Privacy Policy

Raava Pty Ltd (“Chaaya”, “we”, “us”) respects your privacy and is committed to protecting the personal information you share with us while using our AI-powered content platform, custom agents and related services (“Service”).

1. Scope

This Privacy Policy explains what data we collect, why we collect it, how we use it, and the choices you have. It applies to chaaya.ai, app.chaaya.ai, our mobile/PWA interfaces, browser extensions, and any other websites or applications we own and operate.

2. Information We Collect

  • Account & Billing Data —name, email, password (hashed), organisation, address, payment method (handled by Stripe/PayPal; we never store full card details).
  • User Content —prompts, uploaded files, images, voice notes, code snippets, form inputs and feedback you send to the platform.
  • Usage & Log Data —IP address, browser type, device ID, operating system, pages viewed, actions taken, timestamps, referral URLs and error logs.
  • Cookies & Similar Tech —first-party cookies for authentication and preferences; third-party cookies/pixels for analytics (e.g. Google Analytics 4) and conversion tracking. See “Cookies” below.
  • Third-Party Integrations —if you connect Google Drive, Notion, Slack, etc., we store necessary OAuth tokens and metadata to perform the actions you authorise.

3. How We Use Your Information

  1. Deliver the Service  •  authenticate you, generate AI outputs, and store project data.
  2. Improve & Secure the Platform  •  monitor performance, debug, develop new features, prevent fraud and abuse.
  3. Personalise Your Experience  •  remember preferences, suggest templates, and surface insights relevant to your workflow.
  4. Communicate With You  •  send transactional emails, product updates, surveys, and (with consent) marketing messages you can opt out of at any time.
  5. Comply With Law  •  satisfy legal, tax, auditing and regulatory obligations.

4. Legal Bases (GDPR & Australian Privacy Act)

We process personal data only when we have a lawful basis: (a) to perform our contract with you; (b) with your consent; (c) to meet legal obligations; or (d) for our legitimate interests (e.g. securing the Service) that do not override your rights.

5. Sharing & Disclosure

  • Service Providers  •  cloud hosting (Google Cloud), AI model APIs (OpenAI, Anthropic), payment processors, email platforms, analytics vendors — all bound by confidentiality and data-processing agreements.
  • Business Transfers  •  if we merge, sell or reorganise, your data may transfer as part of that deal under the same confidentiality obligations.
  • Legal Requirements  •  to comply with subpoenas, court orders, or lawful requests from authorities.

6. Cookies & Tracking Technologies

Cookies are small text files stored on your device. We use:

  • Essential Cookies—sign-in, session continuity, CSRF protection.
  • Preference Cookies—theme mode, language.
  • Analytics Cookies—anonymous usage metrics (GA4, PostHog).
  • Marketing Cookies—Meta/Google pixels to measure ad performance (only if you accept).

You can control cookies through your browser settings or reject non-essential cookies via our consent banner.

7. Data Retention

We keep account information for the life of your subscription and as required for tax/audit purposes. User content can be deleted at any time from your dashboard; backups cycle out within 30 days. Anonymised analytics data may be retained indefinitely.

8. Security

Chaaya follows industry best practices: TLS-encrypted transit, AES-256-encrypted storage, least-privilege access controls, periodic penetration testing, and continuous monitoring. No method is 100 % secure, but we strive to protect your data.

9. Your Rights

  • Access, correct or delete personal information.
  • Export your data in a portable format (JSON/CSV).
  • Object to or restrict certain processing.
  • Withdraw consent at any time.
  • Complain to your local data-protection authority.

Submit requests by emailing [email protected]. We respond within 30 days.

10. Children’s Privacy

Our Service is not directed to anyone under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, contact us and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy to reflect changes in law or our practices. We will post the new version here and, if the changes are material, notify you by email or in-app notice. The “Last updated” date at the top indicates when the Policy was last revised.

12. Contact Us

Questions? Reach our Data Protection Officer at:
Raava Pty Ltd
No 78/14, Maitipe 2nd Lane, Karapitiya, Galle, Sri Lanka
Email: [email protected]

Still have a question? Browse documentation or submit a ticket.