Last Updated: April 3, 2026
Privacy Policy
1. Introduction
Ricord AI (“we”, “us”, “our”) operates the platform available at ricord.ai. This Privacy Policy describes how we collect, use, store, and protect your information when you use our AI knowledge and memory platform, including our website, dashboard, API, proxy, MCP server, and SDK (collectively, the “Service”).
By using the Service you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.
2. Information We Collect
Account Data
When you create an account we collect your email address, display name, and — if you subscribe to a paid plan — payment information processed securely by Stripe. We never store full credit card numbers on our servers.
Conversation Data
Messages you send through our proxy, MCP server, or SDK are transmitted to our backend for processing. This includes prompts, completions, and any attached context.
Extracted Knowledge
Our platform automatically extracts structured knowledge from your conversations — entities, facts, decisions, relationships, and other insights. This extracted knowledge is stored in your tenant-isolated database.
Usage Metadata
We collect operational metadata such as API call counts, token usage, timestamps, model selections, and feature usage to operate and improve the Service.
Device & Browser Data
When you access the dashboard we collect standard browser information including IP address, browser type, operating system, and screen resolution. This data is used for security, troubleshooting, and analytics.
3. How We Use Your Data
- To provide the core knowledge extraction, storage, and injection service.
- To improve extraction accuracy using aggregated, anonymized data only.
- To bill usage and manage subscriptions.
- To communicate important service updates, security notices, and policy changes.
We do NOT:
- Train AI models on your conversation or knowledge data.
- Sell your data to third parties.
- Share your data with advertisers or data brokers.
4. Knowledge Data Processing
This section is critical to understanding how we handle the data at the core of our platform.
- Conversation content is processed in real time to extract structured knowledge items (entities, facts, decisions, relationships).
- Extracted knowledge is stored in your isolated tenant database. Each organization’s data is logically and physically separated.
- Knowledge is never shared between tenants or organizations under any circumstances.
- You can view, edit, and delete any knowledge item at any time through the dashboard or API.
- You can export all of your data in JSON format via the dashboard or API.
- You can request permanent deletion of all your data. After a 30-day grace period (during which you may cancel the request), all data is irrecoverably deleted.
5. Data Retention
| Tier | Retention Period |
|---|---|
| Free | 7 days |
| Pro | 90 days |
| Team | Unlimited (while subscription is active) |
| Enterprise | Custom retention policies |
After account deletion, all data is retained for 30 days to allow recovery, then permanently and irrecoverably deleted.
6. Sub-Processors
We use the following third-party services that may process your data as part of delivering the Service:
| Provider | Purpose |
|---|---|
| Google Cloud Platform | Infrastructure and compute |
| Supabase | Database hosting |
| Stripe | Payment processing |
| Google Gemini | Knowledge extraction model — conversation snippets are sent for processing |
| Firebase | Authentication |
| Google Analytics | Anonymized usage analytics |
7. International Data Transfers
Your data is processed and stored in the United States. If you are located in the European Union or European Economic Area, your data will be transferred to the US for processing. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection for these transfers.
8. Your Rights
Under GDPR (EU/EEA Users)
- Right to Access — Request a copy of all personal data we hold about you.
- Right to Rectification — Correct inaccurate or incomplete data.
- Right to Erasure — Request deletion of your personal data.
- Right to Data Portability — Export your data in JSON format.
- Right to Object — Object to certain types of data processing.
- Right to Restrict Processing — Limit how we use your data.
- Right to Withdraw Consent — Withdraw previously given consent at any time.
Under CCPA (California Residents)
- Right to Know — Request disclosure of data we have collected about you.
- Right to Delete — Request deletion of your personal information.
- Right to Opt-Out of Sale — We do not sell personal information. There is nothing to opt out of.
To exercise any of these rights, contact us at privacy@ricord.ai. We will respond within 30 days.
9. Security
- Encryption at rest — All stored data is encrypted using AES-256.
- Encryption in transit — All network communication uses TLS 1.3.
- Multi-tenant isolation— Each organization’s data is logically isolated with strict access controls.
- Regular security audits — We conduct periodic security reviews and vulnerability assessments.
10. Data Breach Notification
In the event of a data breach that affects your personal information, we will notify affected users within 72 hours of discovering the breach. Notification will be sent via email and, where applicable, through an in-dashboard alert. We will also notify relevant supervisory authorities as required by law.
11. Children
The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected data from a minor, we will take steps to delete that information promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. For material changes, we will notify you at least 30 days in advance via email and/or a prominent notice on the Service before the changes take effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.
13. Contact
If you have questions or concerns about this Privacy Policy or our data practices, contact us at: