privacy-policy - Ryvan Media

This Privacy Policy ("Policy") explains how Ryvan Media LLC ("Ryvan Media", "we", "us", or "our") collects, uses, discloses, and protects information relating to identified or identifiable individuals ("Personal Data") in connection with:

Our websites (including ryvanmedia.io and related pages)
Our AI voice receptionists, agents, and assistants
Our chatbots, automation workflows, and integrations
Any other software, tools, or services we provide (collectively, the "Services").

This Policy applies to:

Clients – businesses that purchase or use our Services;
Client End Users – customers, patients, or other individuals who interact with our clients through our AI agents, phone numbers, or automations; and
Website Visitors – individuals who visit or interact with our websites, landing pages, or forms.

By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy.

If you do not agree with this Policy, you should not use our Services.

Role and Relationship (Controller vs. Processor)

Depending on the context:

In this Policy, "you" may refer to a client, end user, or website visitor, depending on the context.

Information We Collect

A. Information You Provide Directly

We may collect Personal Data you provide directly to us, such as when you:

Fill out a contact or opt-in form
Schedule a call or demo
Sign a proposal or enter into an agreement
Create an account in any dashboard we provide
Communicate with us (email, text, chat, phone, or support tickets).

This may include:

Contact details – name, email address, phone number, business name, role/title.
Account & billing information – login credentials, billing address, subscription details, limited payment info (card details are generally processed by our payment processors, not stored by us).
Business configuration data – scripts, FAQs, knowledge base documents (e.g., PDFs, CSV/Excel files), call flows, instructions, and other content you upload for the AI to use.
Support communications – messages, feedback, and other content you send us.

B. Audio, Voice, and Interaction Data

Because our Services include voice agents, call handling, and AI interactions, we may collect and process:

Call audio recordings – audio of calls handled by our AI voice assistants or routed through our Twilio or similar telephony integrations.
Transcripts – text transcripts of calls, voicemails, and voice interactions.
Chat logs – logs of chat messages exchanged between your users and AI assistants.
Interaction metadata – call start/end time, duration, direction, phone numbers (inbound/outbound), message timestamps, usage metrics, and similar technical details ("usage data").

Ryvan Media processes audio and text interaction data primarily to:

Deliver and operate AI voice and chat services
Verify and improve that the AI is functioning properly
Troubleshoot and debug issues
Track usage for credit consumption and billing
Maintain security, abuse detection, and service quality.

Where we use providers like Twilio for telephony or recording, Twilio will also process certain call and message data and may store recordings until deleted, under its own retention and deletion tools.

Where we use providers like OpenAI for LLM processing via API, data sent via the API is processed to generate responses, and—under current OpenAI policies—API data is not used to train OpenAI models by default.

C. Information We Process on Behalf of Clients (Client End Users)

For Client End Users who call, text, or chat with AI agents that Ryvan Media powers, we may process, on behalf of the client:

Names, phone numbers, email addresses, appointment or booking details
Call and message content, including questions, responses, and metadata
Interaction history with the client's AI agents and automations
Any information the client chooses to route through the Services (e.g., CRM records, ticket details, lead information).

We treat this information as Client Data and process it only to provide the Services and follow the client's instructions, similar to other AI/audio vendors that process "customer content" on behalf of business customers.

D. Automatically Collected Information

When you visit our websites or use our Services, we may automatically collect:

Device and log data – IP address, browser type, operating system, referring/exit pages, date/time stamps, and other standard log data.
Usage data – page views, clicks, feature usage, error events, and performance metrics.
Cookies and similar technologies – small files or tags used for session management, preferences, analytics, and (if enabled) basic marketing or attribution.

You can manage cookies through your browser settings. Disabling some cookies may affect how the site functions.

How We Use Personal Data

We may use Personal Data for the following purposes:

Providing and maintaining the Services

Delivering AI voice and chat interactions
Executing automation workflows, integrations, and scripts
Routing calls, recording interactions (where configured), and tracking credits/usage.

Configuring and customizing AI agents

Using your content (scripts, PDFs, FAQs, CSV/Excel data) to configure your AI agents and workflows
Tailoring responses and workflows to your business rules and preferences.

