Ravo Research — Privacy Policy
Last updated: June 26, 2026 Effective date: June 26, 2026
1. Who We Are
Ravo Research provides a local-first research workspace for managing, writing, searching, and collaborating on research. Ravo Research is an independent service operated from Australia, and is the data controller for your personal data. For privacy questions or requests, contact hello@ravoresearch.com.
2. What We Collect
We collect only what we need to run the Service:
| Category | Examples | Source |
|---|---|---|
| Account data | Name, email address, password (hashed), institution (optional), plan | You, at sign-up |
| Billing data | Subscription plan, transaction history, partial card metadata | You / our payment processor — we do not store full card numbers |
| Your research content | Manuscripts, papers, notes, datasets, files, citations ("User Content") | You — and as described in §3, this is primarily processed locally and only synced/processed in the cloud if you use cloud features |
| Usage & device data | App version, OS, feature usage, crash logs, IP address, approximate region | Automatically, when you use the Service |
| Cookies / local storage | Session tokens, preferences, basic analytics identifiers | Your browser/app (see §7) |
| Support data | Emails, messages, attachments you send us | You |
We do not intentionally collect special-category personal data, and you should avoid uploading such data unless necessary for your research and lawful for you to process.
Stories, interviews, and testimonials. If you submit a story (e.g., through "Share Your Story"), take part in a researcher interview, or provide a testimonial, we also collect and — with your consent — publish the name, role, affiliation, quotes, photographs/likeness, and social-media links you provide. The legal basis is your consent (GDPR Art. 6(1)(a)). You can withdraw consent and request removal at any time (see §8 and §4.7 of the Terms of Service); we will then remove the content from our active channels within a reasonable period, though copies may persist in caches, search indexes, or backups outside our control.
3. How We Use Your Information (and Legal Bases under GDPR)
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Provide, operate, and secure the Service; sync and process content you direct | Contract (Art. 6(1)(b)) |
| Process payments, manage subscriptions, prevent fraud | Contract / Legal obligation |
| Maintain, debug, and improve the Service (aggregated/diagnostic) | Legitimate interests (Art. 6(1)(f)) |
| Communicate service notices, security alerts, and changes | Contract / Legitimate interests |
| Optional marketing emails, optional analytics/cookies | Consent (Art. 6(1)(a)) — withdrawable anytime |
| Comply with law and respond to legal requests | Legal obligation |
We never use your User Content to train public or general-purpose AI models, and we never sell your personal information or research data (consistent with §4.3 of the Terms). AI-assisted features process your content only to perform the task you request.
4. How We Share Information
We share personal data only with:
- Service providers / sub-processors who help us run the Service under contract — for example, payment processing, hosting, database, storage, analytics, and error-monitoring providers. They may process data only on our instructions.
- AI model providers you choose to use, solely to process the content you submit to that feature, subject to that provider's terms (we use providers that do not train on your data where feasible).
- Authorities, where required by valid legal process or to protect rights, safety, and security.
- A successor entity, in a merger, acquisition, or asset sale, under equivalent privacy commitments.
We do not sell or rent personal data, and we do not "share" it for cross-context behavioral advertising (CCPA/CPRA).
5. International Data Transfers
We are based in Australia and operate globally. Your personal data and (if you use cloud features) User Content may be stored and processed in Australia and in other countries where our service providers operate. Where we transfer data out of the EEA/UK to a country without an adequacy decision, we rely on appropriate safeguards such as the EU Standard Contractual Clauses, the UK IDTA/Addendum, and equivalent mechanisms, plus, where required, your prior consent.
6. Data Retention
- Account & content: retained while your account is active.
- After deletion: removed or de-identified from active systems within 30 days; residual backup copies are deleted on their normal 90-day rotation.
- Billing/tax records: retained as long as required by law (in Australia, typically 5 years).
- Logs/diagnostics: retained for a limited period, then deleted or aggregated.
7. Cookies and Local Storage
We use cookies and local storage to:
- Keep you signed in and remember preferences (strictly necessary — no consent required);
- Understand usage to improve the Service (analytics — consent-based where required).
You can control non-essential cookies via your browser settings (and our cookie controls where provided). Disabling strictly necessary cookies may break core features.
8. Your Privacy Rights
Subject to your jurisdiction, you may have the right to:
- Access your personal data and obtain a copy;
- Export / portability — receive your data, and export your research content, in a machine-readable format;
- Rectify inaccurate data;
- Erase your data ("right to be forgotten") by deleting your account, subject to legal retention exceptions;
- Restrict or object to certain processing;
- Withdraw consent at any time (without affecting prior lawful processing);
- Opt out of marketing; and
- Lodge a complaint with a supervisory authority.
To exercise any right, contact hello@ravoresearch.com. We will respond within the time limits required by law (e.g., one month under GDPR) and will not discriminate against you for exercising your rights.
Region-specific notes
- EEA/UK (GDPR): You may complain to your local Data Protection Authority (or the UK ICO).
- California (CCPA/CPRA): You have rights to know, delete, correct, and opt out of "sale"/"sharing"; we do not sell or share your data. You may use an authorized agent.
- Australia (Privacy Act / APPs): You may complain to the OAIC.
- South Korea (PIPA): You may exercise your rights by contacting us, and may complain to the PIPC or the Personal Information Dispute Mediation Committee.
9. Security
We use technical and organizational measures appropriate to the risk — including encryption in transit, access controls, and hashed credentials — to protect your data. No method of transmission or storage is 100% secure. We will notify affected users and regulators of data breaches where required by law. You are responsible for keeping your credentials secure and for maintaining your own backups of critical research data.
10. Children
The Service is not directed to children under 16 (or the minimum age of digital consent in your country). We do not knowingly collect personal data from children below that age. If you believe a child has provided us data, contact us and we will delete it.
11. Changes to This Policy
We may update this Policy from time to time. For material changes, we will provide reasonable notice (in-app or by email) before they take effect. The "Last updated" date reflects the latest version.
12. Contact
- Privacy / data requests: hello@ravoresearch.com
- Data controller: Ravo Research, an independent service based in Australia.