Privacy Policy

Last Updated: June 3, 2025

The Bottom Line: We built Rivio AI to help procurement teams work smarter with AI. This policy explains what data we collect, how we use it, and your rights. We’re committed to protecting your privacy while delivering powerful AI procurement tools.

What Information We Collect

Information You Give Us Directly

  • Account Information: Your name, email address, company name, and login credentials
  • Profile Data: Job title, department, and other business information you choose to share
  • Communications: Messages you send us for support or feedback

Information From Your Business Systems

When you connect Rivio AI to your business tools, we collect:

  • Email Data: Procurement-related emails from your connected email accounts
  • Communication Data: Relevant messages from Slack, Microsoft Teams, or other platforms you integrate
  • Documents: Contracts, purchase orders, vendor information, and other procurement documents you upload or that we access through integrations
  • Calendar Information: Meeting details related to procurement activities (when you connect your calendar)

Information We Collect Automatically

  • Usage Data: How you interact with our platform, features you use, search queries, and AI agent conversations
  • Technical Information: IP addresses, browser type, device information, and operating system
  • Performance Data: System logs, error reports, and platform performance metrics

Information From Third Parties

  • Vendor Databases: Publicly available vendor information and market data to enhance our AI recommendations
  • Integration Data: Information from other business tools you connect to Rivio AI

How We Use Your Information

Core AI Procurement Services

  • Intelligent Assistance: Power our AI agents to help with contract renewals, vendor research, spend analysis, and procurement decisions
  • Personalized Recommendations: Customize AI suggestions based on your company’s procurement patterns and preferences
  • Document Analysis: Analyze contracts, purchase orders, and vendor documents to extract key information and insights
  • Knowledge Graph: Build a unified view of your procurement data to provide better AI assistance

Platform Improvement

  • Service Enhancement: Improve our AI models, add new features, and optimize platform performance
  • Quality Assurance: Monitor system performance and identify areas for improvement
  • Research & Development: Develop new procurement AI capabilities (using aggregated, non-identifiable data)

Business Operations

  • Account Management: Manage your subscription, provide customer support, and communicate service updates
  • Security: Protect against fraud, abuse, and security threats
  • Legal Compliance: Meet our legal obligations and enforce our terms of service

Communication

  • Service Updates: Notify you about new features, system maintenance, or important changes
  • Support: Respond to your questions and provide technical assistance
  • Marketing: Send you relevant information about our services (you can opt out anytime)

How We Share Your Information

We Don’t Sell Your Data

We never sell, rent, or trade your personal information to third parties for marketing purposes.

When We Do Share Information

Service Providers: We work with trusted companies that help us operate our platform:

  • Amazon Web Services (AWS): Cloud infrastructure and data storage
  • Google Workspace: Authentication and productivity services
  • GitHub: Secure code development and deployment
  • Neo4j: Database services for our knowledge graph
  • Other vendors: Support tools and services (see full list below)

Legal Requirements: We may share information when required by law, court order, or government request, or to protect our rights and safety.

Business Transfers: If Rivio AI is acquired or merged, your information may be transferred as part of that transaction.

With Your Consent: We may share information for other purposes with your explicit permission.

Our Third-Party Service Providers

We work with these trusted companies to provide our services:

Infrastructure & Security

  • Amazon Web Services (AWS) - Cloud hosting and storage
  • Neo4j - Database services
  • AWS CloudWatch/CloudTrail - System monitoring and logging
  • AWS Inspector - Security vulnerability scanning

Development & Operations

  • GitHub - Secure code repository and deployment
  • Linear - Internal project management
  • Google Workspace - Team authentication and productivity

All service providers are contractually required to protect your data and use it only for providing services to us.

Data Security & Storage

How We Protect Your Data

  • Encryption: All data is encrypted when stored and when transmitted between systems
  • Access Controls: Strict limits on who can access your data, with regular access reviews
  • Monitoring: 24/7 system monitoring and automated threat detection
  • Security Training: All employees receive regular security training and background checks
  • SOC 2 Compliance: We maintain SOC 2 Type I certification and undergo regular security audits

Where Your Data is Stored

  • Primary Storage: United States (AWS data centers)
  • Backups: Encrypted backups stored in secure AWS facilities
  • International Transfers: If you’re outside the US, your data may be processed in the US under appropriate safeguards

Your Privacy Rights

What You Can Do

Regardless of where you live, you have these rights:

Access: Request a copy of the personal information we have about you Correction: Ask us to fix any incorrect or incomplete information Deletion: Request that we delete your personal information (with some exceptions) Portability: Get your data in a machine-readable format to transfer elsewhere Restriction: Ask us to limit how we use your information Objection: Object to certain uses of your information

Additional Rights for EU Residents (GDPR)

  • Right to withdraw consent at any time
  • Right to file a complaint with your local data protection authority
  • Right to object to automated decision-making

Additional Rights for California Residents (CCPA)

  • Right to know what personal information we collect and how we use it
  • Right to delete personal information (with exceptions)
  • Right to opt-out of the “sale” of personal information (we don’t sell data)
  • Right to non-discrimination for exercising your privacy rights

How to Exercise Your Rights

Email: infosec@rivio.ai Contact Form: https://docs.google.com/forms/d/e/1FAIpQLSf-QhdQsaCaPt_cFXNTtPPppFV8_NZHSCb_3YZPJaSVdJkPyA/viewform Mail: Rivio AI Privacy Team, 350 California Street, San Francisco, CA 94104

Response Time: We’ll respond to your request within 30 days (or as required by applicable law). Verification: We may need to verify your identity before processing certain requests.

Data Retention

How Long We Keep Your Data

  • Account Information: Until you delete your account, then up to 90 days for security purposes
  • Business Communications: As long as needed for AI functionality, typically 3-7 years depending on your settings
  • Usage Data: Up to 2 years for platform improvement and analytics
  • Support Communications: Up to 3 years for quality assurance
  • Legal Requirements: Some data may be retained longer to comply with legal obligations

When We Delete Data

  • Account Deletion: Most data deleted within 90 days of account closure
  • Inactive Accounts: Accounts inactive for 2+ years may be automatically deleted
  • User Requests: Data deleted within 30 days of verified deletion request (except where legally required to retain)

Cookies & Tracking

What We Use

  • Essential Cookies: Required for basic platform functionality and security
  • Analytics Cookies: Help us understand how you use our platform to improve it
  • Preference Cookies: Remember your settings and preferences

Your Choices

You can control cookies through your browser settings. Note that blocking essential cookies may affect platform functionality.

We don’t use cookies for advertising or tracking across other websites.

International Data Transfers

If you’re outside the United States, your information may be transferred to and processed in the US. We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses for EU data transfers
  • Adequate security measures for all international transfers
  • Compliance with applicable data protection laws

Children’s Privacy

Rivio AI is designed for business use and not intended for children under 16. We don’t knowingly collect personal information from children. If we learn we’ve collected a child’s information, we’ll delete it promptly.

Changes to This Policy

We may update this privacy policy periodically. When we do:

  • We’ll post the updated policy on our website
  • We’ll notify you of material changes via email or platform notification
  • The “Last Updated” date will reflect when changes were made

Continued use of our services after changes means you accept the updated policy.

Contact Us

General Support: support@rivio.ai Privacy and Security Questions: infosec@rivio.ai

Mail: Rivio AI, Inc. 350 California Street San Francisco, CA 94104

Website: https://www.rivio.ai/privacy

Your AI procurement expert


Contact us at sheldon@rivio.ai

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
HomeCareerPrivacySecurity CommitmentTerms of Service