RuhuAI

Privacy Policy

1. Introduction

This Privacy Policy describes the policies and procedures of Ruhu AI ("the Company", "We", "Us", or "Our") on the collection, use, and disclosure of your information when you use our Service. This policy applies to the Ruhu AI website, accessible at ruhu.ai, and the Ruhu AI Voice Agent Platform (collectively, the "Service").

We use Your Personal Data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy. If you have any questions or concerns about this policy or our practices, please contact us at hello@ruhu.ai.

2. Interpretation and definitions

Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this Privacy Policy:

  • Account means a unique account created for You to access our Service or parts of our Service.
  • Affiliate means an entity that controls, is controlled by, or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest, or other securities entitled to vote for election of directors or other managing authority.
  • Application means the Ruhu AI Voice Agent Platform provided by the Company.
  • Biometric Data refers to Personal Data resulting from specific technical processing relating to the physical, physiological, or behavioral characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data. Under certain regulations, such as the GDPR, a Voiceprint may be considered Biometric Data.
  • Call Recording means the audio capture of a conversation processed through the Service.
  • Company (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to Ruhu, Inc., registered in the United States with its principal address at 1111B South Governors Ave, STE 52865, Dover, DE 19904.
  • Cookies are small files that are placed on Your computer, mobile device, or any other device by a website, containing the details of Your browsing history on that website among its many uses.
  • Country refers to the United States.
  • Customer means the entity or individual that has entered into an agreement with Ruhu AI for the use of the Service.
  • Device means any device that can access the Service such as a computer, a cellphone, or a digital tablet.
  • Personal Data is any information that relates to an identified or identifiable individual.
  • Service refers to the Ruhu AI website and the Ruhu AI Voice Agent Platform.
  • Service Provider means any natural or legal person who processes the data on behalf of the Company.
  • Third-party Social Media Service refers to any website or any social network website through which a User can log in or create an account to use the Service.
  • Transcripts mean the text-based conversion of audio from a Call Recording.
  • Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself.
  • Voice Data includes Call Recordings, Transcripts, and Voiceprints processed by the Service.
  • Voiceprint means a digital model of the unique characteristics of an individual's voice, which can be used for identification or authentication purposes.
  • Website refers to ruhu.ai, accessible from https://ruhu.ai.
  • You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

3. Collecting and using your personal data

3.1. Types of data collected

Personal Data

While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to:

  • Email address
  • First name and last name
  • Phone number
  • Company name
  • Address, State, Province, ZIP/Postal code, City

Voice Data

When You use the Ruhu AI Voice Agent Platform, We process Voice Data on behalf of our Customers. This includes:

  • Call Recordings: Audio files of conversations between You and our Customers' voice agents.
  • Transcripts: Text versions of the Call Recordings.
  • Voiceprints: In certain configurations, a biometric identifier is created from voice characteristics for authentication or analysis.

Usage Data

Usage Data is collected automatically when using the Service. This data may include:

  • Your Device's Internet Protocol (IP) address
  • Browser type and version
  • The pages of our Service that You visit
  • The time and date of Your visit, and the time spent on those pages
  • Unique device identifiers and other diagnostic data

Tracking Technologies and Cookies

We use Cookies and similar tracking technologies like web beacons to track the activity on Our Service and store certain information. You can instruct Your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if You do not accept Cookies, You may not be able to use some parts of our Service.

3.2. Use of your personal data

The Company may use Personal Data for the following purposes:

  • To provide and maintain our Service: Including monitoring the usage of our Service.
  • To manage Your Account: To manage Your registration as a user of the Service.
  • To contact You: To contact You by email, telephone calls, SMS, or other equivalent forms of electronic communication regarding updates or informative communications related to the functionalities, products, or contracted services.
  • For customer support: To attend and manage Your requests to Us.
  • To analyze and improve our Service: For data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns, and to evaluate and improve our Service, products, marketing, and your experience.
  • For fraud detection and security: To prevent and investigate possible wrongdoing in connection with the Service and to protect the security of our platform.

