Back to Home

Legal

Privacy Policy

Effective: February 23, 2026  ·  Last updated: March 21, 2026

1. Overview

Rive AI Inc. (“Rive AI,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard information when you use our platform and services (“Services”).

2. Information We Collect

We collect only the minimum information necessary to operate the Services. This includes:

  • Account information. When you create an account, we collect your full name, work email address, and company name.
  • Demo request information. When you submit a demo request form, we collect your full name, work email address, company name, IP address, and browser user agent.
  • Google account data. When you connect your Google account, we access your Gmail messages, attachments, and associated metadata (such as sender, recipient, subject, and timestamps) through the Gmail API. We also access your Google account email address and profile name for authentication purposes.
  • Technical logs. Timestamps, error messages, and system events used solely for debugging and maintaining service reliability.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Gmail data (read access). We read your Gmail messages and attachments to automatically identify and extract business documents such as requests for quotation (RFQs), purchase orders, and supplier correspondence. Email content is processed by AI to extract structured data for use within the platform.
  • Gmail data (send access). We send emails on your behalf from within the platform so you can respond to suppliers, send quote responses, and manage procurement communications without leaving the Services.
  • Account and demo request information. Used to provide the Services, respond to inquiries, and schedule product demonstrations.
  • Technical logs. Used exclusively for diagnosing technical issues and ensuring service stability.

None of the above data is used for advertising, cross-site tracking, or sale to third parties.

4. Google API Services — Limited Use Disclosure

Rive AI’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only use Google user data to provide and improve the Services as described in this policy.
  • We do not transfer Google user data to third parties except as necessary to provide the Services, as required by law, or with your explicit consent.
  • We do not use Google user data for serving advertisements.
  • We do not allow humans to read Google user data unless we have your affirmative consent, it is necessary for security purposes, to comply with applicable law, or the data is aggregated and anonymized for internal operations.

5. Data Sharing

We do not sell your information. We share your information with third parties only in the following circumstances:

  • Service providers. We use service providers to help operate the Services, including Supabase (data storage), Resend (transactional email delivery), and Google Gemini (AI-powered document extraction and processing). Email content and attachments may be sent to Google Gemini for analysis. All providers are bound by confidentiality obligations.
  • Legal requirements. We may disclose information as required by law or valid legal process.
  • Business transfers. In connection with a merger, acquisition, or sale of assets, with prior notice to you.

6. Data Security

We implement industry-standard administrative, technical, and physical safeguards to protect your data, including data received from Google APIs. Our security controls are designed to align with SOC 2 requirements. Google account access tokens are encrypted at rest and transmitted only over HTTPS. In the event of a data breach affecting your information, we will notify you as required by applicable law.

7. Data Retention

We retain data only as long as necessary for the purposes described in this policy:

  • Gmail data. Extracted document data (structured fields such as line items, pricing, and supplier details) is retained for the duration of your account. Raw email content is not stored beyond the extraction process.
  • Account data. Retained for the duration of your account and deleted upon account termination, subject to legal retention requirements.
  • Demo request records. Retained for up to two (2) years from the date of submission.
  • Technical logs. Retained only as long as operationally necessary and deleted on a rolling basis.

8. Your Rights

Depending on your location, you may have the right to access, correct, delete, or export your personal data. You may also revoke Rive AI’s access to your Google account at any time through your Google Account permissions settings. Upon revocation or account deletion, we will delete all stored Google user data within thirty (30) days.

To exercise your rights, contact us at privacy@rive-ai.com.

9. Cookies

We use only essential cookies required for authentication and session management. We do not use tracking or analytics cookies.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the date above and, where appropriate, by email. Continued use of the Services after changes constitutes acceptance.

11. Contact

Questions about this Privacy Policy? Contact us at privacy@rive-ai.com.

© 2026 Rive AI Inc. All rights reserved.