Table of Contents
- Introduction
- Information We Collect
- Voice Call & Recording Data
- How We Use Your Information
- AI Model Training
- Data Sharing & Disclosure
- Third-Party Services
- Data Security
- Data Retention
- Your Rights (DPDP Act 2023)
- Data Localisation & India Servers
- Cookies & Analytics
- Children's Privacy
- Grievance Officer
- Policy Changes
- Contact Us
Introduction
Ravan Technologies Private Limited ("Ravan.ai", "we", "us", or "our"), trading as Agni, is committed to protecting the privacy of all individuals who interact with our platform. This Privacy Policy describes how we collect, use, store, share, and protect information in connection with the Agni voice AI platform, our website at ravan.ai, and our application at app.ravan.ai.
This policy is framed in accordance with:
- The Digital Personal Data Protection Act 2023 (DPDP Act)
- The Information Technology Act 2000 and IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011
- TRAI regulations applicable to voice communications
- RBI guidelines for regulated entities in BFSI sectors
India-first commitment: All personal data processed by the Agni platform is stored exclusively on servers located within India. We do not transfer or process personal data of Indian citizens outside India without explicit consent and compliance with applicable law.
Information We Collect
Account & Registration Data
When you register for an Agni account, we collect:
- Full name, email address, and phone number
- Business name, GSTIN (optional), and billing address
- Password (stored as a bcrypt hash โ we never store plaintext passwords)
- Payment card details (tokenised โ we do not store full card numbers; these are handled by our PCI-DSS compliant payment processor)
Platform Usage Data
When you use the Agni dashboard and API, we collect:
- Agent configurations, knowledge base content, and call scripts you create
- Campaign settings, contact lists, and outbound call schedules you upload
- Dashboard actions, feature usage patterns, and session logs
- API requests made under your API keys (endpoint, timestamp, response code)
Technical & Device Data
- IP address, browser type and version, operating system
- Referring URL and pages visited on our website
- Device identifiers and session tokens
- Error logs and crash reports for platform improvement
Your Customers' Data
When you use Agni to make calls to your customers, we process on your behalf:
- Phone numbers in your contact lists
- Call audio recordings
- AI-generated call transcripts
- Post-call summaries and sentiment scores generated by our AI
- Call metadata (duration, timestamp, outcome, caller ID)
We process this data as a Data Processor on your behalf. You, as the Data Fiduciary, are responsible for ensuring you have proper consent from your customers to process their data.
Voice Call & Recording Data
Voice call data is among the most sensitive data processed by the platform. Here is exactly how we handle it:
| Data Type | Collected? | Stored? | Retention |
|---|---|---|---|
| Live call audio (real-time) | Yes โ processed in real-time for STT | Temporarily buffered | Cleared post-call |
| Call recording (full audio) | If enabled by you | Yes, India servers | Per plan (90 daysโ2 years) |
| Call transcript (text) | Yes, for all calls | Yes | Per plan |
| Post-call summary | AI-generated | Yes | Per plan |
| Sentiment score | AI-generated | Yes | Per plan |
| Caller phone number | Yes | Yes | Per plan |
Call recordings are stored with AES-256 encryption at rest. You can disable call recording in your agent settings if not required. Disabling recording does not affect transcript generation, which is always performed for quality and analytics purposes.
End-to-end encryption: All call audio transmitted between the PSTN network, our processing infrastructure, and your dashboard is encrypted in transit using TLS 1.3.
How We Use Your Information
To Provide the Service
- Processing voice calls, running AI agents, generating transcripts and summaries
- Managing your account, billing, and subscriptions
- Operating campaign management, contact lists, and scheduling features
- Delivering API responses and webhook notifications
To Improve the Platform
- Analysing aggregated, anonymised usage patterns to identify and fix performance issues
- Monitoring system reliability, latency, and error rates
- A/B testing new features in sandboxed environments
For Security & Compliance
- Detecting and preventing fraudulent use, abuse, and unauthorised access
- Responding to law enforcement requests where legally required
- Maintaining audit logs for compliance verification
Communication
- Sending transactional emails (invoices, alerts, usage reports)
- Notifying you of material changes to these policies or the platform
- Responding to your support enquiries
- Sending product updates and new feature announcements (opt-out available at any time)
We do not sell, rent, or trade your personal data or your customers' data to any third party for marketing purposes.
AI Model Training
We are committed to transparency about how your data interacts with our AI systems:
| Activity | Your Data Used? | Opt-Out Available? |
|---|---|---|
| General AI model improvement (anonymised, aggregated) | Aggregated patterns only โ no individual call content | N/A (anonymised) |
| Platform performance benchmarking | Anonymised metrics only | N/A |
| Custom model fine-tuning for your account | Only with your explicit opt-in | Yes โ default OFF |
| Third-party LLM providers (OpenAI, Anthropic, etc.) | Call transcripts may be processed | Enterprise customers can use dedicated instances |
We do not use recordings or transcripts from your account to train models that benefit other customers without your explicit written consent.
Data Sharing & Disclosure
We do NOT share your data except in the following circumstances:
- Service providers: We share data with vetted sub-processors (cloud infrastructure, payment processors, monitoring tools) under strict data processing agreements. These processors are not permitted to use your data for any purpose other than providing their service to us.
- Your integrations: When you configure integrations (e.g., GoHighLevel, Cal.com), call data and contact information is shared with those platforms per your configuration. You are responsible for those integrations' privacy practices.
- Legal obligations: We will disclose data if required by a valid court order, subpoena, or legal process issued by a competent Indian authority. We will notify you of such requests to the extent permitted by law.
- Business transfers: In the event of a merger, acquisition, or sale of assets, data may be transferred as part of the transaction. Affected users will be notified in advance.
- With your consent: For any other purpose not described above, we will obtain your explicit prior consent.
Third-Party Services
The Agni platform uses the following key sub-processors and third-party services:
| Provider | Purpose | Data Shared |
|---|---|---|
| Twilio | PSTN telephony connectivity | Phone numbers, call audio (routed) |
| LiveKit | WebRTC real-time audio for demo widget | Audio stream (real-time only, not stored by LiveKit) |
| Cloud infrastructure (India) | Compute, storage, database | All platform data โ stored in India |
| Payment processor | Payment collection | Billing details (tokenised card data) |
| GoHighLevel / Cal.com | CRM & calendar integration (optional) | Contact data, booking details โ per your config |
All sub-processors are bound by data processing agreements requiring them to maintain appropriate security standards and use data only for the specified purpose.
Data Security
We implement industry-standard security measures to protect your data:
- Encryption at rest: All stored data is encrypted using AES-256
- Encryption in transit: All data transmission uses TLS 1.3
- Access controls: Role-based access control (RBAC) within our team; production data is accessible only to authorised personnel
- Audit logging: All access to sensitive data is logged and monitored
- Regular security assessments: We conduct periodic penetration tests and vulnerability assessments
- Incident response: We maintain an incident response plan; in the event of a data breach, we will notify affected users within 72 hours as required
- Secure development: Our development follows OWASP secure coding practices
While we take all reasonable precautions, no system is 100% secure. You are responsible for maintaining the security of your account credentials and access tokens.
Security incidents: In the event of a confirmed data breach affecting your account, we will notify you at your registered email address within 72 hours of becoming aware of the incident. We will provide details of what data was affected, what steps we are taking, and what you should do. We will not contact you by phone or through any channel other than your registered email address and the platform dashboard.
How to Contact Us About Security
All security concerns, vulnerability disclosures, and breach reports must be submitted exclusively to info@ravan.ai with subject "Security". Do not contact individual team members directly โ all security communications are handled through this channel to ensure proper logging and response. We do not provide personal contact details for any team member.
Data Retention
| Data Type | Retention Period |
|---|---|
| Account and profile data | For duration of subscription + 30 days post-cancellation |
| Billing records and invoices | 7 years (as required by Indian accounting law) |
| Call transcripts (Starter/Growth) | 90 days |
| Call transcripts (Scale) | 1 year |
| Call transcripts (Enterprise) | 2 years (or as required by RBI) |
| Call recordings | Same as transcripts per plan |
| API logs | 90 days |
| Security and audit logs | 1 year |
| Data after account deletion | 30 days (then permanently purged) |
You may request early deletion of specific data types by contacting info@ravan.ai, subject to legal retention obligations (e.g., billing records, regulatory requirements).
Your Rights under DPDP Act 2023
As a data principal under the DPDP Act 2023, you have the following rights with respect to your personal data processed by us:
- Right to access: Request a summary of what personal data we hold about you and how it is being used
- Right to correction: Request correction of inaccurate or incomplete personal data
- Right to erasure: Request deletion of your personal data, subject to legal retention obligations
- Right to grievance redressal: Raise a complaint with our Grievance Officer (see Section 14)
- Right to nominate: Nominate another individual to exercise your rights on your behalf in the event of death or incapacity
To exercise any of these rights, email info@ravan.ai with subject line "DPDP Rights Request" and provide your registered email address and a description of your request. We will respond within 30 days.
Regarding Your Customers' Data
If your end-customers (data principals) contact us directly with DPDP rights requests regarding data collected through your use of Agni, we will forward those requests to you as the Data Fiduciary. You are responsible for responding to and fulfilling those requests.
Data Localisation & India Servers
All personal data of Indian users processed by the Agni platform is stored exclusively on servers located within the territory of India. We do not engage in cross-border transfer of personal data of Indian citizens to servers outside India.
- Our production infrastructure is hosted in India-region data centres
- Backups are stored within India
- AI inference for Indian-language calls is performed on India-hosted compute
- Third-party LLM API calls (where used) may route to international providers; for Enterprise customers requiring full data residency, dedicated India-only inference is available
This architecture ensures compliance with the data localisation requirements of the DPDP Act, RBI data storage norms for payment data, and TRAI-mandated subscriber data localisation requirements.
Cookies & Analytics
Our website (ravan.ai) uses cookies and similar tracking technologies. Here is what we use and why:
| Cookie Type | Purpose | Can you opt out? |
|---|---|---|
| Essential | Session management, login state, CSRF protection | No โ required for the platform to function |
| Analytics | Understand page traffic and feature usage (anonymised) | Yes โ via cookie preference centre |
| Preference | Remembering your language and display settings | Yes |
| Marketing | Retargeting on ad platforms (website only, not app) | Yes โ default OFF for logged-in users |
You can manage cookie preferences via the cookie banner displayed on first visit, or by emailing us at info@ravan.ai.
Children's Privacy
The Agni platform is a business-to-business service intended for use by adults aged 18 years and above. We do not knowingly collect, process, or store personal data of individuals under 18 years of age.
If you are a parent or guardian and believe that a minor has provided personal data to us, please contact us immediately at info@ravan.ai with subject "Minor Data Removal". We will take prompt steps to delete such data.
If your business use case involves interacting with minors (e.g., edtech platforms for school students), you are responsible for ensuring full compliance with applicable child data protection requirements and must not use Agni to collect personal data from children without appropriate parental consent mechanisms in place.
Grievance Officer
As required under the Information Technology Act 2000, the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021, and the DPDP Act 2023, we have designated a Grievance Officer to address privacy-related concerns:
Grievance Officer โ Ravan Technologies Pvt. Ltd.
Email: info@ravan.ai
Subject Line: "Privacy Grievance"
Address: New Delhi, India
Response Time: Within 30 days of receipt of complaint
If you are not satisfied with our response, you may approach the Data Protection Board of India (once constituted under the DPDP Act) or the appropriate court of competent jurisdiction in New Delhi.
Policy Changes
We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or other factors. We will:
- Notify you by email of any material changes at least 30 days before they take effect
- Post the updated policy on this page with a revised "Last reviewed" date
- Display a notice in your account dashboard for significant changes
This policy is reviewed at minimum every 15 days. The "Last reviewed" date at the top of this page reflects the most recent review checkpoint and auto-advances every 15 days.
Your continued use of the platform after the effective date of any material change constitutes your acceptance of the revised policy.
Contact Us
For privacy-related enquiries, data access requests, or to exercise your DPDP rights:
| Company | Ravan Technologies Private Limited |
| Brand | Agni by Ravan.ai |
| Address | New Delhi, India |
| Privacy enquiries | info@ravan.ai โ subject: "Privacy" |
| DPDP rights requests | info@ravan.ai โ subject: "DPDP Rights Request" |
| Data breach reports | info@ravan.ai โ subject: "Security" |
| Response time | Within 30 days for rights requests; 72 hours for security incidents |
Questions about your data?
We believe in radical transparency. If anything in this policy is unclear,
reach out and we will explain it in plain language.