0

What is this policy about?

Invela, Inc. (“Company”, “we”, “our”, or “us”) respects your privacy and is committed to protecting it. This policy describes how we collect, process, retain, and disclose personal data collected about you in furtherance of entering into a definitive agreement (“Definitive Agreement”) with our customers for the provision of services to them through our websites, applications, products, and services (our “Services”) and our practices for using, maintaining, protecting, and disclosing that data.

This policy applies to personal data we collect:

  • Through use of the Services.
  • Through use of the website to which this policy is linked.
  • In communications, including email, text, chat, and other electronic messages, between you and us.
  • As part of our due diligence on our customer prior to entering into a Definitive Agreement.
  • In other ways where we refer to this Privacy Policy.

It does not apply to information collected by:

  • Us, through any other means, including on any other website operated by Company or any third party that does not link to this policy; or
  • Any third party, including through any application or content (including advertising) that may link to or be accessible from or through the website.

We may provide additional or different privacy policies that are specific to certain features, services, or activities.

Please read this policy carefully to understand our policies and practices regarding your data and how we treat it. This policy may change from time to time (see Changes to Our Privacy Policy), so please check the policy periodically for updates.

Personal data we collect and why

“Personal data” is information that identifies, relates to, or describes, directly or indirectly, you as an individual, such as your name, email address, telephone number, home address or any other identifier we may use to contact you online or offline.

Applicable data protection laws require us to inform you about the purposes for which we use your personal data (see below table). We have also set out the legal reasons for our use of your personal data.

We process the following types of personal data, which we collect either directly from you, via our customer or prospective customer, from publicly available sources, third parties who conduct background checks or automatically using automatic data collection technologies.

Category of personal data Purpose of processing Legal reason for processing
Account and contact details (name, postal address, email address, phone number, username and other contact information you provide us.) relating to our contacts at our customers and prospective customers, and users of our Services.
  • To provide our customers with the Services and any contents, features, information, products, or services that we make available through the Services.
  • To fulfill and manage subscriptions, purchases, and payments.
  • To fulfill any other purpose for which you provide it.
  • To provide our customers with notices about their account, including expiration and renewal notices.
  • To improve our Services, including by analyzing your information and creating aggregated data derived from your information to develop, maintain, analyze, improve, optimize, measure, and report on our Services and their features and how users interact with them.
  • To carry out our obligations and enforce our rights arising from contracts with our customers, including billing and collection.
  • To notify our customers when Service updates are available and about changes to products or services we offer or provide through them.
 We process this data for these purposes as it is in our legitimate interest to provide our Services to our customers, keep you informed of our offering and grow our business, or because we are required to do so to comply with applicable law or to defend or protect our rights.
Device and web data (IP address, traffic data, web logs, device identifiers, operating system and version, preferred language, resources and Services features that you access, and other device information such as browser type) relating to users of our Services.
  • To provide our customers with the Services and any contents, features, information, products, or services that we make available through the Services.
  • To carry out our obligations and enforce our rights arising from contracts with our customers, including billing and collection.
  • To improve our Services and deliver a better and more personalized experience by enabling us to:
    • Estimate our audience sizes and usage patterns.
    • Store information about your preferences, allowing us to customize the Services according to your individual needs and interests.
    • Speed up your searches.
    • Recognize you when you return to our Services.
 We collect this information using cookies and web beacons. Where legally required, we obtain your prior consent to dropping cookies and processing personal data collected via those cookies. If we don’t require your consent, we process this data because it is in our legitimate interests to provide you with content relevant to you in the most optimum format. In some cases, we also process this data because we are required to do so to comply with applicable law, for example relating to fraud and cyber crime and to protect personal data.
Technical data (internet connection, IP address, operating system, browser type, traffic data, logs and other communications data, usage details about your interactions with the Services such as clickstream information, time stamp, location data, products that you view or search for, page interaction information, methods used to browse away from a page) relating users of our Services.
  • To improve our Services and deliver a better and more personalized experience by enabling us to:
    • Estimate our audience sizes and usage patterns.
    • Store information about your preferences, allowing us to customize the Services according to your individual needs and interests.
    • Speed up your searches.
    • Recognize you when you return to our Services.
 We collect this information using cookies and web beacons. Where legally required, we obtain your prior consent to dropping cookies and processing personal data collected via those cookies. If we don’t require your consent, we process this data because it is in our legitimate interests to provide you with content relevant to you in the most optimum format and to monitor errors in our Services to improve them. In some cases, we also process this data because we are required to do so to comply with applicable law, for example relating to fraud and cyber crime and to protect personal data.
Account and contact details and Technical data relating to our contacts at our customers and prospective customers. To contact you about goods and services that may be of interest to you. Where legally required, we obtain your prior consent to market to you. If we don’t require your consent, we process this data because it is in our legitimate interests to market our business.
Statistics or aggregated information (personal data that has been aggregated or anonymized) To improve our Services, for example, by enabling us to estimate our audience sizes and usage patterns. We process this data for these purposes because it is in our legitimate interest to monitor its performance with a view to growing and improving the business.
Due Diligence Data (varies by customer but can include identity verification documents (government-issued photo identification), address verification documents, place of birth, nationality, jurisdiction of residency, professional background and business connections (including directorships, memberships, management roles), shareholdings.) For customer onboarding, Know Your Client and/or Know Your Business (KYC or KYB) procedures, anti-money laundering checks and sanctions screening. We process this data because we are required to do so by applicable law or regulation or because it is in our legitimate interest to know who we are doing business with.

