Privacy Policy

RevRag AI Technologies Private Limited ("RevRag AI", "we", "us", or "our") is committed to protecting the privacy of our customers and the end users of the applications our customers power with our technology. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our website (revrag.ai), use our platform, or interact with our AI agents. Please read this policy carefully. This policy is compliant with: • India's Digital Personal Data Protection Act (DPDPA), 2023 • General Data Protection Regulation (GDPR) for EU residents • California Consumer Privacy Act (CCPA) for California residents • RBI data localization guidelines for financial data

We collect several categories of information: 2.1 Information You Provide Directly • Account registration information (name, email, company, phone) • Payment information (processed securely via PCI-DSS compliant third parties) • Communications you send to us (support requests, demo bookings) • Product configuration data (agent settings, knowledge base content) 2.2 Information Collected Automatically • Usage data (pages visited, features used, session duration) • Device information (browser type, OS, screen resolution, IP address) • Cookies and similar tracking technologies 2.3 End User Data (Data Processed on Behalf of Customers) When our customers deploy RevRag agents in their products, we may process: • User behavior signals (clicks, navigation, hesitation patterns) • Conversation data (messages between agents and end users) • User profile data shared by customers via CRM/CDP integrations We act as a Data Processor for this category of data. Our customers are the Data Controllers and are responsible for obtaining necessary consents from their end users.

We use collected information for the following purposes: • Providing and improving our Services • Processing transactions and managing subscriptions • Sending service-related communications (account notifications, product updates) • Responding to support requests and inquiries • Analyzing usage patterns to improve platform performance and features • Detecting and preventing fraud, abuse, and security incidents • Complying with legal obligations • With your consent, sending marketing communications about new features and offers We do not sell your personal information to third parties. We do not use end user conversation data for training our AI models without explicit customer consent.

We may share your information in the following circumstances: 4.1 Service Providers We work with trusted third-party vendors who process data on our behalf. These include cloud infrastructure providers (AWS, with Indian data centers), analytics tools, and payment processors. All vendors are contractually bound to data protection standards equivalent to ours. 4.2 Business Transfers In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your data becomes subject to a different privacy policy. 4.3 Legal Requirements We may disclose your information to comply with applicable laws, regulations, legal processes, or governmental requests from competent authorities. 4.4 Aggregated Data We may share aggregated, anonymized insights about platform usage that do not identify any individual customer or end user.

We implement industry-standard security measures to protect your data: • Encryption in transit: All data transmitted between our systems and yours is encrypted using TLS 1.3 • Encryption at rest: All stored data is encrypted using AES-256 • Access controls: Role-based access control with principle of least privilege • SOC2 Type II certification: Independently audited security controls • ISO 27001 certification: Information security management system • Regular penetration testing: Conducted by independent third-party security firms • Incident response: 24/7 security monitoring with defined incident response procedures In the event of a data breach affecting your personal information, we will notify you within 72 hours of becoming aware of the breach, in accordance with applicable regulations.

We retain different categories of data for different periods: • Account data: Retained for the duration of your subscription plus 90 days post-termination • Conversation data: Retained for 12 months by default; configurable by enterprise customers • Analytics data: Retained for 24 months in identifiable form; may be retained longer in anonymized aggregate form • Billing records: Retained for 7 years as required by Indian accounting regulations • Support communications: Retained for 3 years You may request deletion of your data at any time, subject to our legal obligations to retain certain records.

Depending on your location, you may have the following rights: 7.1 For Indian Users (DPDPA Rights) • Right to access your personal data • Right to correct inaccurate data • Right to erasure of data no longer needed • Right to withdraw consent • Right to nominate a person to exercise rights on your behalf 7.2 For EU/UK Users (GDPR Rights) • Right of access • Right to rectification • Right to erasure • Right to restrict processing • Right to data portability • Right to object to processing • Rights related to automated decision-making 7.3 For California Users (CCPA Rights) • Right to know about data collected • Right to delete personal information • Right to opt-out of sale (we do not sell data) • Right to non-discrimination To exercise any of these rights, contact us at: privacy@revrag.ai

Our website uses the following types of cookies: • Essential cookies: Required for the website to function (cannot be disabled) • Analytics cookies: Help us understand how visitors use our site (can be disabled) • Preference cookies: Remember your settings and preferences (can be disabled) • Marketing cookies: Used to deliver relevant advertisements (can be disabled) You can manage cookie preferences through our Cookie Consent Manager or your browser settings. Note that disabling certain cookies may affect website functionality. We do not use tracking pixels or third-party advertising cookies within the RevRag AI platform itself (as opposed to our marketing website).

Our Services involve AI-powered analysis of user behavior and conversation data. This automated processing is used to: • Trigger agent interventions at relevant moments • Personalize agent responses based on user context • Generate analytics insights for our customers We do not use AI-generated outputs to make legally significant decisions about individuals without human review. Our agents are designed to assist and guide users, not to make binding decisions on their behalf. Customers using RevRag for activities subject to regulatory scrutiny (such as credit decisions) are responsible for ensuring appropriate human oversight of AI-generated outputs.

Our Services are not directed to children under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately at privacy@revrag.ai and we will take steps to delete the information.

RevRag AI is headquartered in India. For Indian customers, all customer and end user data is stored within India (AWS Mumbai and Hyderabad regions) in compliance with RBI data localization guidelines. For customers outside India, data may be stored in the region closest to your users. We implement appropriate safeguards for international transfers, including Standard Contractual Clauses for EU data and equivalent mechanisms for other jurisdictions.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will: • Update the "Last Updated" date at the top of this policy • Send an email notification to account holders • Display a notice on our platform for 30 days Your continued use of our Services after any changes constitutes acceptance of the updated policy.

For privacy-related questions, concerns, or to exercise your rights, contact us: Data Protection Officer RevRag AI Technologies Private Limited 12th Floor, Prestige Meridian, MG Road Bengaluru, Karnataka 560001, India Email: privacy@revrag.ai Phone: +91 80 4567 8900 We aim to respond to all privacy requests within 30 days.