Privacy Policy

Raabet.ai collects data in five broad categories, depending on which features your organization uses. We collect only what is necessary to operate the platform.

We do not collect payment card numbers directly. Billing is handled entirely by our payment processor (Paddle), and we store only a subscription status and customer reference ID.

We use the information we collect for the following purposes:

• Platform operation: authenticating users, routing API requests, enforcing role-based access controls, and displaying your business data in the dashboard.
• AI receptionist (Maya): processing inbound calls in real time to greet callers, answer questions, and book appointments using your configured scripts and knowledge base.
• Call intelligence: transcribing call recordings, analyzing intent, categorizing outcomes, generating summaries, and extracting action items so your team can follow up effectively.
• CRM synchronization: syncing contacts, appointments, and notes between Raabet.ai and ServiceMinder so both systems remain accurate.
• Communications assistance: drafting suggested SMS messages for staff review and sending approved messages on behalf of your organization via RingCentral.
• Ask Raabet (AI agent): responding to natural-language queries from staff by reading your business data and, with staff confirmation, taking actions in ServiceMinder or RingCentral.
• Service improvement: diagnosing errors (via Sentry), monitoring system health, and improving AI model prompts and tool accuracy.
• Security & compliance: detecting abuse, enforcing rate limits, and maintaining audit logs of sensitive actions.

We do not use your business data to train third-party AI models, sell advertising, or benchmark one franchise against another without explicit consent.

We do not sell your personal data. We share data only with the service providers necessary to deliver the platform, and only to the extent required for each provider's specific function.

We may also disclose information when required by law, subpoena, or court order, or when we believe in good faith that disclosure is necessary to protect the safety of any person or to prevent fraud or abuse of our systems.

In the event of a merger, acquisition, or sale of substantially all assets, your data may be transferred to the successor entity. We will provide notice before your data becomes subject to a materially different privacy policy.

Call recording is a core feature of the platform, subject to your organization's RingCentral configuration and applicable state laws (including California two-party consent requirements under Penal Code § 632). Your organization is solely responsible for ensuring that callers are notified of and consent to recording, as required by law.

How call audio flows through Raabet.ai

1. Recording capture: Calls are recorded through RingCentral per your account's recording settings. RingCentral stores the audio file on its own infrastructure, governed by RingCentral's privacy policy.
2. Download for transcription: After a call ends, Raabet.ai retrieves the recording file from RingCentral's API for transcription. The audio is held in temporary server memory only for the duration of the transcription process.
3. Transcription: Audio is sent to our transcription engine (WhisperX, running on either our Hetzner server or a Vast.ai GPU instance for bulk onboarding jobs). Vast.ai instances are ephemeral and recordings are not persisted there after processing is complete.
4. AI analysis: The resulting text transcript is sent to Google Gemini for intent classification, outcome categorization, action item extraction, and contact memory updates. The audio file is not sent to Gemini.
5. Storage: The completed transcript, AI summary, and structured analysis are stored in your organization's database partition on our Hetzner PostgreSQL server. The original audio file is deleted from Raabet.ai's servers after transcription is confirmed complete. It remains in your RingCentral account per your RingCentral retention settings.

Maya AI Receptionist calls

When a caller reaches your Maya AI receptionist, the call is handled by ElevenLabs' Conversational AI platform via Twilio. The live audio stream is processed by ElevenLabs in real time to generate Maya's spoken responses. Call audio is not stored by Raabet.ai during the live call. After the call ends:

• A transcript of the Maya conversation is retrieved from ElevenLabs and stored in your Raabet.ai database.
• Raabet.ai's post-call webhook processes the transcript to extract booking details, contact information, and follow-up tasks.
• Maya does not retain caller audio beyond what ElevenLabs processes during the live call per ElevenLabs' own data handling terms.

Raabet.ai uses Google Gemini and other AI models to provide intelligent features including call analysis, contact memory, SMS drafting, and Ask Raabet — a conversational AI agent for staff. This section explains how AI is used and its limitations.

