Compliance
Data protection and responsible AI practices at RIRD.
EU
GDPR
We respect the rights of individuals under the General Data Protection Regulation:
- -- We process personal data only as needed to provide the service
- -- Users can request data export or deletion by contacting us
- -- We do not sell personal data to third parties
- -- Cookie consent is collected before non-essential tracking
CA
CCPA
For California residents under the California Consumer Privacy Act:
- -- Right to know what personal information we collect
- -- Right to request deletion of personal information
- -- We do not sell personal information
Responsible AI
- -- AI employees clearly identify themselves as AI when interacting with people
- -- Conversation data is isolated per account -- never shared across customers
- -- Your data is not used to train AI models
- -- Rate limits prevent abuse and control costs
Data Handling
- -- Data stored with encrypted connections (TLS in transit, AES at rest)
- -- Payments processed by Stripe (PCI DSS Level 1) -- we never touch card data
- -- Email authentication via Loops.so -- no passwords stored
- -- Account deletion available upon request
Transparency
We are a small team focused on building useful AI automation. We do not hold SOC 2, ISO 27001, or other formal certifications at this time. We follow industry best practices and are honest about our current stage. If you have specific compliance requirements, reach out and we will work with you.