Our Commitment to Your Privacy
We are strongly committed to protecting your personal information and your right to privacy.

This Privacy Policy explains how Ryvn ("we," "our," or "us") collects, uses, and protects your information when you use our AI-enabled productivity assistant.

Our Core Privacy Principles
A. We only access your data when you explicitly request it
B. We never sell your data or use it for advertising
C. We don't train AI models on your personal information
D. Voice/audio inputs are processed and immediately deleted
E. You maintain complete control over your data


1. Collection of Your Information
We collect information from and about you to provide, improve, and protect our services.

Personal Data:
- Email address, name, and profile picture (from Google OAuth or similar sign-ins)
- OAuth tokens and refresh tokens
- Support contact information

Derivative Data:
- Usage analytics (features used, session duration, etc.)
- Technical data (device, IP, browser)
- Transcriptions of AI task requests (audio deleted immediately)
- Anonymized error logs


2. Google User Data Disclosures
Limited Use Disclosure:
Ryvn’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including Limited Use.

Google Data We Access:
- Gmail: Read messages, compose drafts, modify labels, access attachments
- Calendar: Read/create/modify events, access locations and participants
- Contacts (read-only): Access names/emails for autocomplete

Data Use Restrictions:
A. No AI/ML training
B. No advertising
C. No third-party sharing
D. No human review (unless required for support/security with consent)

Your Control:
A. Revoke access anytime via Google Permissions
B. Data accessed only during active sessions
C. No permanent storage
D. Voice/audio inputs immediately deleted


3. Use of Your Information
We use data to:
A. Deliver services: task automation, email/calendar handling
B. Manage accounts: authenticate, secure sessions
C. Improve product: fix bugs, refine features
D. Communicate: support updates, product notices

Legal Basis:
- Consent (e.g., OAuth)
- Contract performance
- Legitimate interest
- Legal obligations


4. Data Sharing and Disclosure
We do not sell or trade your data.

We may share with:
Service Providers:
- AI Processing (STT, NLU, TTS – real-time, no storage)
- Cloud Infrastructure (AWS, Google Cloud, auth/CDN services)

Legal Disclosures:
- Required by law
- To protect safety/property
- In legal investigations (with notice if allowed)

Business Transfers:
- In merger/acquisition, with notice and data control options

We Never:
A. Sell your data
B. Share with ad networks
C. Allow unauthorized access
D. Use data beyond delivering services


5. Data Protection and Security
Technical Security:
- TLS 1.3, AES-256 encryption
- End-to-end encryption for sensitive operations
- Role-based access, MFA, least privilege
- Regular audits and penetration tests

Organizational Security:
- Employee training and background checks
- 24/7 security monitoring
- Incident response plans
- 72-hour breach notification window

Security Commitments:
A. Voice/audio deleted after processing
B. No long-term storage of Gmail/Calendar data
C. Regular third-party audits
D. Secure deletion protocols


6. Data Retention
What We Retain:
- Account data (while account is active)
- Analytics (anonymized, 90 days)
- Support emails (2 years max)

What We Don’t Store:
- Voice/audio inputs
- Email content
- Calendar data

Data Deletion:
- Account deletion: all data removed in 30 days
- OAuth revocation: immediate disconnection
- Selective deletion: request via email

To request deletion, email: privacy@ryvn.ai
Legal exceptions may apply.


7. User Rights and Controls
Your Rights:
- Access, correct, delete, restrict processing
- Withdraw consent anytime
- Receive portable data copies
- Know who data is shared with

Managing Google Access:
- Revoke access at Google Account Permissions
- No impact to your Google account
- Reauthorize as needed

To exercise your rights, contact: privacy@ryvn.ai
We’ll respond within 30 days.


8. International Data Transfers
Ryvn operates from the United States.

Data may be transferred to the U.S.

Safeguards include:
- Encryption
- Access controls
- SCCs (Standard Contractual Clauses)
- GDPR/UK GDPR compliance for EU and UK users


9. Policy Changes
We may update this policy based on:
- Practice changes
- Feature updates
- Regulatory shifts
- User feedback

When We Update:
- Update the “Last Revised” date
- Notify users by email (if significant)
- Prompt for reauthorization if Google scopes are affected


10. Contact Information
General Inquiries:
Email: info@ryvn.me
Response Time: Within 2 business days

Legal Entity:
Company: ZanEvra Inc.
Product Name: Ryvn