What AI processes

• Call transcripts: Gemini classifies call intent, extracts action items, and updates contact memory profiles.
• Contact profiles: The platform builds a structured memory of each contact based on call history — preferences, project details, timeline, and past interactions.
• SMS drafts: Gemini may draft suggested outreach messages. These are always presented to staff for review and approval before sending. AI-drafted messages are never sent automatically without staff action.
• Ask Raabet: Staff can ask natural-language questions (e.g., "What appointments are scheduled for tomorrow?"). Gemini reads relevant data from your database and responds. For actions that write data (booking appointments, sending SMS, updating records), the platform uses a tiered confirmation system requiring staff approval.
• Route optimization: Appointment locations and tech availability are analyzed to suggest optimal scheduling.

Human review requirement

Confirm-before-execute (Ask Raabet trust system)

Ask Raabet uses a three-tier trust system to ensure staff maintain control over consequential actions:

• Tier 1 — Auto-execute: Read-only lookups and low-risk queries are returned immediately without confirmation.
• Tier 2 — Confirm: Standard write operations (creating notes, updating records) require explicit staff confirmation before execution.
• Tier 3 — Full confirm: High-impact actions (booking appointments, sending SMS) require an explicit approval step and display a preview of the action before it is taken.

AI model data use

Data sent to Google Gemini is governed by Google Cloud's data processing terms. Under Google's enterprise API agreements, data submitted via the API is not used to train Google's foundational models by default. We strongly recommend reviewing Google's current data processing addendum for your use case at cloud.google.com/terms/data-processing-addendum.

We do not share your business data with any AI provider for the purpose of model training without your explicit, written consent.

We retain data as long as your account is active and as required to provide the platform.

• Active accounts: All account data, call records, transcripts, contact profiles, and AI-generated artifacts are retained for the life of the subscription. We do not apply an automatic expiration to data while your account is in good standing.
• Call audio: Deleted from Raabet.ai servers immediately after transcription is confirmed complete. Call audio in your RingCentral account is subject to RingCentral's own retention policies and your account settings.
• Vast.ai GPU instances: Used only for bulk Voice Intelligence Engine onboarding jobs. Instances are ephemeral; audio data is destroyed upon job completion and instance termination, typically within hours.
• Terminated accounts: Upon account termination, your data enters a 30-day export window during which you may request a full data export at no charge. After 30 days, all data associated with your organization is permanently deleted from our systems. This deletion is irreversible.
• Backup retention: Database backups may retain deleted data for up to 14 additional days beyond the deletion event, after which backups are rotated and data is fully removed.
• Gmail message content (if connected): when your Gmail account is connected, the subject and body of any email we parse (lead-platform notifications and emails from contacts in your customer database) are stored for up to 30 days to let you review context in the Raabet inbox, and then permanently deleted. Extracted structured data (such as a lead's name, phone number, or service interest) is retained as a lead record. You can disconnect Gmail at any time in Settings → Integrations, which revokes the OAuth token at Google and queues deletion of any stored message content.
• Audit logs: Security and compliance audit logs (login events, destructive actions, permission changes) are retained for 12 months regardless of account status, then permanently deleted.
• Anonymized usage analytics: Aggregated, non-identifiable usage metrics may be retained indefinitely for product improvement purposes.

Raabet.ai is a multi-tenant platform serving multiple franchise locations. Each franchise is a distinct organization within the system. We implement strict logical data isolation between organizations:

• org_id scoping: Every database table includes an org_id column. Every database query executed by the platform filters on org_id extracted from the authenticated user's JWT — never from request parameters or form data.
• API enforcement: The org_id from the authenticated session is the sole source of truth for tenant scoping. Users cannot access data from other organizations by manipulating request parameters.
• No cross-franchise customer data sharing: One franchise's contacts, calls, appointments, and customer-identifying information are never accessible to users of another franchise, even within the same franchisor network.
• Franchisor visibility into business performance: If your franchise is part of a franchisor network using Raabet, your franchisor organization may access aggregated and anonymized business performance metrics for coaching, benchmarking, and operational improvement purposes. This includes metrics such as response times, close rates, revenue trends, scheduling efficiency, and customer satisfaction indicators. Franchisors do not have access to individual customer records, call recordings, message content, or any personally identifiable information of your customers. This data sharing is a condition of participation in a franchisor-managed Raabet network and supports the operational standards of the franchise system.
• Cross-franchise anonymized benchmarking: Raabet may generate anonymized, non-identifiable performance benchmarks across franchise locations within the same network (e.g., "your close rate vs. network average"). These benchmarks never expose the underlying data of any individual franchise or its customers to other franchises.
• Super-admin access: Platform administrators (Raabet LLC staff) may access multi-franchise data for support, debugging, and compliance purposes only. All such access is logged.

