Privacy Policy

Last Updated: December 12, 2025

AiRA is a product/brand name operated by VRVV Ventures Private Limited ("Company", "we", "our", or "us"). We are committed to protecting your privacy and ensuring you have control over your data. This Privacy Policy explains how we collect, use, and safeguard your information when you use our AI Personal Assistant services (the "Service"), accessible via airaai.in and associated API endpoints.

Channels & Beta Notice

AiRA is currently accessed primarily via Telegram and WhatsApp, and may also be available via web/API endpoints. Features, availability, and processing methods may evolve as the Service remains in beta.

By using our Service, you agree to the collection and use of information in accordance with this policy.

1 Information We Collect

A. Personal Account Information

When you register or interact with our Service, we collect the following information to create and manage your account securely:

  • Identity Data: We collect your full name, email address, and verified phone number to establish a unique and secure identity on our platform. This information is critical for personalization and serves as a primary channel for service communications and security alerts.
  • Authentication Data: To maintain high security, we store password hashes (not passwords) using industry-standard hashing algorithms (e.g., bcrypt/argon2) with salts. We also manage OAuth tokens from providers like Google to facilitate secure sign-ins without storing external passwords.
  • Payment Data: If you subscribe, we process billing cycles and transaction history. All financial processing is handled securely through Razorpay. We strictly adhere to PCI-DSS standards and do not store your full credit card details, CVV codes, or banking passwords on our servers.

B. User Content & Memory

To provide a truly personalized, context-aware AI assistant, we process content you entrust to us:

  • Communications: We process the textual and metadata content of chats, emails, and messages you explicitly route through AiRA. By analyzing these, our AI can understand context, identify action items, and draft responses (e.g., "catch me up on my emails").
  • Files & Media: We handle files (PDFs, DOCX, images, audio) you upload for specific purposes such as OCR, semantic analysis, or transcription. This transforms static files into interactive knowledge.
  • Memory Scratchpad: We utilize a "Medium-Term" and "Long-Term" memory system to store user preferences, goals, and key details (like preferred meeting times). This acts as a dynamic scratchpad so you don't have to repeat yourself, creating a seamless experience.
  • Encryption at Rest: All sensitive data stored within our databases (messages, files, memory context) is protected using robust encryption protocols while at rest. Specifically, we utilize AES-256-GCM (Advanced Encryption Standard), ensuring data remains indecipherable without the corresponding decryption keys managed in a secure vault.

C. Integrated Services Data

If you choose to connect third-party accounts, we access data based strictly on permissions you grant:

  • Google Services: With explicit permission, we access Gmail and Calendar to read/draft emails and manage events. We strictly adhere to Google's Limited Use Policy.
  • WhatsApp/Telegram: We process message history, contact info, and media from connected messaging platforms to provide real-time assistance directly within the apps you use most.

2 How We Use Your Information

We use your data solely to provide and improve the Service:

  1. AI Orchestration: To understand your intent, answer queries, and execute tasks (e.g., "Schedule a meeting").
  2. Communication Management: To draft/send emails and messages only upon your explicit request.
  3. Personalization: To remember your preferences via our Vector Database (Qdrant) and Document Store (MongoDB).
  4. Service Notifications: To send OTPs, alerts, and subscription updates.

Internal Human Access Policy: No human sees your raw user content (chats, files, memory) unless:

  • You explicitly permit it for specific support issues.
  • It is required by applicable law.
  • It is necessary for security purposes (e.g., investigating abuse).

3 Google User Data & Limited Use Policy

AiRA's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

  • AccessOnly when explicitly connected.
  • UsageExclusively for user-facing features.
  • No Data SaleWe do not sell your Google data.
  • AI ProcessingEphemeral; not used to train third-party models.

4 Data Sharing & Vendors

We share data only with trusted infrastructure providers necessary to run the Service. Your data may be processed or stored in other countries depending on our infrastructure providers.

  • LLM Providers: (e.g., OpenRouter, Perplexity) - We send only the minimum text needed for processing. These providers are explicitly instructed not to use your data for model training.
  • Cloud Storage & Keys: Azure Blob Storage and Azure Key Vault.
  • Databases: MongoDB (user records), Qdrant (vector memory), Redis (caching).
  • Communications: Twilio/Meta (WhatsApp), Telegram, and SMTP services.

5 Security Measures

We implement industry-standard security measures:

  • Encryption: Data is encrypted in transit (TLS) and at rest. Sensitive fields use AES-256-GCM.
  • Pseudonymization: Personal identifiers (email, phone) are pseudonymized / securely transformed using keyed hashing (HMAC-SHA256) for secure lookups.
  • Access Control: Strict internal access controls and audit logs.

6 Data Retention

Chats & Files

Retained until you delete them. Temporary processing files are deleted automatically after inactivity.

Memory

Stored while your account is active. Deleted immediately upon account deletion or explicit reset request.

Backups

Encrypted backups may persist for up to 30 days for disaster recovery before being overwritten.

7 Your Rights

  • Access: Request a copy of the personal data we hold about you by contacting support.
  • Delete & Forget: You can request full account deletion and memory wiping. Send an email to our privacy contact (below) with the subject "Delete My Account".
  • Revoke Integrations: You may disconnect Gmail/Calendar at any time via your account settings or by revoking access in your Google Account permissions.

Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or have any grievances regarding our data processing, please contact us.

contact-us@airaai.in

(Please include "Privacy Query" in the subject line)

Ananda Krishnan P STechnical Lead - Backend
AiRA Ai (HQ)
4th Floor, 2616, 27th Main
1st Sector, HSR Layout
Bangalore, Karnataka 560102
India
Visit Website