top of page

Privacy Policy – Gravi AI

Last updated: September 22, 2025

1. Overview
This Privacy Policy explains how Gravi AI ("Company," "we," "us," or "our") collects, uses, discloses, and protects information when you visit our website, engage our services, or interact with our digital platforms. This policy applies to all personal information processed by Gravi AI in connection with our AI training, consulting, and development services.
We are committed to protecting your privacy and maintaining the confidentiality of your information in accordance with applicable privacy laws, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other relevant data protection regulations.
 
2. Information We Collect
2.1 Information You Provide Directly

  • Contact Information: Names, email addresses, phone numbers, job titles, company information

  • Account Information: Login credentials, user preferences, profile information

  • Business Information: Company details, project requirements, performance metrics, training objectives

  • Communication Data: Content of emails, messages, support requests, and feedback

  • Payment Information: Billing addresses, payment methods (processed by third-party payment processors)

2.2 Information Collected Automatically

  • Website Usage Data: IP addresses, browser type, device information, pages visited, time stamps

  • Cookies and Tracking Technologies: Session cookies, persistent cookies, web beacons, and similar technologies

  • Analytics Data: Website performance metrics, user engagement patterns, conversion data

2.3 Online Data Collection and Third-Party Partners
When you visit or log in to our website, cookies and similar technologies may be used by our online data partners or vendors to associate these activities with other personal information they or others have about you, including by association with your email address. We (or service providers on our behalf) may then send communications and marketing to these email addresses. You may opt out of receiving this advertising by visiting https://app.retention.com/optout.
For users subject to GDPR, you also have the option to opt out of the collection of your personal data in compliance with GDPR. To exercise this option, please visit https://www.rb2b.com/rb2b-gdpr-opt-out.
2.4 Information from Third Parties

  • Client-Provided Data: Information shared by enterprise clients about their employees for training purposes

  • Integration Data: Information obtained through authorized integrations with client systems

  • Publicly Available Information: Professional information from public business directories or social media
     

3. How We Use Your Information
3.1 Service Delivery and Performance

  • Deliver contracted AI training, consulting, and development services

  • Provide customer support and technical assistance

  • Manage user accounts and access to our platforms

  • Process payments and maintain billing records

  • Communicate about services, updates, and project status

3.2 Business Operations and Improvement

  • Analyze usage patterns to improve our services and website functionality

  • Develop new features, products, and service offerings

  • Conduct research and analytics using properly anonymized, aggregated data

  • Maintain security and prevent fraud or unauthorized access

  • Comply with legal obligations and regulatory requirements

3.3 Marketing and Communications

  • Send relevant marketing communications and service updates

  • Personalize content and recommendations

  • Conduct market research and gather feedback

  • Create and share case studies and testimonials (with explicit consent)

3.4 Legal Basis for Processing (GDPR)
When processing personal data of individuals in the European Union or United Kingdom, we rely on the following legal bases:

  • Contract Performance: Processing necessary to deliver services outlined in our agreements

  • Legitimate Interests: Improving services, security measures, and business operations

  • Legal Compliance: Meeting regulatory requirements and legal obligations

  • Consent: Where specifically obtained for marketing communications or data collection
     

4. Information Sharing and Disclosure
4.1 No Sale of Personal Data
We do not sell, rent, or trade your personal information to third parties for their commercial purposes.
4.2 Authorized Sharing
We may share your information with:

  • Service Providers: Trusted third-party vendors who assist with business operations (hosting, analytics, payment processing, marketing platforms)

  • Client Organizations: When providing services to enterprise clients, we may share relevant participant data with designated client contacts

  • Legal Requirements: Government authorities when required by law, court order, or to protect our rights and safety

4.3 Business Transfers
In connection with any merger, acquisition, or sale of assets, personal information may be transferred to the acquiring entity, subject to equivalent privacy protections.
4.4 Aggregated and Anonymous Data
We may share properly anonymized, aggregated data for industry research, benchmarking, and service improvement purposes, with no possibility of individual identification.
 
5. Data Processing Services
5.1 Client Data Processing
For services like Data Cleanup Pro and custom AI implementations, clients may share datasets for standardization, deduplication, or enrichment. In these engagements:

  • All data remains confidential and client-owned

  • We act as a data processor under applicable privacy laws

  • Processing is conducted solely according to client instructions

  • Data is returned or securely deleted upon project completion

5.2 Training and Workshop Data
During training sessions and workshops:

  • Participant information is processed to deliver educational services

  • Session recordings may be created for internal review (with appropriate disclosure)

  • Individual performance data may be shared with client organizations as agreed

  • Tools and solutions created by participants belong to them for internal use
     

6. Cookies and Online Tracking
6.1 Types of Cookies
We use the following types of cookies and similar technologies:

  • Essential Cookies: Required for website functionality and security

  • Analytics Cookies: Help us understand website usage and performance

  • Marketing Cookies: Enable personalized advertising and retargeting

  • Preference Cookies: Remember your settings and preferences

6.2 Cookie Management
You can control cookie settings through your browser preferences. However, disabling certain cookies may limit website functionality. Most browsers allow you to:

  • View and delete cookies

  • Block third-party cookies

  • Receive notifications when cookies are set

  • Disable cookies entirely

6.3 Third-Party Analytics and Marketing Tools
We use third-party services including Google Analytics, marketing automation platforms, and customer relationship management systems. These services may collect information about your online activities across different websites.
 
