Privacy Policy

Last updated: June 02, 2026

This Privacy Policy explains how Scenivo (“Scenivo”,
“we”, “us”, or “our”), operated by
Uniweb, collects, uses, and protects your information when you use our
website and platform.

Uniweb
121b Avenue Tolosane
31520 Ramonville St-Agne
Occitanie, France
Email: legal@scenivo.com

1. Information We Collect

  • Account information: name, email address, login
    credentials, profile details (organization name, role, biography,
    avatar).
  • Band and project data: stage plots, input lists,
    setlists, financial data, contacts, event information, opportunities,
    gear inventory.
  • Messages and communications: support requests,
    feedback, contact form submissions.
  • Technical information: IP address, browser type,
    device type, approximate location derived from IP.
  • Usage data: feature usage events, navigation
    patterns, errors encountered.
  • Integration data: when you connect a third-party
    service (e.g. Google Calendar, Spotify), we receive an OAuth token
    and a limited set of data from that service (see Section 4).

2. How We Use Information

  • Provide and operate the Scenivo platform.
  • Improve functionality and user experience.
  • Respond to inquiries and support requests.
  • Maintain security, prevent misuse, and enforce our Terms of Service.
  • Analyze aggregated, anonymized performance and usage trends.
  • Send transactional and product update emails.

We do not sell your personal data. We do not use your
personal data for advertising.

3. Legal Basis for Processing (GDPR)

We process personal information based on:

  • Performance of a contract — to provide the
    Scenivo service.
  • Legitimate interests — to improve, secure,
    and grow the platform.
  • Consent — when you explicitly connect a
    third-party integration or opt in to marketing emails.
  • Legal obligation — to comply with applicable
    laws.

4. Google API Services User Data

Scenivo’s use and transfer to any other app of information
received from Google APIs will adhere to the

Google API Services User Data Policy
, including the Limited Use requirements.

When you connect your Google account to Scenivo, we request the
https://www.googleapis.com/auth/calendar scope. We use
this scope solely to:

  • List the calendars you can access, so you can choose where to sync.
  • Create a dedicated Scenivo calendar (only if you ask us to).
  • Insert, update and delete calendar events that mirror the events
    you create in Scenivo.

We tag every event we create on Google Calendar with a private extended
property so we can identify and clean up our own events without
touching events you created elsewhere.

Limited Use disclosures for Google Workspace APIs

  • We do not use Google user data for advertising.
  • We do not sell Google user data to third parties.
  • We do not allow humans to read Google user data
    unless we have your explicit consent for a specific support request,
    it is necessary for security, or it is required by law.
  • We do not use Google user data to develop,
    improve, or train any generalized AI or machine learning models.

Sharing, Transfer and Disclosure of Google User Data

Scenivo does not share, transfer, sell, or disclose
Google user data to third parties, except in the following limited
circumstances:

  • Hosting provider (OVHcloud, France): stores our
    application database where encrypted Google OAuth refresh tokens
    are kept. OVHcloud does not have access to the unencrypted token
    material and does not read or process the content of Google
    Calendar events on our behalf.
  • Google APIs: by design, Google user data is
    transmitted only between your browser, our backend (hosted on
    OVHcloud, France), and Google’s own APIs — never to
    any other party.
  • Legal compliance: we may disclose Google user
    data if compelled by a legally binding request from a competent
    French or European authority, with the minimum scope necessary
    to comply.

We explicitly confirm that we do not share Google
user data with our email provider (Brevo), our payment provider
(Stripe), or any third-party AI provider (including Google Gemini).
Google user data is never used for advertising, never sold, and
never used to train AI or machine learning models.

You can revoke Scenivo’s access to your Google account at any
time from within Scenivo (Organization settings → Integrations
→ Disconnect) or from your
Google Account permissions.
Upon disconnection, the encrypted tokens we store are deleted.

5. Third-Party Sub-Processors

To deliver the service, we rely on the following sub-processors:

Provider Purpose Location
OVHcloud Application hosting (servers, database) France
Brevo (Sendinblue) Transactional and marketing emails France / EU
Google LLC OAuth, Calendar API, optional AI features (Gemini) EU / United States
Stripe Payment processing for paid plans EU / United States

Transfers to the United States are covered by the
EU-U.S. Data Privacy Framework and/or
Standard Contractual Clauses.

6. Data Storage and Security

  • Data is hosted on servers located in the European Union (France).
  • OAuth refresh tokens for third-party integrations are encrypted at
    rest using AES-256-GCM.
  • Passwords are hashed using bcrypt.
  • HTTPS is enforced on all connections.
  • Access to production systems is restricted and logged.

While we take security seriously, no system can guarantee absolute
protection.

7. Data Retention

  • Account and user content: retained for as long as
    your account is active. Upon deletion, removed within 30 days,
    except where retention is required by law (e.g. invoices: 10 years).
  • Server logs: retained for up to 90 days.
  • Marketing emails opt-out: kept indefinitely to
    honor your preference.
  • Disconnected integration tokens: deleted
    immediately upon disconnection.

You may request deletion of your account at any time by emailing
legal@scenivo.com.

8. Your Rights (GDPR)

You have the right to:

  • Access your personal data.
  • Correct inaccurate information.
  • Request deletion of your data.
  • Object to certain processing activities.
  • Request data portability (export of your content).
  • Withdraw consent at any time.
  • Lodge a complaint with your local data protection authority
    (in France: the
    CNIL).

To exercise these rights, contact us at
legal@scenivo.com. We will
respond within 30 days.

9. Cookies and Analytics

Scenivo uses cookies strictly necessary for authentication and session
management. We may also use Google Tag Manager and analytics cookies
to understand usage trends. You may adjust your browser settings to
control non-essential cookies; doing so will not impair the core
functionality of the service.

10. Children’s Privacy

Scenivo is not intended for use by individuals under 18. We do not
knowingly collect personal information from anyone under 18. If you
believe we have collected such information, please contact us and we
will delete it.

11. International Use

Scenivo is operated from France. By using the platform, you
acknowledge that your information may be processed in the European
Union, and that limited data may be transferred to our sub-processors
located outside the EU under appropriate legal safeguards.

12. Updates to This Policy

We may update this Privacy Policy from time to time. If changes are
significant, we will notify users through the platform or by email.
Continued use of Scenivo after changes are published constitutes
acceptance of the revised policy.

13. Contact

Uniweb
121b Avenue Tolosane
31520 Ramonville St-Agne
Occitanie, France
Email: legal@scenivo.com