Privacy Policy

Last updated: March 2026

TL;DR: We collect the minimum data needed to run your help center. Your content is yours. We never sell your data. We use privacy-first analytics with no tracking cookies. We name every third-party service that touches your data below.

The short version

The privacy of your data — and it is your data, not ours — is a big deal to us. We're a small, bootstrapped company. We don't have investors pressuring us to monetize your information. We don't run ads. We don't sell data. Our business model is simple: you pay us for a help center, we host it well.

When we say "we," we mean M&S CapitalSoft LLC, the company behind Selvo (selvo.co). When we say "you," we mean you — the person or organization using Selvo to build and manage a help center.

We process your data under three legal bases:

  • Contract. We need your account information and content to provide the service you signed up for.
  • Legitimate interest. We use anonymous analytics to improve the product and log API usage for security. These don't override your privacy because we minimize data collection and don't track individuals.
  • Legal obligation. We keep certain records when required by tax or other laws.

We don't rely on consent as a legal basis because we don't send marketing emails or use tracking cookies.

What we collect and why

Account information

We collect your name and email address when you create an account. We use this to identify you, log you in, and send you important product emails (password resets, workspace invitations, security notices). That's it.

Billing information

We use Stripe to process payments. Your card number, expiration date, and billing details go directly to Stripe. We never see, store, or have access to your full card details. We receive only a transaction reference and your plan status so we know what features to enable.

Your content

When you create articles, collections, and upload images, we store that content so we can display your help center. This is the core of what Selvo does. You own your content. We don't use it for anything other than providing and improving the service.

Uploaded images and files are stored in Google Cloud Storage. Article images in published help centers are publicly accessible — that's how your visitors can see them.

Help center visitor analytics

When someone visits your published help center, we collect anonymous page view data using a privacy-first approach. We hash the visitor's IP address and user agent into an anonymous identifier. We don't store raw IP addresses. We don't use tracking cookies on visitors. We don't track visitors across sites. We store only aggregate counts — page views per article, per day.

Cookies

We use session cookies on the dashboard (app.selvo.co) to keep you logged in. These cookies are scoped to .selvo.co so authentication works across the dashboard. We don't use advertising cookies, tracking cookies, or third-party cookie-based analytics. There's nothing to opt out of.

API access

If you use our API (including the MCP server for AI tools), we log your API key usage for security and rate limiting. We don't log the content of your API requests.

Third-party services we use

Here's every service that handles your data, what they do, and a link to their privacy policy:

  • Vercel — Hosts the application, serves your help center pages, provisions SSL certificates for custom domains.
  • Neon — Hosts our PostgreSQL database where your account and content data lives.
  • Stripe — Processes payments. Handles all credit card data directly.
  • Resend — Sends transactional emails (password resets, workspace invitations, notifications).
  • Google Cloud Storage — Stores images and files you upload to your help center.

We don't use any advertising networks, social media trackers, or third-party analytics services that track individuals.

When we share your information

We share your information only in these specific situations:

  • To provide the service. Your help center content is published publicly — that's the point of a help center. Workspace members you invite can see your workspace content.
  • With the processors listed above. Each handles a specific part of the service as described.
  • If required by law. If a government authority makes a legally valid request, we comply with the minimum necessary. We'd notify you unless legally prohibited from doing so.
  • If the company is acquired. If Selvo is sold, your data transfers to the new owner under the same commitments. We'd notify you before this happens.

We never sell your personal data. We never share it with advertisers. We never will.

Your rights

Regardless of where you live, we provide the same rights to everyone:

  • Access. Request a copy of all data we have about you.
  • Correction. Fix any inaccurate information.
  • Deletion. Ask us to delete your account and all associated data.
  • Export. Download your help center content.
  • Object. Object to how we use your data.

To exercise any of these rights, email hello@selvo.co. We respond within 30 days.

If you're in the EU/UK, you also have the right to file a complaint with your local data protection authority.

Where your data lives

Our infrastructure is hosted in the United States (Vercel and Neon) and our file storage is in the US (Google Cloud Storage). If you're outside the US, your data crosses borders. Our processors maintain appropriate safeguards for international transfers. You can review their specific transfer mechanisms in their privacy policies linked above.

Data security

We use HTTPS everywhere. Your data is encrypted in transit and at rest. We use session-based authentication with secure cookies. Access to production systems is restricted. Stripe handles all payment card data in their PCI-compliant environment — card details never touch our servers.

No system is 100% secure. We can't guarantee absolute security, but we treat your data like we'd want ours treated.

Data retention and deletion

We keep your data for as long as your account is active. If you cancel your account, we delete your data within 60 days. Some data persists in encrypted backups for up to 90 days, after which backups are cycled out.

If you delete individual articles or files, they're removed from our active systems promptly. Backup retention applies the same way.

We keep anonymized, aggregated analytics data (page view counts) indefinitely because it contains no personal information.

Children

Selvo is not directed at children under 16. We don't knowingly collect data from children. If we learn we've collected data from a child, we'll delete it.

Changes to this policy

If we make significant changes to this policy, we'll notify you by email before the changes take effect. For minor clarifications or formatting changes, we'll update the "Last updated" date. We'll keep a changelog of significant updates on this page.

Questions

Have a question or concern? Email us at hello@selvo.co.

M&S CapitalSoft LLC 312 W 2nd St, Unit #A3467 Casper, WY 82601

Adapted from Basecamp's open-source policies, available under CC BY 4.0.