3.3. Voice data specific uses

We process Voice Data on behalf of our Customers for the following purposes:

  • Transcription: To convert spoken language into written text for analysis and record-keeping.
  • Agent Training: To improve the accuracy, performance, and quality of the AI voice agents.
  • Quality Assurance: For our Customers to review interactions for quality and training purposes.
  • Compliance Monitoring: To help our Customers meet their legal and regulatory obligations.

4. Voice data and biometric information

Ruhu AI acknowledges the sensitive nature of Voice Data. Depending on the jurisdiction and specific use case, voice characteristics and Voiceprints may be classified as "Biometric Data" or a "special category of personal data" under regulations such as the EU's General Data Protection Regulation (GDPR) Article 9.

  • Explicit Consent: Where the processing of Voice Data constitutes the processing of Biometric Data, we require our Customers to obtain explicit consent from individuals before collecting and processing such data. This consent must be informed, specific, and freely given.
  • Encryption: All Voice Data, including Call Recordings and Voiceprints, is encrypted both at rest using AES-256 encryption and in transit using TLS 1.3 to ensure its confidentiality and integrity.
  • Voiceprint Security: Voiceprints are stored as hashed, irreversible digital representations, not as raw audio, to prevent reverse engineering or misuse. Access to this data is strictly controlled.
  • Call Recording Disclosure: We contractually require our Customers to provide clear and conspicuous notice to all participants in a conversation that the call may be recorded and processed by an AI service, in compliance with all applicable laws.
  • User Rights: You have the right to access, delete, or request the portability of your Voice Data. Such requests should be directed to the Ruhu AI Customer with whom you interacted, who is the Data Controller for that data. We will assist our Customers in fulfilling these requests.

5. Data retention

The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy and to comply with our legal obligations. Our standard retention periods are as follows:

  • Voice Recordings: Retained for 90 days by default. This period is configurable by the Customer.
  • Transcripts: Retained for 90 days by default. This period is configurable by the Customer.
  • Anonymized Analytics Data: Usage and performance data, which has been anonymized to remove personal identifiers, is retained for up to 1 year for service improvement.
  • Audit Logs: Security and access logs are retained for 7 years to comply with security and legal obligations.
  • User Accounts: Account information is retained for the duration of the Customer's contract with Ruhu AI and until a deletion request is processed.

6. Transfer and disclosure of your personal data

We may share Your personal information in the following situations:

  • With Service Providers/Subprocessors: We share information with third-party vendors and service providers that perform services for us or on our behalf. Our key subprocessors include:
    • Google Cloud Platform (for hosting and infrastructure)
    • OpenAI, LLC (for natural language processing)
    • Deepgram (for speech-to-text services)
    • ElevenLabs (for text-to-speech services)
  • For Business Transfers: We may share or transfer Your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of Our business to another company.
  • With Law Enforcement: Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities.
  • With Your Consent: We may disclose Your personal information for any other purpose with Your explicit consent.

No Sale of Personal Data: Ruhu AI does not sell Your Personal Data.

7. Security of your personal data

The security of Your Personal Data is of paramount importance to Us. We implement and maintain a comprehensive security program with administrative, physical, and technical safeguards to protect Your data. Our security measures include:

  • Encryption: All data is encrypted at rest using the AES-256 standard and in transit using TLS 1.3.
  • Access Controls: We enforce strict access controls, including Role-Based Access Control (RBAC) and Multi-Factor Authentication (MFA), to ensure that only authorized personnel have access to Personal Data.
  • Regular Security Audits: We conduct regular internal and third-party security audits, vulnerability assessments, and penetration tests to identify and remediate potential security risks.
  • Compliance: We are in the process of obtaining SOC 2 Type II and ISO 27001 certifications to demonstrate our commitment to the highest standards of information security.

While We strive to use commercially acceptable means to protect Your Personal Data, no method of transmission over the Internet or method of electronic storage is 100% secure.

8. GDPR compliance (for European Union users)

If you are in the European Economic Area (EEA) or the United Kingdom, you have certain data protection rights under the General Data Protection Regulation (GDPR).