Device and web data, and Technical Data is collected automatically using automatic data collection technologies such as cookies and web beacons. For more information about the cookies used by our Service, please see our Cookies Policy [here].

If we combine or connect non-personal data with personal data so that it directly or indirectly identifies you, we treat the combined information as personal information.

Do we share personal data with third parties?

We may disclose aggregated information about our users, and information that does not identify any individual, without restriction.

We may also disclose personal data that we collect or you provide as described in this privacy policy to:

  • Our subsidiaries and affiliates;
  • Contractors, service providers, and other third parties we use to support our organization;
  • A buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal data held by us is among the assets transferred;
  • Law enforcement, or legal, government or regulatory authority.

We may disclose personal data to third parties for the following reasons:

  • To fulfill the purpose for which you provide it;
  • For any other purpose disclosed by us when you provide the information;
  • With your consent;
  • To comply with any court order, law, or legal process, including to respond to any government or regulatory request;
  • To enforce or apply our terms of use [INSERT AS LINK TO TERMS OF USE] and other agreements, including for billing and collection purposes; or
  • If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of our organization, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

What rights do you have over your personal data?

Depending on your jurisdiction, you may have some or all of the following rights in relation to your personal data, subject to certain limitations and exceptions:

  • Access – You may ask us to verify whether we are processing personal data about you, and if so, to provide a copy of that data.
  • Correction – You may ask us to correct our records if you believe they contain incorrect or incomplete information about you.
  • Erasure – You may ask us to erase (delete) your personal data after you withdraw your consent to processing or when we no longer need it for the purpose it was originally collected. In most cases, this right will not apply where we process your personal data to comply with a legal obligation.
  • Processing restrictions – You may ask us to temporarily restrict our processing of your personal data if you contest the accuracy of your personal data, prefer to restrict its use rather than having us erase it, or need us to preserve it for you to establish, exercise, or defend a legal claim. You can also ask us to inform you before we lift that restriction.
  • Data portability – Where you have provided personal data to us, you may ask us to transmit that personal data (in a structured, commonly used, and machine-readable format) directly to another company if it is technically feasible.
  • Right to object – You may object to our use of your personal data for direct marketing purposes, including profiling, at any time. We may need to keep some minimal information to comply with your request to cease marketing to you. You can also object to our use of your personal data where our processing is necessary for us to pursue a legitimate interest.
  • Right to withdraw consent – You may withdraw consent previously given for one or more specified purposes. This will not affect the lawfulness of processing carried out before you withdraw consent. It may mean we are not able to provide certain products or services to you and we will advise you if this is the case.
  • Right to lodge a complaint – You may lodge a complaint with the relevant data protection supervisory authority of your country if you believe your rights have been infringed.

Do we transfer your personal data outside your jurisdiction?

In the event we transfer your personal data to our subsidiaries or affiliates, or to a third party located outside the jurisdiction in which you reside in, such transfers will be carried out in accordance with applicable data protection laws, and we will ensure that appropriate safeguards are in place to protect your personal data. If you wish to obtain more information on how we protect your data or wish to obtain a copy of the legal instruments implemented, please contact us using the contact details (see Contact Information).

How long do we retain your personal data?

We may retain your personal data for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable or regulatory requirements in order to meet our legal and regulatory obligations. We may retain your personal data for a longer period where necessary for other legal or regulatory reasons, to respond to questions or complaints, and to defend any legal claims.

How do we protect your personal data?

We use commercially reasonable administrative, physical, and technical measures designed to protect your personal data from accidental loss or destruction and from unauthorized access, use, alteration, and disclosure. However, no website, mobile application, system, electronic storage, or online service is completely secure, and we cannot guarantee the security of your personal data transmitted to, through, using, or in connection with the Services.

In particular, email, texts, and chats sent to or from the Services may not be secure, and you should carefully decide what information you send to us via such communications channels. Any transmission of personal data is at your own risk.

The safety and security of your information also depends on you. You are responsible for taking steps to protect your personal data against unauthorized use, disclosure, and access – e.g. keeping your passwords confidential.

Children’s data

Our Services are not intended for, and we do not knowingly collect any personal data from, children under the age of 16. If we learn we have collected or received personal data from a child under 16 years old, we will delete that information.

