Privacy Policy

1. Introduction

Rhiz ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, process, and protect your information when you use our AI-powered relationship intelligence platform (the "Service"). This policy applies to all users of our platform and covers both personal and professional relationship data processing.

By using our Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our practices, please do not use our Service.

2. Information We Collect

2.1 Personal Information

We collect the following types of personal information:

• Account Information: Name, email address, phone number, profile photo, and professional title
• Authentication Data: Login credentials, OAuth tokens from third-party services
• Profile Information: Professional background, goals, interests, and networking preferences
• Contact Information: Email addresses, phone numbers, and social media profiles of your contacts

2.2 Voice and Audio Data

Important: Voice recordings are considered Personally Identifiable Information (PII) under GDPR and personal information under CCPA, as they can reveal gender, ethnic origin, health conditions, and other sensitive characteristics.

• Voice Recordings: Audio recordings of conversations, meetings, and voice notes
• Transcripts: AI-generated text transcriptions of audio content
• Voice Metadata: Duration, timestamp, participant information, and audio quality metrics
• Conversation Insights: AI-extracted relationship signals, sentiment analysis, and interaction patterns

2.3 Relationship and Network Data

• Contact Networks: Information about your professional and personal contacts
• Interaction History: Communication patterns, frequency, and relationship strength metrics
• Network Analysis: Connection paths, mutual contacts, and network topology
• Goal Tracking: Your professional objectives and networking targets

2.4 Technical and Usage Data

• Device Information: IP address, browser type, operating system, device identifiers
• Usage Analytics: Feature usage, session duration, click patterns, and performance metrics
• Integration Data: Information from connected CRM systems, calendar applications, and email clients
• Error Logs: Technical errors and debugging information (anonymized when possible)

3. How We Use Your Information

3.1 Core Service Features

• Relationship Intelligence: Analyze your network to identify connection opportunities and relationship patterns
• Voice Processing: Transcribe conversations, extract insights, and track relationship developments
• Network Visualization: Create interactive maps of your professional network with flow analysis
• Goal Matching: Connect your objectives with relevant contacts across your extended network
• Introduction Generation: Suggest and facilitate strategic introductions based on AI analysis

3.2 AI Model Training and Improvement

Legal Basis: We process your data for AI training based on legitimate interests, with appropriate safeguards and data minimization practices.

• Train and improve our AI models for relationship analysis and conversation processing
• Enhance natural language processing capabilities for better insight extraction
• Develop and refine network analysis algorithms
• Improve voice recognition and transcription accuracy (voice data is pseudonymized)

3.3 Automated Decision Making

Our platform uses automated decision-making technology (ADMT) for:

• Connection Recommendations: Suggesting relevant contacts based on your goals and network analysis
• Relationship Scoring: Calculating relationship strength and engagement levels
• Opportunity Identification: Flagging potential networking opportunities and follow-up actions
• Content Prioritization: Ranking conversations and contacts by relevance and importance

Your Rights: You can opt out of automated decision-making, request human review of automated decisions, and access explanations of how automated decisions affect you.

4. Legal Basis for Processing (GDPR)

For users in the European Union, we process your personal data based on the following legal grounds:

• Contract: Processing necessary for providing our services and fulfilling our contract with you
• Consent: For voice recordings, sensitive data processing, and marketing communications
• Legitimate Interests: For service improvement, fraud prevention, and AI model enhancement
• Legal Obligation: For compliance with applicable laws and regulations

5. Data Sharing and Disclosure

5.1 Third-Party Service Providers

We share your information with trusted third-party service providers who help us operate our platform:

• Cloud Infrastructure: Secure hosting and data storage providers
• AI Services: Machine learning and natural language processing providers
• Analytics Providers: Usage analytics and performance monitoring services
• Communication Services: Email, SMS, and notification delivery providers
• Authentication Providers: OAuth and identity verification services

5.2 Integration Partners

With your explicit consent, we may share data with:

• CRM systems (Salesforce, HubSpot, etc.)
• Calendar applications (Google Calendar, Outlook)
• Communication platforms (Slack, Microsoft Teams)
• Professional networks (LinkedIn)

5.3 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights, property, or safety.

6. Data Security and Protection

• Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Role-based access controls and multi-factor authentication
• Regular Audits: Security assessments and compliance audits
• Data Minimization: We collect and retain only necessary data
• Incident Response: Established procedures for handling security incidents
• Employee Training: Regular privacy and security training for all staff

7. Your Privacy Rights

7.1 GDPR Rights (EU Users)

• Right of Access: Request information about your personal data processing
• Right to Rectification: Correct inaccurate personal data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restrict Processing: Limit how we process your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time for consent-based processing

7.2 CCPA Rights (California Users)

• Right to Know: Information about personal information collection and use
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt out of the sale or sharing of personal information
• Right to Non-Discrimination: Not be discriminated against for exercising privacy rights
• Right to Correct: Request correction of inaccurate personal information
• Right to Limit: Limit the use and disclosure of sensitive personal information

7.3 Exercising Your Rights

To exercise any of these rights, contact us at privacy@rhiz.aior use the privacy controls in your account settings. We will respond to your request within 30 days (GDPR) or 45 days (CCPA).

8. Data Retention

• Account Data: Retained while your account is active and for 90 days after deletion
• Voice Recordings: Retained for 2 years or until you request deletion
• Conversation Transcripts: Retained for 3 years for service improvement
• Network Data: Retained while relevant contacts remain in your network
• Usage Analytics: Anonymized and retained for 5 years for service improvement
• Legal Requirements: Some data may be retained longer to comply with legal obligations

9. International Data Transfers

Your data may be processed in countries outside your jurisdiction. We ensure appropriate safeguards are in place:

• Adequacy Decisions: Transfers to countries with adequate protection levels
• Standard Contractual Clauses: EU-approved contracts for data protection
• Data Processing Agreements: Binding agreements with all processors
• Certification Programs: Compliance with recognized privacy frameworks

10. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If you become aware that a child has provided us with personal information, please contact us immediately.

11. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience:

• Essential Cookies: Required for basic platform functionality
• Performance Cookies: Analytics and performance monitoring
• Functional Cookies: Remember your preferences and settings
• Marketing Cookies: Personalized content and advertising (with consent)

You can manage cookie preferences in your browser settings or through our cookie consent banner.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable laws. We will notify you of material changes via email or through our platform. The updated policy will be effective immediately upon posting.

13. Contact Information