7. Data Security and Protection
7.1 Security Measures
We implement comprehensive administrative, technical, and organizational safeguards to protect your information:

  • Encryption: Data encryption in transit and at rest

  • Access Controls: Role-based access with multi-factor authentication

  • Monitoring: Continuous security monitoring and incident response procedures

  • Training: Regular security awareness training for all personnel

  • Vendor Management: Due diligence and security requirements for all service providers

7.2 Compliance Standards
Our security practices are informed by industry standards including SOC 2, HIPAA, and ISO 27001, though we maintain independent security measures appropriate to our business model. We regularly review and update security practices based on evolving threats and industry best practices.
7.3 Incident Response
In the event of a security incident affecting personal data, we will:

  • Promptly investigate and contain the incident

  • Notify affected individuals and regulatory authorities as required by law

  • Provide clear information about the incident and remedial actions

  • Implement additional safeguards to prevent similar incidents
     

8. International Data Transfers
8.1 Cross-Border Processing
We may process your information in countries other than your country of residence. When transferring personal data internationally, we ensure adequate protection through:

  • Adequacy Decisions: Transfers to countries recognized as providing adequate protection

  • Standard Contractual Clauses: EU-approved contract terms for data transfers

  • Binding Corporate Rules: Internal policies ensuring consistent data protection

  • Explicit Consent: Where legally required and operationally feasible

8.2 Data Localization
For clients with specific data residency requirements, we can accommodate data processing within specified geographic regions, subject to separate agreement terms.
 
9. Data Retention and Deletion
9.1 Retention Periods
We retain personal information only as long as necessary for the purposes outlined in this policy:

  • Client Data: Up to 18 months post-engagement unless otherwise agreed in contract

  • Marketing Data: Until you opt out or withdraw consent

  • Account Information: Duration of our business relationship plus applicable legal retention periods

  • Legal Compliance: As required by applicable laws and regulations

9.2 Deletion Procedures
Upon expiration of retention periods or upon request (where legally permissible), we securely delete or anonymize personal information using industry-standard methods. Some information may be retained in backup systems for limited periods for disaster recovery purposes.
9.3 Exceptions
Certain information may be retained longer when required for:

  • Legal obligations or pending legal proceedings

  • Legitimate business purposes (fraud prevention, security)

  • Published case studies and testimonials (until revocation requested)
     

10. Your Privacy Rights
10.1 General Rights
Depending on your location and applicable laws, you may have the following rights:

  • Access: Request information about how we process your personal data

  • Correction: Request correction of inaccurate or incomplete personal data

  • Deletion: Request deletion of your personal data (subject to legal limitations)

  • Portability: Request transfer of your data to another service provider

  • Objection: Object to processing based on legitimate interests

  • Restriction: Request limitation of processing under certain circumstances

10.2 GDPR Rights (EU/UK Residents)
If you are located in the European Union or United Kingdom, you have additional rights under GDPR:

  • Right to withdraw consent for consent-based processing

  • Right to lodge a complaint with supervisory authorities

  • Right to object to direct marketing (including profiling)

  • Enhanced rights regarding automated decision-making

10.3 CCPA Rights (California Residents)
If you are a California resident, you have rights under the California Consumer Privacy Act:

  • Right to know what personal information is collected and how it's used

  • Right to delete personal information (subject to exceptions)

  • Right to opt out of the sale of personal information (we do not sell personal information)

  • Right to non-discrimination for exercising privacy rights

10.4 Exercising Your Rights
To exercise your privacy rights, contact us at:

  • Email: hello@gravi.ai

  • Subject Line: "Privacy Rights Request"

  • Include: Your name, email address, and specific request details

We will respond to verified requests within the timeframes required by applicable law (typically 30 days for GDPR, 45 days for CCPA).
 
11. Children's Privacy
Our services are designed for business and professional use and are not intended for individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected such information, we will promptly delete it.
 
12. Third-Party Links and Services
Our website may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to such external sites or services. We encourage you to review the privacy policies of any third-party services you use.
 
13. Privacy Policy Updates
13.1 Notification of Changes
We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or business operations. We will:

  • Post the updated policy on our website with a new "Last Updated" date

  • Notify you of material changes via email or prominent website notice

  • For significant changes affecting your rights, obtain consent where required by law

13.2 Continued Use
Your continued use of our services after policy updates indicates acceptance of the revised terms, unless additional consent is required by applicable law.
 
14. Contact Information
14.1 Privacy Inquiries
For questions about this Privacy Policy or our privacy practices, contact us at:
Gravi AI
Email: hello@gravi.ai
Subject: Privacy Policy Inquiry
14.2 Data Protection Officer
For GDPR-related inquiries or if you wish to exercise your rights under GDPR, you may contact our designated privacy contact at the email address above.
14.3 Supervisory Authority
If you are located in the EU/UK and have concerns about our data processing practices, you have the right to lodge a complaint with your local supervisory authority.
This Privacy Policy is effective as of the date listed above and governs your use of our services and website.

bottom of page