Skip to content
Pricing
Log inGet Started Free

Privacy Policy

Last updated: March 26, 2026

Inventum Technologies Pty Ltd ("Rivion", "we", "our", "us") operates the Rivion platform at rivion.ai and crm.rivion.ai. We take your privacy seriously. This policy explains what data we collect, why we collect it, how we protect it, and what rights you have.

By using Rivion, you agree to the practices described here. If you don't agree, please don't use our services.

1. Information We Collect

Account Data: When you sign up, we collect your name, email address, phone number, company name, and billing details. This is necessary to create and manage your account.

Customer Communication Data: Rivion processes messages, conversations, and communications across WhatsApp, Instagram, Facebook Messenger, Telegram, SMS, and voice channels on behalf of your organization. You are the data controller for this content — we act as a data processor.

AI Agent Data: When our AI agents handle conversations for your business, we process message content, contact profiles, conversation history, and behavioral signals to generate contextual responses. This data is processed solely to deliver the AI service you've configured.

Usage Data: We collect information about how you interact with our platform — pages visited, features used, clicks, session duration, and performance metrics. We use this to improve the product.

Device & Technical Data: Browser type, IP address, device type, operating system, and referral source. Collected automatically for security, fraud prevention, and service optimization.

Payment Data: Payment card details are processed by our payment providers (Razorpay, Stripe). We do not store your full card number on our servers.

Call Recordings: If you use our telecalling features, calls may be recorded and transcribed. Recordings are stored securely and accessible only to authorized users within your organization.

2. How We Use Your Data

We use your information to:

  • Provide, operate, and maintain the Rivion platform
  • Process your AI agent conversations and deliver contextual responses
  • Handle payments and billing
  • Send transactional emails (account confirmations, password resets, billing receipts)
  • Send product updates and feature announcements (you can opt out anytime)
  • Provide customer support
  • Detect and prevent fraud, abuse, and security threats
  • Analyze usage patterns to improve our product
  • Comply with legal obligations

We do not sell your data to third parties. Ever.

3. AI Agent & Conversation Data Processing

This section is specific to the conversation data our AI agents process on your behalf.

You are the controller. You decide what conversations your AI agent handles, what data it accesses, and how it responds. We process this data strictly according to your configuration.

We don't train on your data. Your customer conversations are not used to train our AI models or improve our general AI capabilities. Your data stays yours.

Data retention: Conversation data is retained for as long as your account is active. When you delete a contact, conversation, or your account, the associated data is permanently removed within 30 days.

Third-party AI providers: Our AI features use third-party language model APIs (such as Anthropic Claude). Conversation data sent to these providers is processed under their data processing agreements and is not used for model training.

4. Legal Basis for Processing (GDPR)

If you're in the European Economic Area (EEA), UK, or any jurisdiction with similar data protection laws, we process your data under these legal bases:

  • Contract performance: To provide the services you've signed up for
  • Legitimate interest: To improve our platform, prevent fraud, and ensure security
  • Consent: For marketing emails and optional analytics (you can withdraw consent anytime)
  • Legal obligation: To comply with applicable laws and regulations

5. Data Sharing

We share your data only when necessary:

  • Service providers: Payment processors (Razorpay, Stripe), cloud infrastructure (AWS, Cloudflare), email delivery, and analytics tools — all bound by data processing agreements
  • Channel providers: Meta (WhatsApp, Instagram, Facebook), Telegram, and SMS gateways — necessary to deliver messages on these platforms
  • AI providers: Language model APIs for AI agent functionality — bound by data processing agreements with no model training
  • Legal requirements: When required by law, court order, or governmental authority
  • Business transfers: In the event of a merger, acquisition, or sale of assets — your data protections travel with the data

6. Data Security

We implement industry-standard security measures:

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Role-based access controls within the platform
  • Regular security audits and vulnerability assessments
  • Secure cloud infrastructure with redundancy and backups
  • Employee access limited to need-to-know basis
  • Incident response procedures for data breaches

No system is 100% secure. If we discover a breach that affects your data, we'll notify you and relevant authorities within 72 hours as required by law.

7. Data Retention

Active accounts: We retain your data for as long as your account is active and you're using the service.

Closed accounts: After account deletion, we remove your personal data within 30 days. Some data may be retained longer for legal compliance, dispute resolution, or fraud prevention (up to 7 years for financial records).

Backups: Data in automated backups is purged within 90 days of deletion from the live system.

8. Your Rights

Depending on your jurisdiction, you have the right to:

  • Access — Request a copy of the personal data we hold about you
  • Correction — Request correction of inaccurate or incomplete data
  • Deletion — Request deletion of your personal data ("right to be forgotten")
  • Portability — Receive your data in a structured, machine-readable format
  • Objection — Object to processing based on legitimate interest
  • Restriction — Request we limit how we process your data
  • Withdraw consent — Opt out of marketing or analytics at any time

To exercise any of these rights, email privacy@rivion.ai. We'll respond within 30 days.

9. Cookies

We use essential cookies for authentication and session management. We use analytics cookies (Google Analytics) to understand how visitors use our website — you can opt out through your browser settings or our cookie banner.

We don't use advertising cookies or sell cookie data to third parties.

10. International Data Transfers

Your data may be processed in countries outside your jurisdiction, including the United States (for cloud infrastructure) and India (for platform operations). We ensure appropriate safeguards are in place, including Standard Contractual Clauses where required by GDPR.

11. Children's Privacy

Rivion is a business platform. We don't knowingly collect data from anyone under 16. If you believe a child has provided us with personal data, contact us and we'll delete it promptly.

12. Changes to This Policy

We may update this policy from time to time. When we do, we'll update the "Last updated" date at the top and notify you via email if the changes are significant. Continued use of the platform after changes constitutes acceptance.

13. Contact

For privacy questions, data requests, or complaints:

Inventum Technologies Pty Ltd
Email: privacy@rivion.ai
Website: rivion.ai