Last updated: May 1, 2025

Privacy Policy

This Privacy Policy explains how Raian collects, uses, discloses, and protects personal data when you interact with our websites, applications, and services. It also describes your rights under the General Data Protection Regulation (GDPR) and other applicable privacy laws.

1. Who We Are

Raian ("we", "us", "our") is the controller of your personal data unless otherwise stated in a separate agreement. You can contact our privacy team at privacy@askraian.com.

2. Personal Data We Collect

We collect and process the following categories of personal data:

  • Account Data: name, organisation, job title, email address, password, authentication tokens.
  • Usage Data: product activity logs, feature usage analytics, session metadata, device information, browser type, IP address.
  • Support & Communications: messages you send to us, community interactions, feedback, survey responses.
  • Billing Data: payment method details (processed by our payment providers), VAT or tax numbers, billing contacts.
  • Integration Data: content and configuration necessary to connect third-party services, including bot prompts, conversation data, and API keys you choose to store with us.

3. How We Use Personal Data

We use personal data to:

  • Provide, maintain, and improve our Services and the features you request.
  • Create and manage your account, authenticate identity, and provide customer support.
  • Process transactions, subscriptions, and send related billing notices.
  • Monitor usage trends, enhance security, and prevent fraud or abuse.
  • Send operational communications, such as service updates, security alerts, and onboarding guidance.
  • Deliver marketing communications where permitted, and measure the effectiveness of campaigns.
  • Comply with legal obligations, respond to lawful requests, and enforce our agreements.

4. Legal Bases for Processing

Under the GDPR, we rely on the following legal bases:

  • Contract: to perform our contractual obligations and deliver the Services you request.
  • Legitimate Interests: to secure and improve the Services, communicate with you about updates, and grow our business, provided these interests are not overridden by your rights.
  • Consent: for optional features such as marketing emails or certain analytics cookies. You may withdraw consent at any time.
  • Legal Obligation: to meet regulatory requirements, tax, and accounting obligations.

5. How We Share Personal Data

We share personal data with trusted service providers who act as processors and support the delivery of our Services (for example, hosting, analytics, customer support, billing, and security). We require all processors to sign data processing agreements that include GDPR-compliant safeguards. We may also disclose personal data to public authorities when legally required, or in connection with a merger, acquisition, or sale of assets, in which case we will notify you where legally permissible.

6. International Data Transfers

We operate globally and may transfer personal data outside of the country in which it was collected. When we transfer data from the European Economic Area, the United Kingdom, or Switzerland, we rely on adequacy decisions, Standard Contractual Clauses, or other lawful transfer mechanisms. Copies of relevant safeguards are available on request.

7. Data Retention

We retain personal data for as long as necessary to fulfil the purposes outlined in this Policy, comply with legal obligations, resolve disputes, and enforce our agreements. When personal data is no longer needed, we will delete or anonymise it, or securely isolate it from further processing until deletion is possible.

8. Security

We implement appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include encryption in transit, access controls, logging, regular security reviews, and employee training. No system is entirely secure, so please notify us immediately of any suspected security incident.

9. Your GDPR Rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you.
  • Request rectification of inaccurate or incomplete data.
  • Request erasure of personal data ("right to be forgotten").
  • Restrict or object to certain processing activities.
  • Request data portability for information you provided to us.
  • Withdraw consent where processing is based on consent.
  • Lodge a complaint with your local data protection authority.

To exercise your rights, contact us at privacy@askraian.com. We respond within one month, or sooner where required by law.

10. Cookies & Similar Technologies

We use cookies and similar technologies to remember settings, analyse usage, and personalise content. Where required by law, we obtain your consent before placing non-essential cookies. You can manage preferences via your browser settings or cookie banner. See our separate Cookie Notice for details.

11. Children

The Services are not directed to children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, please contact us so we can take appropriate action.

12. Automated Decision-Making

We do not conduct fully automated decision-making that produces legal effects concerning individuals or similarly significant effects, unless we obtain your consent or it is otherwise permitted by law.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes through the Services or by email, and indicate the date of the latest revision at the top of this page. Continued use of the Services after a change becomes effective signifies acceptance of the updated Policy.

14. Contact

You can reach our Data Protection Officer or privacy team at privacy@askraian.com. EU/EEA residents may also contact their local supervisory authority; a list is available at edpb.europa.eu.