Ryv AI

Sign in
Sign up
Legal

Privacy Policy

Last Updated: September 1st, 2025

1) Introduction & Scope

Ryv.ai (“Ryv,” “Ryv AI,” “we,” “our,” or “us”) is an AI-powered marketing platform that helps businesses and individual users plan, create, and manage brand-aligned marketing content. This Privacy Policy explains how we collect, use, disclose, and protect information in connection with our Services—which means our website, web application, related APIs, features, content, and customer support.

By using the Services, you agree to the practices described here. This Policy applies to information collected directly by Ryv.ai. It does not apply to third-party websites or services that you access via integrations or links (those have their own policies). Certain enterprise customers may have separate written agreements with us that, where they conflict, govern their use of the Services.

“Personal Data” means information that identifies or reasonably relates to an identified or identifiable individual.

 “User Content” means content you upload, submit, or generate in the Services (e.g., files, chats, documents, transcripts).

 “Process/Processing” means any operation performed on Personal Data (e.g., collection, storage, use, sharing).

Corporate Structure. Ryv.ai is a product of myMarketing Incorporated, headquartered at 3-241 Russell Avenue, Ottawa, Ontario, Canada, K1N 7X6, with its U.S. subsidiary myMarketing USA Corp., located at 400 N Ashley Dr, Suite 1900, Tampa, FL 33602, United States.

2) Information We Collect

We collect personal data to operate, provide, and secure the Services. The categories below are described in plain language and include illustrative (not exhaustive) examples. If we materially expand categories or purposes, we will update this Policy and, where required by law, notify you or seek consent.

A. Information you provide to us

  • Identifiers & contact information – e.g., name, email address, account/user IDs.

  • Account & commercial information – e.g., plan tier, subscription status, transaction records processed by our payment processor (we do not store full card numbers).

  • Organizational/professional information – e.g., company/brand/workspace names you provide and your role or membership relationships.

  • User Content – content you upload, submit, or generate in the Services (e.g., files, text, images, chats, and documents) and related metadata (e.g., filename, size, timestamps, version history).

  • Communications – support requests, survey responses, feedback, and related contact details.

  • Internet or electronic activity – device/browser/OS information, IP address (for approximate location), pages/screens viewed, clicks, feature usage, timestamps, referrers, and session duration.

  • Approximate location data – derived from IP address.

  • Audio/visual information – voice inputs you choose to provide; we process these to text then discard raw audio. Final transcripts may be retained as part of your User Content.

  • Inferences – preferences or segments derived from the data above to personalize features and communications, consistent with your settings and applicable law.

B. Information collected automatically

  • Usage & Device Data: IP address (approximate location), device and browser type, operating system, unique identifiers, pages and screens viewed, features used, clicks, timestamps, referrers, and session duration.

  • Cookies & Similar Technologies: We use cookies/SDKs to keep you logged in, remember preferences, perform analytics and measurement, prevent fraud, and—if enabled—support marketing (e.g., showing or suppressing ads, building or excluding audiences, tailoring messages). You can control cookies via our banner/preferences and your browser/device settings (see “Your Rights & Choices”).

C. Information from third-party sources

  • Connected Services (if you choose to connect): limited profile information from identity providers or integrated tools per your permissions.

  • Public Web Content: As part of onboarding and providing the Services, we may collect and analyze publicly available online content (including websites you submit and other public sources) to extract relevant facts and examples that help us deliver and personalize the Services.

  • Referral/Ads: Campaign performance data from advertising/attribution partners, consistent with your settings on those platforms.

  • Fraud/Security Partners. Signals to protect accounts and the Services.

D. Sensitive Information

We do not intentionally collect sensitive personal information (e.g., health data, government IDs) through the Services. Please do not include such data in uploads or chats. If you believe sensitive data has been provided inadvertently, contact us so we can assist.

3) How We Use Personal Data

  • Provide the Services: Create and manage accounts/workspaces; enable features like Agent Mode, Chat, Market Pulse, Brand Brain; ingest and process User Content; deliver documents; provide support.

  • Operate & Improve: Maintain and enhance functionality, quality, accuracy, and reliability (e.g., tuning prompts, improving UI/UX, fixing bugs). We may analyze aggregated or de-identified usage to guide product decisions.

  • AI Processing: Generate summaries, insights, and embeddings; compile brand knowledge; extract tasks/events; and enable semantic search.

  • Personalization: Remember preferences; tailor suggestions (e.g., Smart Suggestions, content angles) and in-product guidance.

  • Communications: Send transactional messages (verifications, notices, security alerts) and—if you opt in or as allowed by law—marketing messages (newsletters, product updates). You can unsubscribe from marketing at any time.

  • Analytics & Performance: Measure usage patterns, feature adoption, and service health (e.g., DAU, tasks run, cost tracking) often in aggregated/de-identified form.