We implement industry-standard security controls across all layers of the platform. The system has been assessed against OWASP ASVS (Application Security Verification Standard) criteria.

• Encryption in transit: All data between your browser and our servers, and between our servers and third-party APIs, is encrypted using TLS 1.2 or higher. HTTPS is enforced for all endpoints with no HTTP fallback.
• Encryption at rest: Database storage on our Hetzner VPS uses OS-level disk encryption.
• Authentication: User sessions are authenticated using Supabase-issued JSON Web Tokens (JWTs) with a short expiration. Tokens are verified on every API request. Passwords are hashed by Supabase using bcrypt and are never stored or visible to Raabet.ai.
• Role-based access control: Three distinct roles (Super Admin, Owner, Staff) enforce the principle of least privilege. Staff cannot access billing, user management, or organization settings. Owners cannot access other organizations.
• Parameterized SQL: All database queries use parameterized statements with positional placeholders. User input is never interpolated directly into SQL strings, preventing SQL injection attacks.
• Rate limiting: Global and per-endpoint rate limits prevent abuse. Authentication endpoints have stricter limits to mitigate brute-force attacks.
• Audit logging: All destructive actions, authentication events, user management changes, and settings modifications are written to an immutable audit log with timestamp, user identity, action type, and relevant details.
• Security headers: All HTTP responses include security headers (CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy) to mitigate common browser-based attacks.
• Internal service authentication: Internal background task endpoints require a shared secret header and are not publicly accessible.

No security system is perfect. If you discover a potential security vulnerability in Raabet.ai, please disclose it responsibly to support@raabet.ai. We are committed to investigating and addressing security reports promptly.

You have the following rights with respect to the personal data we hold about you or your organization. To exercise any of these rights, contact us at support@raabet.ai.

We will respond to all data rights requests within 30 days. In complex cases we may extend this period by a further 30 days and will notify you of the extension. We do not charge a fee for reasonable rights requests.

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you additional rights regarding your personal information.

Categories of personal information collected

In the preceding 12 months, we have collected the following CCPA categories of personal information:

• Identifiers: Name, email address, IP address, user ID
• Commercial information: Customer contact records, appointment histories, proposals, invoices (from ServiceMinder integration)
• Internet or network activity: Feature usage, page views, API request logs
• Audio and electronic data: Call recordings, voice transcripts, SMS messages
• Inferences: AI-derived contact profiles, behavioral insights, intent classifications

CCPA rights

• Right to Know: You have the right to request disclosure of the specific pieces and categories of personal information we have collected about you in the past 12 months.
• Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions (e.g., legal obligations, security purposes).
• Right to Correct: You have the right to request correction of inaccurate personal information.
• Right to Opt Out of Sale or Sharing: We do not sell personal information and do not share personal information for cross-context behavioral advertising. There is nothing to opt out of.
• Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information for purposes beyond those permitted by the CCPA.
• Right to Non-Discrimination: We will not discriminate against you for exercising any CCPA right.

How to submit a CCPA request

Submit verifiable consumer requests to: support@raabet.ai with the subject line "CCPA Privacy Request." We will verify your identity before processing the request and respond within 45 days (extendable by an additional 45 days with notice).

You may designate an authorized agent to submit a request on your behalf. The agent must provide written authorization signed by you, and we may verify your identity directly.

Raabet.ai is a business operations platform intended solely for use by adults in a professional capacity. The platform is not directed at children under the age of 13, and we do not knowingly collect personal information from children.

If you believe that we have inadvertently collected information from a child under 13, please contact us immediately at support@raabet.ai and we will take prompt steps to delete that information.

We may update this Privacy Policy from time to time to reflect changes to our practices, technology, legal requirements, or other factors.

When we make material changes, we will:

• Post the revised policy at app.raabet.ai with an updated effective date;
• Send an email notification to all account owners at least 30 days before the changes take effect; and
• Display an in-app notice for 30 days following any material change.

