Privacy Policy

Effective date: May 11, 2026 · Version 1.0

Important. This Privacy Policy is a comprehensive draft intended to protect users and the raastey service. It is not a substitute for qualified legal counsel. Have independent attorneys review and localize this document for your corporate entity, jurisdictions of sale, and subprocessors before you rely on it in production or advertising.

This Privacy Policy describes how raastey (“raastey,” “we,” “us,” or “our”) collects, uses, discloses, and otherwise processes personal information when you visit our marketing site, use our applications or web properties, or otherwise interact with our services (collectively, the “Services”). By using the Services, you acknowledge this Policy and our Terms of Service.

1. Who we are

The operator responsible for personal information (often called the “controller” under EU/UK law) is [Legal entity name], located at [Street, City, State/Province, Postal code, Country]. Replace these bracketed fields before launch. Contact: privacy@raastey.app.

2. Scope

This Policy applies to personal information processed in connection with the Services. It does not apply to third-party sites or services that we do not control, even if linked from raastey.

3. Personal information we collect

We may collect the following categories of information, depending on how you use the Services:

Account & identity: name, email address, authentication identifiers, profile preferences.
Content: manuscripts, notes, attachments, imports, exports, and similar materials you submit (“User Content”).
Technical & usage: IP address, device identifiers, browser type, approximate location derived from IP, logs, diagnostics, performance metrics, crash data.
Communications: messages you send to support or feedback channels.
Payment data: if billing exists, payment details are processed by our payment processor; we do not store full card numbers on our servers.
Inferences: derived information used to operate features (for example, formatting preferences), consistent with your settings.

4. Sources

We collect personal information directly from you, automatically through your device when you use the Services, and in limited cases from service providers, analytics partners, or integrations you authorize.

5. How we use personal information

We use personal information to:

Provide, maintain, secure, and improve the Services;
Create and manage accounts and authenticate users;
Process transactions and send related notices;
Provide customer support and respond to inquiries;
Detect, investigate, and prevent fraud, abuse, security incidents, and violations of our Terms;
Comply with law and enforce our agreements;
Analyze aggregated or de-identified usage to understand product performance;
Communicate service-related updates and, where permitted, product information (you may opt out of marketing where required).

6. Legal bases (EEA/UK/Switzerland)

Where GDPR or UK GDPR applies, we rely on one or more of: contract (necessary to provide the Services), legitimate interests (security, improvement, fraud prevention, balanced against your rights), consent where required (for example certain cookies or optional communications), and legal obligation.

7. Cookies & similar technologies

We and our partners may use cookies, local storage, and similar technologies for authentication, preferences, security, and aggregated analytics. Where required, we will obtain consent before non-essential cookies. You can control cookies through browser settings.

8. Analytics

We aim to use privacy-respecting analytics (for example self-hosted or cookie-light approaches) to understand traffic without invasive tracking. Specific vendors will be listed in the Subprocessors section once finalized.

9. Artificial intelligence

If the Services include AI-assisted features, we may process prompts, selections, or excerpts as needed to provide those features. We do not sell your manuscript content for unrelated advertising. AI-related processing will be described in-product with controls where feasible.

10. Disclosure of personal information

We may disclose personal information:

To service providers who assist our operations under contractual confidentiality and security obligations;
To professional advisors (lawyers, auditors) where necessary;
For legal reasons, including subpoenas, court orders, or government requests where we believe disclosure is required by law;
In connection with a business transaction (merger, acquisition, financing), subject to appropriate safeguards;
With your direction or consent.

We do not sell personal information as “sale” is defined under applicable U.S. state privacy laws, and we do not share it for cross-context behavioral advertising without consent where required.

11. International transfers

If you access the Services from outside the country where we operate servers, your information may be transferred across borders. Where required, we implement safeguards such as Standard Contractual Clauses or equivalent mechanisms.

12. Retention

We retain personal information only as long as necessary for the purposes described, including legal, accounting, or reporting requirements. User Content retention follows product settings, subscription status, and your deletion requests, subject to backups and legal holds.

13. Security

We implement administrative, technical, and organizational measures designed to protect personal information. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

14. Your privacy rights

Depending on your location, you may have rights to access, correct, delete, port, or restrict processing of personal information, and to object to certain processing. Residents of the EEA/UK may lodge complaints with a supervisory authority. California residents may have additional rights under the CPRA (know, delete, correct, opt-out of sale/share, limit use of sensitive information, non-discrimination).

To exercise rights, email privacy@raastey.app. We may verify your request as permitted by law.

15. Children

The Services are not directed to children under 13 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children. Contact us if you believe we have done so in error.

16. Automated decision-making

We do not use solely automated decision-making that produces legal or similarly significant effects about you without human review, unless required by law or disclosed separately with appropriate safeguards.

17. Changes to this Policy

We may update this Privacy Policy from time to time. We will post the revised version with a new effective date and, where required, provide additional notice or obtain consent.

18. Contact

Privacy inquiries: privacy@raastey.app
Physical address (required in some jurisdictions): [Insert legal entity mailing address]

19. Subprocessors (schedule)

Maintain a living subprocessor list (hosting, email, analytics, payment, error reporting) with links and purposes. Compliance should publish this before GA launch.