Legal basis for processing

We process Personal Data under the following legal bases:

  • Consent: Where you have given clear consent for us to process your personal data for a specific purpose.
  • Contract: Where processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.
  • Legal Obligation: Where processing is necessary for us to comply with the law.
  • Legitimate Interests: Where processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those legitimate interests.

Your rights under GDPR

You have the following rights:

  • The right to access: You can request copies of Your Personal Data.
  • The right to rectification: You can request that We correct any information You believe is inaccurate or complete information You believe is incomplete.
  • The right to erasure: You can request that We erase Your Personal Data, under certain conditions.
  • The right to restrict processing: You can request that We restrict the processing of Your Personal Data, under certain conditions.
  • The right to object to processing: You can object to Our processing of Your Personal Data, under certain conditions.
  • The right to data portability: You can request that We transfer the data that We have collected to another organization, or directly to You, under certain conditions.
  • Rights in relation to automated decision making and profiling.

Right to Withdraw Consent: Where we rely on your consent to process your personal information, you have the right to withdraw your consent at any time.

Cross-Border Transfers: Information we collect may be transferred to, stored, and processed in countries outside of the EEA. We ensure such transfers are lawful by using mechanisms like the European Commission's Standard Contractual Clauses (SCCs).

Data Protection Officer: For any GDPR-related inquiries, please contact us at hello@ruhu.ai. You also have the right to complain to a Data Protection Authority about Our collection and use of Your Personal Data.

9. CCPA/CPRA privacy rights (for California residents)

This section supplements the information contained in our Privacy Policy and applies solely to residents of the State of California.

  • Categories of Personal Information Collected: In the preceding twelve (12) months, we have collected the following categories of personal information: Identifiers (e.g., name, email, IP address), Personal information categories listed in the California Customer Records statute, Internet or other similar network activity, and Sensory data (e.g., Voice Data).
  • Sources of Data: We collect this information directly from You, indirectly from Your activity on our Service, and from our Customers.
  • Business Purposes for Collection: We collect this information for the business and commercial purposes described in Section 3 of this policy.
  • Third Parties with Whom Data is Shared: We may disclose your personal information to service providers and other third parties for business purposes as described in Section 6.
  • No Sale of Personal Information: We have not sold personal information in the preceding 12 months and will not sell personal information.

Your rights under CCPA/CPRA

  • Right to Know: The right to request disclosure of the personal information we collect, use, and disclose.
  • Right to Delete: The right to request the deletion of your personal information, subject to certain exceptions.
  • Right to Opt-Out of Sale/Sharing: We do not sell or share personal information, so this right is not applicable.
  • Right to Correct: The right to request the correction of inaccurate personal information.
  • Right to Limit Use of Sensitive Personal Information: The right to limit the use and disclosure of sensitive personal information (such as Biometric Data) to that which is necessary to perform the services.

Exercising Your Rights: To exercise your rights, please contact us at hello@ruhu.ai.

10. NDPR compliance (Nigeria Data Protection Regulation)

For residents of Nigeria, this section addresses compliance with the Nigeria Data Protection Regulation (NDPR).

  • Data Protection Officer (DPO): Our DPO for Nigeria can be contacted at hello@ruhu.ai.
  • NITDA Registration: Ruhu AI is registered with the National Information Technology Development Agency (NITDA) as a Data Controller/Processor.
  • Data Residency: To support our Nigerian customers, Personal Data is processed and stored within the Google Cloud Platform (GCP) africa-south1 region located in Johannesburg, South Africa, where feasible.
  • Cross-Border Transfers: Where data is transferred outside of Nigeria, we rely on adequate mechanisms such as Standard Contractual Clauses (SCCs) to ensure the protection of Personal Data.
  • Breach Notification: In the event of a data breach affecting Nigerian data subjects, we will notify NITDA within 72 hours of becoming aware of the breach.
  • Data Subject Rights: Under NDPR, you have rights including the right to access, rectification, erasure, and data portability. To exercise these rights, please contact our DPO.

