RAAV Logo

Privacy Policy

Last Updated: June 5, 2026

Introduction

Welcome to RAAV. We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, store, and protect your information when you use RAAV — persistent product and project memory for AI coding agents.

RAAV is local-first by default. Product memory, tasks, and audit ledgers live in your repository unless you choose to use hosted features or import an audit export into the web console.

1. Information We Collect

1.1 Information You Provide

  • Account Information: Email address, name, password (encrypted)
  • Payment Information: Processed securely by Stripe (we don't store full card details)
  • Profile Information: Optional profile details you choose to provide
  • Communication: Messages you send us through support channels

1.2 Information We Automatically Collect

  • Usage Data: Pages visited, features used, time spent on platform
  • Device Information: Browser type, operating system, IP address
  • Cookies: See our Cookie Policy for details
  • Analytics: Aggregated usage statistics (privacy-friendly)

1.3 Product memory and audit data

  • Local ledger: Product brief, tasks, lanes, claims, decisions, and audit trail stored in your repo by default
  • Hosted console (optional): Synced memory and audit retention when you use Solo or Team plans
  • Manual imports: Audit exports you choose to paste or upload into /memory or /product (validated client-side)

Note: RAAV does not upload your full codebase by default. Your source code stays on your machine unless you explicitly connect other services.

2. How We Use Your Information

2.1 Service Delivery

  • Provide CLI, MCP, and hosted memory console services
  • Manage accounts, authentication, and subscriptions
  • Process payments securely
  • Support founder review workflows and optional hosted sync

2.2 Improvement & Development

  • Improve product reliability, onboarding, and documentation
  • Monitor aggregated usage patterns (privacy-friendly analytics where enabled)
  • Detect and prevent technical issues or abuse

2.3 Communication

  • Send service announcements and updates
  • Respond to support requests
  • Send marketing communications (with your consent, opt-out anytime)

2.4 Legal & Security

  • Comply with legal obligations
  • Protect against fraud and abuse
  • Enforce our Terms of Service

3. How We Share Your Information

We do not sell your personal information. We only share your data in these limited circumstances:

3.1 Service Providers

  • Supabase: Database and authentication (GDPR compliant)
  • Stripe: Payment processing (PCI DSS compliant)
  • Vercel: Hosting infrastructure
  • Analytics providers: Privacy-friendly analytics when you consent (anonymized where possible)

All service providers are contractually obligated to protect your data and use it only for providing services to us.

3.2 Legal Requirements

We may disclose your information if required by law, legal process, or government request.

3.3 Business Transfers

If RAAV is involved in a merger, acquisition, or sale of assets, your information may be transferred. We'll notify you before your data is transferred and becomes subject to a different privacy policy.

4. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption: All data transmitted via HTTPS (TLS 1.3)
  • Password Security: Passwords hashed using bcrypt
  • Access Controls: Strict access controls for our team
  • Regular Audits: Security assessments and penetration testing
  • Monitoring: 24/7 security monitoring and alerting

No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

5. Data Retention

  • Account Data: Retained while your account is active
  • Hosted audit data: Retention per plan (e.g. 90 days Solo, 1 year Team) when sync is enabled
  • Billing Records: Retained for 7 years (legal requirement)
  • Anonymized Analytics: Retained indefinitely

When you delete your account, we delete or anonymize your personal data within 30 days, except where we're required by law to retain certain information.

6. Your Rights & Choices

6.1 GDPR Rights (EU Users)

If you're in the EU, you have these rights:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a machine-readable format
  • Object: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent for data processing

6.2 CCPA Rights (California Users)

California residents have these rights:

  • Know: Request information about data collected about you
  • Delete: Request deletion of your personal information
  • Opt-Out: Opt-out of sale of personal information (we don't sell data)
  • Non-Discrimination: Not be discriminated against for exercising your rights

6.3 How to Exercise Your Rights

Contact us at privacy@raav.ai to exercise any of these rights. We'll respond within 30 days.

7. Cookies & Tracking

We use cookies and similar technologies to improve your experience. See our Cookie Policy for detailed information.

You can control cookies through your browser settings. Note that disabling cookies may affect functionality.

8. Children's Privacy

RAAV is not intended for users under 13 years old. We do not knowingly collect personal information from children under 13. If you believe we've collected information from a child under 13, please contact us immediately.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the EU Commission
  • Privacy Shield Framework (where applicable)
  • Adequacy decisions by relevant authorities

10. Changes to This Policy

We may update this privacy policy from time to time. We'll notify you of significant changes by:

  • Posting the new policy on this page
  • Updating the "Last Updated" date
  • Sending you an email notification (for material changes)

Continued use of RAAV after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this privacy policy or our data practices, please contact us:

Email: privacy@raav.ai

Data Protection Officer: dpo@raav.ai

Support: Contact Page

We aim to respond to all privacy inquiries within 30 days.