  • Advertising, Measurement & Personalization. Where permitted by law and your choices, we allow partners (e.g., analytics and advertising platforms) to set or read cookies/pixels/SDKs for measurement, audience creation/exclusion, personalization, and fraud prevention.

  • Security & Fraud Prevention: Detect, investigate, and prevent malicious or unauthorized activity; protect the integrity of the Services; enforce our Terms.

  • Legal Compliance: Comply with laws, regulations, and lawful requests.

  • With Consent: Any other purpose disclosed at the time of collection, with your consent.

4) Sharing & Disclosure

We do not sell Personal Data for money. We share information as described below:

  • Service Providers (Processors/Sub-processors): We use vendors to host, store, process, analyze, email, support, and secure the Services (e.g., hosting/edge, database/auth/storage, AI processing, email/SMS, analytics/measurement, support tooling). These providers are contractually bound to use data only to provide services to us and to protect it appropriately.

  • Payment Processing. We use a third-party payment processor to process payments. That provider receives billing details as needed to process transactions. We do not store full card numbers.

  • Advertising & Analytics Partners. Where enabled by you or permitted by law, we allow partners (e.g., analytics and ad platforms) to set or read cookies/pixels/SDKs for measurement, audience creation/exclusion, and personalization. Under some U.S. state laws, this activity may be considered “sharing” for cross-context behavioral advertising.

  • AI Providers. We may use third-party AI services (for example, OpenAI, Anthropic, Google, or similar) to process User Content for features like summarization, classification, embeddings, or content generation. Where possible, we configure such services not to use your data to train their foundation models and to retain it only as needed to provide the service.

  • Affiliates: Where applicable, with corporate affiliates under common control, consistent with this Policy.

  • Integrations & User-Directed Sharing: If you enable an integration or share via link/invite, we disclose data at your direction.

  • Legal/Protection: To comply with law, respond to lawful requests, or protect rights, safety, and property of Ryv, our users, or the public.

  • Business Transfers: In a merger, acquisition, financing, or sale of assets, data may be transferred to a successor subject to this Policy (or you will be notified of material changes).

  • Aggregated/De-identified Data: We may share non-identifying insights and statistics for research, benchmarking, or marketing.

  • Vendor Changes. Our vendor roster may evolve. We aim to work with providers that maintain recognized security attestations (e.g., SOC 2, ISO 27001) or demonstrate robust security controls. A current sub-processor list is available upon request; material changes will be reflected in this Policy and, where required, we will provide notice.

5) Legal Bases for Processing (EU/UK)

Where the GDPR/UK GDPR applies, we rely on:

  • Consent (e.g., certain cookies/marketing). You may withdraw consent at any time.

  • Contractual Necessity (to provide the Services you request).

  • Legitimate Interests (e.g., improving and securing the Services, limited direct marketing and measurement, product analytics), balanced against your rights.

  • Legal Obligation (e.g., tax and accounting, responding to lawful requests).

6) Your Rights & Choices

Depending on your location (e.g., EU/UK, Canada, California and other U.S. states), you may have the right to:

  • Access/Portability: Request a copy of your Personal Data and (where technically feasible) portability for data processed by consent or contract.

  • Correction: Ask us to correct inaccurate or incomplete data.

  • Deletion: Request deletion of Personal Data, subject to legal/operational exceptions (e.g., fraud prevention, record-keeping).

  • Restriction/Objection: Request we limit certain processing or object to processing based on legitimate interests, including direct marketing.

  • Email Preferences. You can unsubscribe from marketing emails via the link in each message. Transactional messages (e.g., security, billing) are not marketing and will continue as needed to provide the Services.

  • Cookies/Tracking: Control cookies in your browser; use platform-level ad preferences; and (where supported) our cookie banner/preferences.

  • Non-Discrimination (California): You will not be discriminated against for exercising your privacy rights.

How to exercise your rights: Email support@ryv.ai or use in-product controls where available. We may need to verify your identity. You may authorize an agent (where applicable by law) to submit a request on your behalf.

Appeals: If we deny your request and you are in a jurisdiction that provides an appeal right (e.g., certain U.S. states), you may appeal by replying to our decision email with “Appeal”.

7) Data Retention

We retain Personal Data only as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Illustrative examples:

  • Account & Workspace Data: Kept while your account is active.

  • User Content (files, chats, docs): Kept until you delete them or your workspace is deleted; versions/history may persist for a reasonable period for recovery/audit.

  • Voice: Raw audio is temporary (processed to text then discarded). Final transcripts are retained as part of your brand knowledge unless you delete them.

  • Logs/Telemetry: Retained for operational security, fraud prevention, quality, and analytics for limited periods (typically 30–365 days, varying by log type and legal requirements).

  • Backups: Persist for limited cycles, after which data is overwritten.

When data is no longer needed, we delete or de-identify it. Some records may be retained as required by law (e.g., billing).

8) Security Measures

We implement appropriate technical and organizational measures to protect Personal Data, including (illustrative):

  • Access Control & Auth: Supabase Auth (JWT), workspace-scoped Row-Level Security (RLS), role-based permissions.

  • Data Handling: Private storage buckets with signed URLs, least-privilege API keys, encrypted transport (TLS).

  • Infrastructure: We use reputable cloud infrastructure and content delivery platforms with monitoring, logging, redundancy, and access controls appropriate to the data and service.

  • Vendor Standards: We endeavor to engage providers that maintain recognized security attestations (e.g., SOC 2 Type II, ISO 27001) or demonstrate robust security controls. Where a provider does not hold a particular attestation, we assess its security posture and implement contractual, technical, and organizational safeguards appropriate to the data and service.

  • Operational Practices: Secure development practices, change management, and periodic reviews.

  • Security Incidents. If we become aware of a data breach affecting your Personal Data, we will notify you and/or relevant authorities when required by law.

No method of transmission or storage is 100% secure. If you believe your account has been compromised, contact support@ryv.ai immediately.

9) Children’s Privacy

The Services are not directed to children under 13 (or under 16 where applicable by local law). We do not knowingly collect Personal Data from children. If you believe a child has provided Personal Data, contact us and we will delete it.

10) International Data Transfers

We operate using global cloud infrastructure. Your information may be transferred to and processed in countries other than your own (including the United States and Canada), which may have different data-protection laws. Regardless of where processing occurs, we protect Personal Data as described in this Policy, and—where required—use appropriate safeguards (e.g., Standard Contractual Clauses, data-transfer impact assessments, or participation in recognized transfer frameworks). You may contact us for more details.

11) Regional Disclosures

  • Canada (PIPEDA/Provincial Laws): You may request access to and correction of Personal Data we hold about you.

  • EU/UK: You may lodge a complaint with your local supervisory authority. We will respond to requests within the timelines required by law.

  • California (CCPA/CPRA): We do not “sell” Personal Data as defined by CCPA, nor do we share it for cross-context behavioral advertising without offering required opt-outs. You may exercise rights as described in Section 6.

  • Other U.S. State Laws (e.g., Colorado, Virginia, Connecticut, Utah). Where these laws apply, you may have rights similar to those described in Section 6. Our use of cookies/pixels with advertising and analytics partners may be considered a “sale,” “sharing,” or “targeted advertising.” We provide Do Not Sell/Share/Target choices as required.

12) Changes to this Privacy Policy

We may update this Policy from time to time. Material changes will be notified by posting a prominent notice in the Service and/or emailing registered users. The “Last Updated” date at the top reflects the effective date. Your continued use after changes take effect signifies acceptance.

13) Contact Us

Ryv.ai is a product of myMarketing Incorporated (Canada) and its U.S. subsidiary myMarketing USA Corp.

Privacy & Data Rights Requests

myMarketing Incorporated
Attn: Privacy
3-241 Russell Avenue
Ottawa, Ontario, Canada, K1N 7X6
Email: support@ryv.ai

U.S. Legal Notices

myMarketing USA Corp.
400 N Ashley Dr, Suite 1900
Tampa, FL 33602, United States
Email: support@ryv.ai

Security Inquiries

Email: support@ryv.ai

If you are in the EU/UK and wish to contact a data protection authority, please see: https://edpb.europa.eu/about-edpb/board/members.

14) Service Providers (Overview)

For transparency, below are principal categories of processors that assist us (the list may evolve; enterprise customers may request a current sub-processor list):

Hosting & Infrastructure Delivery (e.g., edge, serverless).

Database, Authentication & Storage (e.g., managed Postgres, auth, object storage, realtime).

AI Processing (e.g., language/vision models, embeddings, transcription).

Email & In-App Messaging (e.g., transactional email/SMS, product messaging, CRM).

Analytics, Measurement & Attribution (e.g., product analytics, audience measurement, A/B testing).

Payment Processing & Billing (e.g., card processing, invoicing, tax).

Support & Operations (e.g., help desk, error/uptime monitoring, ticketing).

We aim to partner with providers that maintain recognized security attestations (e.g., SOC 2 Type II, ISO 27001) or demonstrate strong security controls. Where a provider lacks a particular attestation, we assess its controls and implement contractual, technical, and organizational safeguards.

  • Note: If you enable an integration, we will share data at your direction consistent with your settings.

15) Additional Notes on Product Behavior

The Services may use automated analysis (including AI) to help organize and enhance your experience—for example, extracting key facts from content you submit, improving search relevance, and supporting collaboration features like version history. Admins may configure certain data-use and retention settings within workspace limits.

Experience Marketing Content That

Actually Feels Right Drives Wins Hits Goals Engages All Maxes Impact

See what it’s like to have a full marketing team working for you, with zero cost and zero risk. Get instant access to Ryv and discover how effortless, effective, and tailored your marketing can be when it’s powered by real expertise.

TRY IT FOR FREE

Get the full version FREE. No credit card required.