Privacy Policy

1. Introduction

RAVEJEDI LABS ("we," "our," or "us") operates CashFox AI (cashfoxai.com), a managed AI copilot platform for small businesses. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, including our web application, iOS application, and API services (collectively, the "Service").

By using CashFox AI, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our Service.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, business name, business type, website URL, and location when you create an account.
• Business Data: Information about your business operations shared during onboarding conversations with your AI copilot, including revenue details, customer information, and workflow preferences.
• Payment Information: Billing details processed through Stripe. We do not store your full credit card number on our servers.
• Communications: Chat messages, voice recordings, and video call data exchanged with your AI copilot.
• Integration Data: OAuth tokens and API keys for third-party services you connect (e.g., Plaid, Twilio, Mailchimp, Tavus). These are encrypted at rest using AES-256.

2.2 Information Collected Automatically

• Usage Data: AI interaction counts, token usage, API calls, workflow execution logs, and feature usage patterns.
• Device Information: Device type, operating system, browser type, IP address, and general location data.
• Log Data: Server logs including timestamps, request paths, and response codes for debugging and security monitoring.

2.3 Information From Third Parties

• Financial Data (Plaid): Bank account balances, transaction history, and categorized spending data when you connect your financial accounts.
• Communication Data (Twilio): Phone call metadata, SMS content, and voicemail recordings routed through your dedicated business number.
• Marketing Data (Mailchimp): Email subscriber lists, campaign performance metrics, and engagement data.
• Authentication (Firebase): Authentication tokens from Google, Apple, or email sign-in.

3. How We Use Your Information

• Provide the Service: Power your personalized AI copilot, execute workflows, and deliver business insights.
• Customer Isolation: Each customer receives a dedicated AI instance (OpenClaw pod) running in an isolated Kubernetes namespace. Your data is never shared with or accessible to other customers.
• AI Processing: Your business data is used by your dedicated AI copilot to generate insights, automate tasks, and respond to your queries. We use OpenAI and Anthropic APIs for language model processing.
• Billing: Process payments, track usage, and manage subscriptions.
• Security: Detect and prevent fraud, unauthorized access, and abuse.
• Improvement: Analyze aggregate, anonymized usage patterns to improve the platform. Individual business data is never used for model training.

4. Data Isolation & Security

CashFox AI is designed with enterprise-grade data isolation:

• Dedicated Pods: Each customer's AI copilot runs in its own Kubernetes pod with a separate SQLite database. No shared compute or storage between customers.
• Network Isolation: Kubernetes network policies prevent cross-customer network traffic.
• Encryption at Rest: All integration secrets (OAuth tokens, API keys) are encrypted with AES-256 before storage.
• Encryption in Transit: All data in transit uses TLS 1.3.
• Secret Management: Sensitive credentials are stored in Google Cloud Secret Manager with IAM-scoped access.
• Audit Logging: All webhook receipts and API calls are logged for 30 days for security and debugging purposes.

5. Third-Party Services

We use the following third-party services to deliver the CashFox AI platform:

6. Data Retention

• Account Data: Retained while your account is active and for 30 days after cancellation.
• Chat History: Stored in your dedicated pod's SQLite database. Retained for the life of your subscription.
• Webhook Receipts: Automatically expired after 30 days.
• Financial Snapshots: Daily summaries retained for 12 months.
• Backup Data: SQLite backups in Cloud Storage are retained for 90 days, then automatically deleted.
• After Cancellation: All data (including your dedicated AI pod) is permanently deleted within 30 days of account cancellation.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate personal data.
• Deletion: Request deletion of your personal data (subject to legal retention requirements).
• Portability: Request your data in a machine-readable format.
• Opt-Out: Opt out of marketing communications at any time.
• Restriction: Request restriction of processing in certain circumstances.

To exercise any of these rights, contact us at privacy@cashfoxai.com.

8. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete, and the right to opt out of the sale of personal information. We do not sell personal information.

9. Children's Privacy

CashFox AI is designed for business use and is not intended for individuals under the age of 18. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at: