Privacy Policy
Last updated: February 12, 2026
Rovixal ("we", "our", or "us") operates the Rovixal platform (app.rovixal.com). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.
1. Information We Collect
Account Data
When you create an account, we collect your name, email address, and organization information. Authentication is handled by Clerk, our third-party authentication provider.
Usage Data
We collect information about how you use the platform, including pages visited, features used, chatbot conversations, and performance metrics. This data helps us improve the service and provide analytics to you.
Knowledge Base Content
When you connect data sources (such as Notion, Google Docs, Confluence, or file uploads), we process and store your content to power your AI chatbot. This content is used solely to generate responses for your chatbot and is never used to train AI models.
Google User Data
When you connect your Google account, we access the following data through Google APIs: your Google account email address (for identifying your connection), a list of Google Docs files in your Google Drive (file names, IDs, and URLs), and the text content of your Google Docs documents. We store OAuth tokens (encrypted) to maintain your connection and periodically sync your documents.
Conversation Data
We store conversations between your end users and your AI chatbot to provide conversation history, analytics, and quality monitoring features.
2. How We Use Your Information
- To provide, operate, and maintain the Rovixal platform
- To generate AI-powered responses based on your knowledge base
- To provide analytics and insights about your chatbot's performance
- To process payments and manage your subscription
- To send transactional emails (account verification, billing notifications, security alerts)
- To improve and develop new features
- To detect and prevent fraud or abuse
3. Data Storage and Security
Your data is stored on secure cloud infrastructure. We implement industry-standard security measures including:
- Encryption at rest (AES-256) and in transit (TLS 1.3)
- Strict tenant isolation — your data is never accessible to other organizations
- Role-based access control (RBAC) within organizations
- Regular security audits and adversarial testing
- Audit logging of all administrative actions
4. Third-Party Services
We use the following third-party services to operate our platform:
- Clerk — Authentication and user management
- Stripe — Payment processing and subscription management
- OpenAI — AI model provider for generating chatbot responses. Your data is sent to OpenAI for processing but is not used to train their models (per our enterprise agreement).
- Google APIs — When you connect Google Docs as a knowledge source, we use Google Drive API and Google Docs API to access and sync your documents. We only request read-only access to your Google Drive files and Google Docs content.
Each third-party provider has its own privacy policy governing their use of your data.
5. Google API Services Usage Disclosure
Rovixal's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Data We Access
- Your Google account email address (to identify your connection)
- List of Google Docs in your Google Drive (file names, IDs, URLs, and metadata)
- Text content of your Google Docs documents
How We Use Google Data
Google user data is used solely to provide and improve the Rovixal platform's knowledge base functionality. Your Google Docs content is processed into text chunks and stored as vector embeddings to enable AI-powered responses from your chatbot. We do not use Google user data for serving advertisements or any purpose unrelated to providing the Rovixal service.
Data Storage and Protection
Google OAuth tokens are encrypted using AES-256 before storage. Your Google Docs content is stored in an isolated database with strict tenant separation. Access tokens are automatically refreshed and old tokens are overwritten.
Data Sharing and Transfer
Your Google Docs content may be sent to OpenAI for generating vector embeddings and chatbot responses. No other third party receives your Google user data. We do not sell, rent, or trade your Google user data to any third party for any purpose.
Revoking Access
You can disconnect your Google account at any time from the Rovixal dashboard. When you disconnect, we delete your stored OAuth tokens and you can also revoke access from your Google Account permissions page.
6. Data Retention
We retain your data for as long as your account is active or as needed to provide our services. When you delete your account, we will delete your data within 30 days, except where we are required to retain it by law.
Conversation data and analytics are retained for the duration of your subscription. You can request deletion of specific conversations at any time through the dashboard.
7. Your Rights
You have the right to:
- Access — Request a copy of the personal data we hold about you
- Correction — Request correction of inaccurate personal data
- Deletion — Request deletion of your personal data and account
- Export — Request an export of your data in a machine-readable format
- Objection — Object to the processing of your personal data
To exercise any of these rights, contact us at privacy@rovixal.com.
8. Cookies
We use essential cookies required for the platform to function (authentication, session management). We also use analytics cookies to understand how our platform is used and to improve the experience. You can control cookie preferences through your browser settings.
9. Children's Privacy
Rovixal is not intended for use by children under 16. We do not knowingly collect personal information from children under 16.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the service after changes constitutes acceptance of the updated policy.