Quality assurance, performance, and debugging

Monitoring AI performance and call outcomes
Reviewing recordings and transcripts to improve intent handling, accuracy, and reliability, similar to how voice and API providers monitor usage for quality and abuse prevention.

Security and abuse prevention

Detecting fraud, abuse, or security incidents
Protecting against unauthorized access and maintaining system integrity.

Business operations and support

Responding to inquiries, providing customer support, and resolving issues
Sending service-related notifications (e.g., system updates, incidents, billing notices).

Analytics and service improvement

Aggregated or de-identified analytics to understand usage patterns and improve features
Evaluating which automations and workflows are most useful or effective (at the account or anonymized level).

Legal, compliance, and enforcement

Complying with legal obligations
Enforcing our Terms and protecting Ryvan Media, our clients, and end users.

We do not use your Client Data to build a public data product or to sell your information to third parties.

Legal Bases for Processing (EEA/UK Visitors)

Where required by applicable law (for example, if you are in the EEA or UK), we process Personal Data on the following legal bases:

Contract – where processing is necessary to provide the Services you requested.
Legitimate interests – such as improving and securing the Services, preventing abuse, and handling basic analytics.
Consent – where required (e.g., for certain marketing communications, cookies, or call recording where applicable law requires consent).
Legal obligation – where processing is necessary to comply with legal duties or law enforcement requests.

How We Share Personal Data

We do not sell or rent Personal Data. We share Personal Data only in the limited circumstances below:

A. Service Providers and Sub-Processors

We may share Personal Data with trusted third-party service providers that help us operate and deliver the Services, such as:

Cloud hosting and infrastructure
Telephony and messaging providers (e.g., Twilio or similar)
AI model providers (e.g., OpenAI or similar LLM vendors)
Database and storage providers (e.g., managed databases, vector stores)
Email, notification, and support tooling
Payment processors and billing systems.

These providers are contractually required to use Personal Data only to perform services for us and to apply appropriate security measures.

B. Client-Directed Integrations

At your request, our automations may connect to third-party tools you choose (e.g., CRM, calendar, EHR/EMR, ticketing, or marketing platforms). In those cases:

We act as a connector between your systems
Data is shared with those tools under your configuration and instructions
Your use of those tools is subject to their own privacy policies and terms.

C. Business Transfers

If we are involved in a merger, acquisition, financing, or sale of all or part of our business, Personal Data may be transferred as part of that transaction, subject to appropriate confidentiality protections.

D. Legal and Safety Reasons

We may disclose Personal Data where we believe in good faith that it is reasonably necessary to:

Comply with applicable law, regulation, or legal process
Respond to lawful requests from authorities
Protect the rights, property, or safety of Ryvan Media, our clients, or others.

Phone Numbers, Call Handling, and Recording

A. Phone Numbers and Carriers (Twilio or Similar)

Our Services often use phone numbers provided either:

By the client (client-owned Twilio or other carrier accounts), or
By Ryvan Media, in which case we typically provision numbers from a provider like Twilio.

In both cases, the underlying carrier will process:

Call metadata (numbers, timestamps, duration, status)
Message metadata and (if configured) content
Call recordings where recording is enabled and supported.

Your use of carrier services is governed by their privacy and data retention policies.

B. Call and Interaction Recording

When our Services or your configuration enable recording of calls, voicemails, or AI interactions:

We record and store audio and transcripts only for purposes such as:

Verifying that the AI and workflows are functioning correctly
Quality assurance and training of your configured flows
Debugging and error investigation
Usage tracking, credit calculation, and billing
Security and abuse detection.

Clients are responsible for:

Notifying their callers or end users about call recording where required by law
Obtaining any necessary consent (e.g., in "two-party consent" jurisdictions)
Configuring recording settings in a legally compliant way.

We may provide sample scripts or notices, but you are ultimately responsible for legal compliance with call-recording and telecom laws in your jurisdiction.

Data Security

We use commercially reasonable technical and organizational measures designed to protect Personal Data from unauthorized access, disclosure, alteration, or destruction, such as:

Encryption of data in transit (e.g., HTTPS/TLS)
Access controls and role-based permissions
Authentication and logging on our infrastructure
Limited access to recordings and transcripts on a need-to-know basis.

No system can be guaranteed 100% secure, and we cannot promise absolute security, but we work to follow industry-standard practices similar to other AI and telephony providers.

Data Retention

We retain Personal Data only for as long as reasonably necessary to:

Provide and maintain the Services
Comply with legal, accounting, or reporting obligations
Resolve disputes and enforce agreements.

In general:

Client account & billing data – kept for the duration of the business relationship and for a reasonable period thereafter (e.g., for tax or legal purposes).
Call recordings and transcripts – retained for the period configured for that client or as long as necessary to provide the Services, troubleshoot, and maintain quality. Similar to other voice platforms, we may allow or implement configurable retention periods where feasible.
Website logs and analytics data – retained for a limited time for security and performance, then aggregated or deleted.

We may anonymize or aggregate data so that it can no longer be associated with an identifiable individual and may use that information indefinitely.

Client Responsibilities and End-User Notices

Because our Services are often embedded in your business processes, you (the client) are responsible for:

Providing appropriate privacy notices to your own customers, patients, or clients
Obtaining any necessary consents for:
- Call recording
- Text messaging and marketing communications
- Use of AI assistants to handle interactions
Ensuring that any sensitive information (such as PHI, highly confidential legal data, or financial account numbers) is only processed under appropriate agreements and safeguards.

Where applicable (e.g., healthcare/medical, legal), a separate Business Associate Agreement (BAA) or similar addendum may be required before using our Services with regulated data.

Your Rights and Choices

Depending on your location and applicable law, you may have the following rights regarding your Personal Data:

Access – to know whether we process your Personal Data and to request a copy.
Correction – to request that we correct inaccurate or incomplete Personal Data.
Deletion – to request deletion of your Personal Data, subject to certain exceptions.
Restriction – to request that we restrict processing in certain circumstances.
Portability – to receive certain Personal Data in a structured, commonly used, and machine-readable format.
Objection – to object to processing based on legitimate interests or direct marketing.

If we process your Personal Data on the basis of consent, you can withdraw your consent at any time, without affecting the lawfulness of processing before withdrawal.

If your data has been processed on behalf of a client (for example, if you are a patient, customer, or lead of one of our clients), we may need to redirect your request to that client, who is the main data controller of your information.

To exercise your rights, please contact us using the details in the Contact Information section below.

You also have the right to lodge a complaint with your local data protection authority if you believe our processing violates applicable law.

Marketing Communications

If you sign up for our Services, opt in via a form, or otherwise provide your contact details, we may send you:

Service-related communications (e.g., account notices, system updates, security alerts, billing information); and
Occasional marketing or educational messages, such as updates about new features, AI automation tips, or ways to get more value from Ryvan Media.

You can opt out of marketing emails or texts at any time by using the unsubscribe link in the message or replying with the appropriate keyword (e.g., "STOP" for SMS, where supported). Opting out of marketing will not stop essential service or transactional messages.

International Data Transfers

Ryvan Media is based in the United States. If you access the Services from outside the U.S., your information may be transferred to, stored, and processed in the U.S. and other countries where our service providers operate.

Where required by law, we rely on appropriate safeguards (such as standard contractual clauses) to protect Personal Data transferred from the EEA/UK or other regions to the United States or elsewhere.

Third-Party Websites and Services

Our website and Services may contain links to third-party websites, tools, or platforms (for example, Twilio, OpenAI, payment processors, or others you choose to integrate with). These third parties have their own privacy policies and practices.

We are not responsible for the privacy practices of those third parties, and we encourage you to review their policies independently.

Children's Privacy

Our Services are not directed to children under 16, and we do not knowingly collect Personal Data directly from children under 16 without appropriate consent where required by law.

If you believe that a child has provided Personal Data to us improperly, please contact us so we can take appropriate steps.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last Updated" date at the top of this page.

If we make material changes, we may provide additional notice (such as by email, in-app notice, or prominent banner) as appropriate.

Your continued use of the Services after any update constitutes your acceptance of the updated Privacy Policy. If you do not agree with the changes, you should stop using the Services.

Contact Information

If you have any questions about this Privacy Policy or how we handle Personal Data, please contact:

Ryvan Media LLC
Tampa, FL

Email: support@ryvanmedia.io

Phone: (321) 848-1845

Last Updated: November 25th, 2025

PRIVACY POLICY