RETRIEVY

Privacy Policy

Effective Date: January 8, 2026

1. Introduction

Welcome to Retrievy ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your data. This Privacy Policy explains how we collect, use, disclosure, and safeguard your information when you access or use our Software-as-a-Service (SaaS) platform (the "Service"), which allows users to upload files and interact with them using Retrieval-Augmented Generation (RAG) AI technology.

By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

We collect information that you provide directly to us, as well as information automatically collected from your use of the Service.

A. Personal Information

When you register for an account, subscribe, or interact with our Service, we may collect:

  • Identity Data: Name, email address, and profile picture (often provided via Third-Party Social Logins like Google or GitHub).
  • Billing Information: We use Stripe to process payments. We do not store your credit card information on our servers. Stripe processes your payment details and provides us with a unique customer ID and subscription status.

B. User Content

  • Uploaded Files: Documents and files (e.g., PDF, DOCX, CSV, Excel) that you upload to the Service ("User Files").
  • Extracted Data: Content extracted from your uploaded files for the purpose of indexing and retrieval.
  • Chat Logs: The questions you ask the AI and the answers provided.

C. Usage Data

  • Analytics: We use Plausible Analytics to understand website traffic. Plausible is a privacy-focused analytics tool that minimizes data collection and does not use cookies to track you across the web.
  • Log Data: IP address, browser type, operating system, and timestamp of your visits (standard server logs).

D. Sensitive Information Warning

While we do not actively collect highly sensitive personal data (e.g., social security numbers, medical records, passwords), any such information contained within User Files that you upload will be processed as part of the Service. We strongly discourage uploading documents containing highly sensitive data unless it is absolutely necessary for your use case and you have the legal right to do so. This data will be sent to third-party AI providers for processing (see Section 4). Retrievy does not automatically redact or mask sensitive information within your files.

3. How We Use Your Information

We use the collected information for the following purposes:

  • To Provide the Service: To manage your account, process payments (via credits or subscription), and enable the core RAG functionality (indexing files and answering questions).
  • To Communicate: To send you transactional emails (e.g., password resets, welcome emails, billing receipts) using providers like Postmark or Resend.
  • To Improve the Service: To detect and prevent bugs, and optimize performance.

4. AI Processing & Data Privacy (Crucial)

We utilize advanced Artificial Intelligence (AI) technologies to provide our services. We value your trust and are transparent about how your data is handled in this context.

  • Third-Party AI Providers: We use third-party AI providers, such as OpenAI (and potentially others like Anthropic), to generate answers and "embeddings" (mathematical representations of text) from your User Content.
  • Data Usage: When you ask a question regarding your documents, relevant chunks of text from your uploaded files are sent to the AI provider to generate a response.
  • NO TRAINING ON USER DATA: We do not use your User Content to train our own Large Language Models (LLMs), nor do we permit our third-party AI providers to use your content for training their general models. Your data remains yours and is processed solely to fulfill your specific requests.

5. Data Retention

  • User Files: Stored securely in cloud storage (e.g., AWS S3) while your account is active or until you delete them.
  • Deletion: You may delete your files or your entire account at any time. When you verify deletion, the associated files and their extracted indices are removed from our systems.

6. Data Security

We implement appropriate technical and organizational security measures to protect your data, including:

  • Encryption: Data is encrypted in transit (SSL/TLS) and at rest (storage).
  • Access Control: Access to your data is restricted to authorized entities (e.g., the specific AI Worker process handling your request).
  • Webhook Security: Communication between our main application and our worker services is secured via signed webhooks.

7. Service Providers

We may share your information with the following third-party service providers solely to provide the Service:

  • Stripe: Payment processing.
  • OpenAI / Anthropic: AI processing and text generation.
  • OCI (Oracle Cloud Infrastructure): Cloud hosting and file storage.
  • Self-hosted Plausible Analytics: Website usage analytics.
  • Oracle Email: Email delivery services.

8. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us.

9. Your Rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you.
  • Request correction or deletion of your personal data.
  • Export your data.

10. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Effective Date."

11. Contact Us

If you have any questions about this Privacy Policy, please contact us at: