Privacy Policy

Introduction

Welcome to RAAV. We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, store, and protect your information when you use our AI-powered code analysis platform.

By using RAAV, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Information You Provide

• Account Information: Email address, name, password (encrypted)
• Payment Information: Processed securely by Stripe (we don't store full card details)
• Profile Information: Optional profile details you choose to provide
• Communication: Messages you send us through support channels

1.2 Information We Automatically Collect

• Usage Data: Pages visited, features used, time spent on platform
• Device Information: Browser type, operating system, IP address
• Cookies: See our Cookie Policy for details
• Analytics: Aggregated usage statistics (privacy-friendly)

1.3 Code Analysis Data

• Repository Metadata: File structure, commit history (when you connect repositories)
• Code Samples: Code snippets analyzed by our AI (processed securely)
• Analysis Results: Insights, recommendations, and reports generated

Note: We never sell your code or analysis data to third parties. Your code remains yours.

2. How We Use Your Information

2.1 Service Delivery

• Provide and maintain RAAV services
• Process your code analysis requests
• Manage your account and subscriptions
• Process payments securely

2.2 Improvement & Development

• Improve our AI models and analysis accuracy
• Develop new features and services
• Monitor and analyze usage patterns
• Detect and prevent technical issues

2.3 Communication

• Send service announcements and updates
• Respond to support requests
• Send marketing communications (with your consent, opt-out anytime)

2.4 Legal & Security

• Comply with legal obligations
• Protect against fraud and abuse
• Enforce our Terms of Service

3. How We Share Your Information

We do not sell your personal information. We only share your data in these limited circumstances:

3.1 Service Providers

• Supabase: Database and authentication (GDPR compliant)
• Stripe: Payment processing (PCI DSS compliant)
• Vercel: Hosting infrastructure
• OpenAI/Anthropic: AI analysis processing
• Analytics Providers: Privacy-friendly analytics (anonymized data)

All service providers are contractually obligated to protect your data and use it only for providing services to us.

3.2 Legal Requirements

We may disclose your information if required by law, legal process, or government request.

3.3 Business Transfers

If RAAV is involved in a merger, acquisition, or sale of assets, your information may be transferred. We'll notify you before your data is transferred and becomes subject to a different privacy policy.

4. Data Security

We implement industry-standard security measures to protect your data:

• Encryption: All data transmitted via HTTPS (TLS 1.3)
• Password Security: Passwords hashed using bcrypt
• Access Controls: Strict access controls for our team
• Regular Audits: Security assessments and penetration testing
• Monitoring: 24/7 security monitoring and alerting

No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

5. Data Retention

• Account Data: Retained while your account is active
• Analysis Data: Retained for 90 days after generation (configurable)
• Billing Records: Retained for 7 years (legal requirement)
• Anonymized Analytics: Retained indefinitely

When you delete your account, we delete or anonymize your personal data within 30 days, except where we're required by law to retain certain information.

6. Your Rights & Choices

6.1 GDPR Rights (EU Users)

If you're in the EU, you have these rights:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Limit how we process your data
• Portability: Receive your data in a machine-readable format
• Object: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent for data processing

6.2 CCPA Rights (California Users)

California residents have these rights:

• Know: Request information about data collected about you
• Delete: Request deletion of your personal information
• Opt-Out: Opt-out of sale of personal information (we don't sell data)
• Non-Discrimination: Not be discriminated against for exercising your rights

6.3 How to Exercise Your Rights

Contact us at privacy@raav.ai to exercise any of these rights. We'll respond within 30 days.

7. Cookies & Tracking

We use cookies and similar technologies to improve your experience. See our Cookie Policy for detailed information.

You can control cookies through your browser settings. Note that disabling cookies may affect functionality.

8. Children's Privacy

RAAV is not intended for users under 13 years old. We do not knowingly collect personal information from children under 13. If you believe we've collected information from a child under 13, please contact us immediately.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the EU Commission
• Privacy Shield Framework (where applicable)
• Adequacy decisions by relevant authorities

10. Changes to This Policy

We may update this privacy policy from time to time. We'll notify you of significant changes by:

• Posting the new policy on this page
• Updating the "Last Updated" date
• Sending you an email notification (for material changes)

Continued use of RAAV after changes constitutes acceptance of the updated policy.