Privacy Policy

Last updated February 2026

AiRA is a product operated by VRVV Ventures Private Limited. We built AiRA to be something you can trust, and that trust begins with how we handle your data. This policy explains what we collect, why we collect it, and how you stay in control.

What we collect

When you use AiRA, we collect the messages you send and receive, including text, voice transcriptions, and shared files. We collect Identity Data such as your full name, email address, and verified phone number. For authentication, we store OAuth tokens and related authentication metadata required to keep your account secure. Technical data like device type and operating system is collected for service stability. Financial transactions are processed securely via Razorpay in adherence with PCI-DSS standards; we do not store full credit card details on our servers.

How we use your data

Your data is used solely for AI Orchestration and Personalization. We utilize a “Memory Scratchpad” system to store user preferences and goals so you don’t have to repeat yourself. We do not sell your data. We do not use your conversations to train models that are shared with or sold to third parties. Internal human access to raw user content is strictly prohibited unless explicitly permitted by you for support or required by law.

Memory and context

AiRA is designed to remember things across conversations. This is a core feature, not an accident. You can view, edit, or delete any memory at any time. If you ask AiRA to forget something, it will. If you want to start fresh, you can clear your entire history.

Google User Data & Limited Use

AiRA’s use and transfer to any other app of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Usage is restricted exclusively to user-facing features and is never used for training third-party models.

Data storage and security

Your sensitive data is protected using AES-256-GCM (Advanced Encryption Standard) while at rest, with decryption keys managed in a secure vault. We utilize trusted infrastructure providers like Azure, MongoDB, and Qdrant. Personal identifiers (email, phone) are pseudonymized using keyed hashing (HMAC-SHA256).

Data retention

We retain your data for as long as you use the service. If you delete your account, we will delete your data and memory within 30 days, except where required by law. Encrypted backups may persist for up to 30 days for disaster recovery before being overwritten.

Your rights

You have the right to access the data we hold about you, correct inaccuracies, request deletion, and obtain a copy of your data in a portable format. To exercise these rights, contact us at the details provided below.