Legal
Privacy Policy
Rylvo, Inc. is committed to protecting your personal information. This Privacy Policy explains how we collect, use, and share information about you.
Last updated: May 6, 2026
1. Information We Collect
We collect information you provide directly to us when you create an account, use the API, configure connectors, or contact us for support. This includes: • Account information: full name, work email address, company name, and hashed password. • Workflow & API data: API requests, workflow run payloads, stage classifications, action recommendations, escalation events, trace IDs, and response metadata. • Connector configuration: integration settings for Slack, Jira, email, and other connected tools. We store only the minimum configuration required to route escalations. • Payment information: billing address and payment method details processed securely via Stripe. We do not store full card numbers or CVV codes. • Communications: support tickets, emails, and feedback you send us. We also collect information automatically when you use the dashboard or make API calls, including IP addresses, browser type, operating system, request timestamps, and pages visited. This data is used for security, abuse prevention, and service analytics.
2. How We Use Your Information
We use the information we collect to: • Provide, operate, and maintain the Rylvo platform and API. • Execute workflow routing, stage detection, and escalation logic on your behalf. • Process billing transactions and send payment-related communications. • Send technical notices, security alerts, API deprecation warnings, and support responses. • Monitor API usage for billing accuracy, rate limiting enforcement, and abuse prevention. • Generate aggregated, anonymized analytics to improve the platform's routing models and performance. • Comply with applicable legal obligations and respond to lawful requests. We do not sell your personal data to third parties, and we do not use identifiable customer workflow data to train AI models without your explicit written consent.
3. Workflow Data & AI Processing
When you send data through the Rylvo API, that data is processed by our AI workflow intelligence system to perform stage detection, action selection, verification, and escalation routing. You acknowledge that: • Workflow payloads you send are processed in memory and may be temporarily logged for observability and debugging. • Escalation messages routed through connectors (e.g., Slack, Jira) are transmitted to those third-party services per your configuration. • We do not retain the content of workflow payloads beyond the retention period defined by your plan, after which it is permanently deleted. • Aggregated, non-identifiable metrics (e.g., stage transition rates, latency percentiles) may be retained indefinitely to improve the platform.
4. Data Retention
We retain different types of data for different periods: • Account information: retained for the lifetime of your account and deleted within 30 days of account deletion. • Workflow run logs and trace data: retained for 30 days (Starter), 90 days (Pro), or 365 days (Enterprise) depending on your plan. • Billing records: retained for 7 years as required by financial regulations. • Support communications: retained for 3 years. You may request deletion of your personal data at any time by contacting privacy@rylvo.com. Account deletion can be initiated from the dashboard. We will process deletion requests within 30 days.
5. Data Security
We implement industry-standard security measures to protect your data, including: • TLS 1.2+ encryption for all data in transit. • AES-256 encryption for data at rest. • API keys and webhook secrets are hashed using bcrypt and are never stored in plaintext. • Role-based access controls limiting internal access to customer data on a need-to-know basis. • Regular security audits and vulnerability assessments. Despite these measures, no method of transmission over the internet is 100% secure. If you discover a security vulnerability, please report it responsibly to security@rylvo.com.
6. Sharing of Information
We may share your information only in the following circumstances: • Service providers: We share data with vetted third-party providers that help us operate the platform, including cloud infrastructure (e.g., Google Cloud, AWS), payment processing (Stripe), error monitoring, and email delivery. All providers are bound by data processing agreements. • Connectors: When you configure an escalation connector (e.g., Slack, Jira), relevant escalation data is transmitted to that third-party service per your explicit configuration. • Legal compliance: We may disclose information to law enforcement or government bodies when required by applicable law, regulation, or valid legal process, with notice to you where permitted. • Business transfers: In the event of a merger, acquisition, or asset sale, your data may be transferred to a successor entity. We will notify you in advance and ensure equivalent data protections apply. We will never sell, rent, or trade your personal data to advertisers or data brokers.
7. Cookies & Tracking
We use cookies and similar tracking technologies for the following purposes: • Authentication: session cookies to keep you logged into the dashboard. • Preferences: theme and display settings stored in localStorage. • Analytics: anonymized usage analytics to understand how the dashboard is used and identify areas for improvement. We use privacy-respecting analytics tools that do not fingerprint individual users. You can control cookie behavior through your browser settings. Disabling authentication cookies will prevent you from logging into the dashboard. We do not use third-party advertising cookies or behavioral tracking pixels.
8. Your Rights
Depending on your location, you may have the following rights regarding your personal data: • Access: request a copy of the personal data we hold about you. • Correction: request correction of inaccurate or incomplete data. • Deletion: request deletion of your personal data (subject to retention requirements). • Portability: receive your data in a structured, machine-readable format. • Restriction: request that we limit how we process your data in certain circumstances. • Objection: object to processing based on legitimate interests. If you are located in the European Economic Area or the United Kingdom, you also have the right to lodge a complaint with your local data protection authority. To exercise any of these rights, contact us at privacy@rylvo.com. We will respond within 30 days.
9. International Data Transfers
Rylvo is based in the United States. If you access our Services from outside the United States, your data will be transferred to and processed in the United States, where data protection laws may differ from those in your country. For users in the European Economic Area, United Kingdom, or Switzerland, we rely on Standard Contractual Clauses approved by the European Commission to legitimize cross-border data transfers. By using our Services, you acknowledge and consent to this transfer.
10. Children's Privacy
Our Services are intended for professional and enterprise use and are not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe that a person under 18 has provided us with personal data, please contact us immediately at privacy@rylvo.com and we will take steps to delete that information.
11. Changes to This Policy
We may update this Privacy Policy from time to time as our Services and legal requirements evolve. We will notify you of material changes via email to your registered address and/or a prominent notice on our website at least 14 days before the changes take effect. Your continued use of our Services after updated changes take effect constitutes your acceptance of the updated policy. If you do not agree to the changes, you must stop using the Services before they take effect.
12. Contact
If you have questions about this Privacy Policy, wish to exercise your data rights, or want to report a privacy concern, please contact us at: privacy@rylvo.com Rylvo, Inc.