Changes to Our Privacy Policy

We may update this policy from time to time, and we will provide notice of any such changes to the policy as required by law. The date the privacy policy was last updated is identified at the top of the page.

We will notify you of changes to this policy by updating the “last updated” date and posting the updated policy on the Services. We may email or otherwise communicate reminders about this policy, but you should check our Services periodically to see the current policy and any changes we have made to it.

Contact Information

To exercise your rights or ask questions or comment about this privacy policy or our privacy practices, contact us at [email protected] or by regular mail: Invela, Inc. 155 North 400 West, Suite 580, Salt Lake City, UT 84103.

If you are not satisfied with our processing of your personal data, or how we respond to, or deal with, your data protection enquiry, you can make a complaint to the regulator within your jurisdiction.

California Privacy Addendum (CCPA / CPRA)

Last updated: January 29, 2026

This California Privacy Addendum (“Addendum”) supplements the Invela, Inc. Privacy Policy and applies solely to California residents whose personal information is subject to the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (“CCPA/CPRA”).

If there is any conflict between this Addendum and the main Privacy Policy, this Addendum controls for California residents.

1. Definitions

For purposes of this Addendum:

  • “Personal Information” has the meaning given in the CCPA/CPRA.
  • “Sensitive Personal Information” includes, among other things, government-issued identification, nationality, place of birth, and residency status.
  • “Sell,” “Share,” “Service Provider,” “Contractor,” and “Third Party” have the meanings assigned under the CCPA/CPRA.

2. Notice at Collection – Categories of Personal Information

In the preceding twelve (12) months, Invela, Inc. has collected the following categories of personal information:

CCPA Category Examples
Identifiers Name, email address, phone number, postal address, IP address
Commercial Information Subscription details, service usage
Internet or Network Activity IP address, device identifiers, cookies, logs
Geolocation Data Approximate location derived from IP
Professional or Employment Information Job title, employer, business contact details
Sensitive Personal Information Government-issued ID, nationality, place of birth, jurisdiction of residency

Personal information is collected directly from customers or prospective customers, from service providers, from publicly available sources, and automatically through cookies and similar technologies.

3. Purposes for Collection and Use

We collect and use personal information for the following business purposes:

  • Providing, operating, and maintaining our Services
  • Managing customer relationships and accounts
  • Billing, payment processing, and contract administration
  • Customer onboarding, KYC/KYB, AML, and sanctions screening
  • Security, fraud detection, and risk prevention
  • Legal and regulatory compliance
  • Marketing and business development
  • Analytics, product development, and service improvement

4. Retention of Personal Information

We retain personal information only as long as reasonably necessary to fulfill the purposes disclosed above, unless a longer retention period is required by law.

Typical retention periods include:

  • Account and Contact Information: Duration of the customer relationship plus up to seven (7) years
  • Technical and Device Data: Up to twenty-four (24) months
  • Due Diligence and KYC/KYB Data: As required by applicable law and regulation
  • Marketing Data: Until you opt out or request deletion

5. Sale or Sharing of Personal Information

  • Invela, Inc. does not sell personal information for monetary consideration.
  • Invela, Inc. does not share personal information for cross-context behavioral advertising.

We may disclose personal information to service providers and contractors strictly for business purposes permitted under the CCPA/CPRA and subject to contractual restrictions.

6. Sensitive Personal Information

We collect Sensitive Personal Information solely for purposes permitted under the CCPA/CPRA, including:

  • Identity verification
  • Legal and regulatory compliance
  • Security and fraud prevention

We do not use or disclose Sensitive Personal Information for purposes outside those permitted by law.

California residents have the right to limit the use and disclosure of their Sensitive Personal Information.

7. California Consumer Rights

Subject to certain exceptions, California residents have the right to:

  • Right to Know: Request disclosure of the categories and specific pieces of personal information collected, used, disclosed, or shared
  • Right to Access: Obtain a copy of personal information collected
  • Right to Delete: Request deletion of personal information
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt Out: Opt out of the sale or sharing of personal information
  • Right to Limit: Limit the use and disclosure of Sensitive Personal Information
  • Right to Non-Discrimination: Not be discriminated against for exercising privacy rights

8. Exercising Your Rights

You may exercise your California privacy rights by contacting us:

Email: [email protected]
Mail:
Invela, Inc.
155 North 400 West, Suite 580
Salt Lake City, UT 84103

We will verify your identity before processing requests and respond within 45 days, subject to extensions permitted by law.

You may designate an authorized agent to submit requests on your behalf.

9. Do Not Sell or Share My Personal Information

California residents may opt out of the sale or sharing of personal information by contacting us at [email protected].

We honor Global Privacy Control (GPC) signals where required by applicable law.

10. Updates to This Addendum

We may update this California Privacy Addendum from time to time. Any changes will be effective when posted, and the “Last Updated” date will be revised accordingly.

Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

Powered by  GDPR Cookie Compliance