Privacy Policy

Pavost ("we", "us", "our") is an AI strategy and business architecture consultancy operated by Chris Ikharo. Our website is at https://pavost.com.

This Privacy Policy explains how we collect, use, store, and protect personal data submitted through our website. It complies with applicable U.S. privacy laws and, where applicable, the EU General Data Protection Regulation (GDPR).

We collect personal data only when you voluntarily provide it through our website forms:

• Audit Requests: Name, email, company, role, and your message.
• Contact form: Name, email, and message.
• Newsletter signup: Email address.
• Speaking inquiries: Name, email, organization, event details, and message.

We also collect analytics data via Google Analytics 4 (only with your cookie consent), including pages visited, time on site, device type, and geographic region (country level).

We use the data you submit to:

• Respond to your inquiry or request
• Schedule and conduct AI Audit sessions
• Send you The Pavost Brief newsletter (only if you explicitly signed up)
• Improve our services and website

We do not sell, rent, or trade your personal data to third parties. We do not use your data for automated decision-making or profiling.

For individuals in the EU/EEA, our legal basis for processing is:

• Consent — for newsletter subscriptions and analytics cookies
• Legitimate interests — for responding to direct inquiries
• Contract — for processing data related to service engagements

Form submissions are stored in Supabase (hosted on AWS infrastructure) with row-level security enabled. Only authorized personnel can access your data.

We retain form submission data for up to 3 years, or until you request deletion. Newsletter subscriber data is retained until you unsubscribe or request deletion. Analytics data (Google Analytics) is retained for 14 months per Google's default settings.

We use the following third-party services to operate this website:

• Supabase — database storage for form submissions. Data is stored in the EU (unless you configure otherwise). Privacy policy: supabase.com/privacy
• ZeptoMail (Zoho) — transactional email for form notification emails. Privacy policy: zoho.com/privacy.html
• Google Analytics 4 — website analytics (only with consent). Privacy policy: policies.google.com/privacy
• Cloudflare Pages — website hosting and edge delivery. Privacy policy: cloudflare.com/privacypolicy

We use cookies as described in our Cookie Policy. You can control cookie usage via the banner shown on your first visit.

Under NDPR and GDPR, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion of your data ("right to be forgotten")
• Object to or restrict processing
• Data portability (where applicable)
• Withdraw consent at any time (for newsletter and analytics cookies)

To exercise any of these rights, email us at privacy@pavost.com. We will respond within 30 days.

Data collected through our website is stored on Supabase infrastructure. If you are located in the EU/EEA, your data may be transferred to and processed outside the EEA. Where required, we rely on Standard Contractual Clauses or other lawful transfer mechanisms.

For any privacy-related questions or requests: privacy@pavost.com

If you are in the EU/EEA and are dissatisfied with our response, you have the right to lodge a complaint with your local data protection authority.