Non-material changes (such as correcting typographical errors or clarifying existing practices without changing their substance) may be made without prior notice. Continued use of the platform after the effective date of a revised policy constitutes your acceptance of the updated terms.

We encourage you to review this policy periodically. The date at the top of this page indicates when it was last revised.

This section describes how Raabet.ai uses information obtained through Google APIs (Gmail in particular). It applies only to franchise accounts that have chosen to connect a Google account in Settings → Integrations.

Scopes we request

• https://www.googleapis.com/auth/gmail.readonly — read-only access to the connected Gmail mailbox. Raabet.ai cannot send, reply to, delete, modify, label, or archive any message.
• https://www.googleapis.com/auth/userinfo.email — so we can display which Google account is connected on the Settings page.

No other Google scopes are requested. We do not access Google Drive, Calendar, Contacts, or any other Google service via this connection.

What messages we actually read

After the connection is granted, our mail poller fetches only message headers (From and Subject) for each new inbox item. We then evaluate the header against a strict allowlist before downloading the body. We download and read a message body only when one of the following is true about the sender:

• The sender's domain matches a known lead-generation platform (Scorpion, Angi, HomeAdvisor, Thumbtack, Gemstone Lights, Outdoor Living Brands partner portals, or similar); or
• The sender's email address exactly matches a contact already present in the connected franchise's customer database; or
• The sender's display name closely matches the name of an existing contact (fuzzy match); or
• The sender's email domain (excluding generic consumer providers such as gmail.com, yahoo.com, outlook.com, hotmail.com, icloud.com, me.com, and aol.com) matches the domain of an existing contact's email — so a colleague or alternate address of a known contact can still reach the franchise owner.

For all other senders, the body is never downloaded, stored, logged, or processed — only the header is briefly seen in order to make this decision, and the headers are discarded from memory immediately after the decision.

How we use the messages we do read

• Lead-platform notifications: sender, subject, and body are parsed (by Google Gemini under Google's API Terms, which prohibit ML-training use of customer data) to extract structured fields — customer name, phone, email, service interest, urgency — which become a lead record. The lead may trigger automated follow-up via RingCentral SMS if your org has configured outreach.
• Emails from existing contacts: the message is summarized by Gemini and surfaced in the Raabet inbox tied to that contact record. No automated customer-facing action is taken; the franchise owner reviews each message and takes any action in their own Gmail account via an "Open in Gmail" button.

Limited Use affirmation

Raabet.ai's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We use Gmail data only to provide and improve the user-facing features described above (lead intake and inbox surfacing).
• We do not transfer Gmail data to third parties except as necessary to provide or improve those features, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with user notice.
• We do not use Gmail data to serve advertisements, including retargeting, personalized, or interest-based advertising.
• We do not allow humans to read Gmail data unless we have your affirmative agreement for specific messages, doing so is necessary for security purposes (such as investigating abuse), to comply with applicable law, or our use is limited to internal operations and the data (including derivations) has been aggregated and anonymized.
• We do not use Gmail data to train generalized or third-party machine learning models.

Storage, security, and deletion

• OAuth tokens (access and refresh) are stored in our PostgreSQL database on a dedicated Hetzner server with firewall rules that block all public database access. The database volume is encrypted at rest and traffic to it is TLS-only.
• Message subject and body content that we parse is stored for at most 30 days and then permanently deleted (see Section 6 — Data Retention).
• All access to Gmail API endpoints is logged with an organization identifier and timestamp for audit purposes. No email content is written to application logs or error-tracking payloads.
• When you click "Disconnect Gmail" in Settings, Raabet.ai calls Google's token-revocation endpoint (https://oauth2.googleapis.com/revoke) before clearing the token from our database, so access terminates at Google immediately.

How to revoke access

You can disconnect Raabet.ai from your Google account at any time in two ways:

• Inside Raabet: Settings → Integrations → Gmail → Disconnect.
• Directly at Google: myaccount.google.com/connections → select Raabet → Remove access.

If you have questions, concerns, or requests relating to this Privacy Policy or the handling of your data, please contact us:

We aim to respond to all privacy-related inquiries within 5 business days. For urgent security matters, please include "URGENT" in the subject line of your email.