11. POPIA compliance (South Africa Protection of Personal Information Act)

For residents of South Africa, this section addresses compliance with the Protection of Personal Information Act (POPIA).

  • Information Officer: Our Information Officer for South Africa can be contacted at hello@ruhu.ai.
  • Information Regulator Registration: Ruhu AI is registered with the Information Regulator of South Africa.
  • Conditions for Lawful Processing: We adhere to the 8 conditions for the lawful processing of personal information as prescribed by POPIA, including accountability, processing limitation, purpose specification, and security safeguards.
  • Data Subject Participation: You have the right to access your personal information and to request correction or deletion.
  • Cross-Border Transfer Safeguards: We will only transfer personal information to a third party in a foreign country if they are subject to a law, binding corporate rules, or binding agreement which provides an adequate level of protection.
  • Accountability: Ruhu AI takes full responsibility for complying with the conditions of lawful processing of personal information.

12. Kenya Data Protection Act compliance

For residents of Kenya, this section addresses compliance with the Data Protection Act, 2019 (DPA).

  • Data Protection Officer (DPO): Our DPO can be contacted at hello@ruhu.ai for any inquiries related to the processing of data for Kenyan residents.
  • Data Controller Registration: Ruhu AI is registered as a Data Controller and/or Data Processor with the Office of the Data Protection Commissioner.
  • Cross-Border Transfers: We will not transfer personal data outside Kenya unless we have provided proof to the Data Commissioner on the adequacy of the safeguards or the data protection laws of the recipient country.
  • Data Subject Rights: You have rights under the DPA similar to those under GDPR, including the right to be informed, the right of access, the right to object, and the right to rectification and erasure.
  • Consent: We ensure that consent obtained from data subjects is freely given, specific, informed, and an unambiguous indication of their wishes.
  • Breach Notification: We will notify the Data Commissioner of any personal data breaches within 72 hours of becoming aware of them.

13. Multi-tenant data isolation

Our Service is a multi-tenant platform. We have implemented robust technical and organizational measures to ensure that customer data is logically isolated and segregated.

  • Data Segregation Guarantee: Each Customer's data is stored in a logically separate and isolated manner from other Customers' data.
  • Row-Level Security: We implement strict database controls, such as row-level security, to ensure that a Customer can only access their own data.
  • No Cross-Tenant Data Sharing: Our architecture and policies prohibit the sharing or leakage of data between different tenants.
  • Customer Data Ownership: Our Customers retain full ownership and control of the data they submit to the Service.
  • Technical Measures: Tenant isolation is enforced at the application, database, and infrastructure layers to provide a secure and private environment for each Customer.

14. Children's privacy

Our Service is not intended for or directed at individuals under the age of 18. We do not knowingly collect personally identifiable information from anyone under the age of 18. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 18 without verification of parental consent, We will take steps to remove that information from Our servers.

15. AI-generated communications disclaimer

Please be aware that voice calls, chat messages, and other communications generated by the Ruhu AI Service are created by artificial intelligence. While we strive for a high degree of accuracy, AI-generated content may contain errors, omissions, or inaccuracies. Users should independently verify any critical information, such as financial details, personal data, or commitments, before relying on it. Ruhu AI is not liable for any actions taken based on information provided by its AI agents.

16. Changes to this privacy policy

We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page. We will let You know via email and/or a prominent notice on Our Service at least 30 days prior to any material changes becoming effective and update the "Last updated" date at the top of this Privacy Policy. Your continued use of the Service after the effective date of the revised policy will constitute your acceptance of the changes. You are advised to review this Privacy Policy periodically for any changes.

17. Contact us

If you have any questions about this Privacy Policy, wish to exercise your data subject rights, or need to contact one of our designated officers, please use the information below:

Email:

hello@ruhu.ai

Mailing Address:

Ruhu, Inc.

1111B South Governors Ave, STE 52865

Dover, DE 19904 US

To exercise your data subject rights (such as access, correction, or deletion), please send a detailed request to the relevant email address above, specifying your request and the basis for it. We will respond to your request in accordance with applicable data protection laws.