1. Introduction

Narya ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI Operating System and related services (the "Service").

By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree with the practices described in this policy, please do not use the Service.

This Privacy Policy complies with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

2. Information We Collect

2.1 Information You Provide

We collect information that you provide directly to us, including:

• Account Information: Name, email address, company name, phone number, and password when you create an account
• Company Information: Company website, industry, company size, and business details
• Agent Data: Agent configurations, instructions, knowledge sources, and workflows you create
• Content: Data, documents, and information you upload or process through the Service
• Communication: Messages, feedback, and support requests you send to us
• Payment Information: Billing address and payment method details (processed by third-party payment processors)

2.2 Automatically Collected Information

When you use the Service, we automatically collect certain information, including:

• Usage Data: How you interact with the Service, features used, and time spent
• Device Information: IP address, browser type, operating system, and device identifiers
• Log Data: Access logs, error logs, and system performance metrics
• Location Data: General location information based on IP address
• Cookies and Tracking: Information collected through cookies, web beacons, and similar technologies

2.3 Information from Third-Party Services

When you integrate third-party services with the Service, we may receive:

• Data from connected services (e.g., Gmail, Notion, Plaid, Salesforce)
• Authentication tokens and credentials (stored securely and encrypted)
• Metadata about your third-party accounts and usage

We only access data from third-party services as necessary to provide the Service and in accordance with your instructions and authorizations.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Provision

• Create and manage your account
• Provide, operate, and maintain the Service
• Process transactions and manage subscriptions
• Enable agent creation, deployment, and orchestration
• Facilitate third-party integrations
• Send service-related communications

3.2 Service Improvement

• Analyze usage patterns and improve Service functionality
• Develop new features and capabilities
• Train and improve AI models (using anonymized and aggregated data)
• Conduct research and analytics
• Monitor and prevent security threats

3.3 Communication

• Respond to your inquiries and provide customer support
• Send important service updates and notifications
• Send marketing communications (with your consent, which you can opt out of)
• Conduct surveys and gather feedback

3.4 Legal and Security

• Comply with legal obligations and enforce our Terms of Service
• Protect the rights, property, and safety of Narya, our users, and others
• Detect, prevent, and address fraud, security breaches, and other harmful activities
• Investigate violations of our policies

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We share information with third-party service providers who perform services on our behalf, including:

• Cloud hosting and infrastructure providers (e.g., Vercel, AWS)
• Payment processors
• Analytics and monitoring services
• Customer support platforms
• Email service providers

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

4.2 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control.

4.3 Legal Requirements

We may disclose your information if required by law or in response to valid requests by public authorities, including:

• Court orders, subpoenas, or legal processes
• Government investigations
• To protect our rights, privacy, safety, or property
• To enforce our Terms of Service

4.4 With Your Consent

We may share your information with your explicit consent or at your direction, such as when you authorize third-party integrations or share content publicly.

5. Data Security

We implement industry-standard security measures to protect your information, including:

• Encryption: Data in transit is encrypted using TLS/SSL, and sensitive data at rest is encrypted
• Access Controls: Strict access controls and authentication mechanisms
• Security Monitoring: Continuous monitoring for security threats and vulnerabilities
• Regular Audits: Security audits and penetration testing
• SOC 2 Compliance: We maintain SOC 2 Type II certification
• Data Backup: Regular backups and disaster recovery procedures

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

You are responsible for maintaining the security of your account credentials and for any activities that occur under your account.

6. Data Retention

We retain your information for as long as necessary to:

• Provide the Service to you
• Comply with legal obligations
• Resolve disputes and enforce our agreements
• Maintain security and prevent fraud

When you delete your account, we will:

• Delete your personal information within 30 days
• Retain anonymized, aggregated data for analytics and service improvement
• Retain information as required by law or for legitimate business purposes

You can request deletion of your data at any time by contacting us or using account deletion features in the Service.

7. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

7.1 Access and Portability

You have the right to:

• Access your personal information
• Receive a copy of your data in a portable format
• Know what personal information we have about you

7.2 Correction and Deletion

You have the right to:

• Correct inaccurate or incomplete information
• Request deletion of your personal information
• Update your account information at any time

7.3 Restriction and Objection

You have the right to:

• Object to processing of your personal information
• Request restriction of processing
• Opt out of marketing communications

7.4 California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the CCPA:

• Right to know what personal information is collected, used, and shared
• Right to delete personal information
• Right to opt out of the sale of personal information (we do not sell your information)
• Right to non-discrimination for exercising your privacy rights

7.5 European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have additional rights under the GDPR:

• Right to access, rectification, and erasure
• Right to data portability
• Right to object to processing
• Right to restrict processing
• Right to withdraw consent
• Right to lodge a complaint with a supervisory authority

7.6 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@narya.io. We will respond to your request within 30 days (or as required by applicable law).

We may require verification of your identity before processing certain requests to protect your privacy and security.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

• Remember your preferences and settings
• Authenticate your identity
• Analyze Service usage and performance
• Provide personalized experiences
• Deliver targeted advertising (with your consent)

8.1 Types of Cookies

• Essential Cookies: Required for the Service to function
• Functional Cookies: Remember your preferences and enhance functionality
• Analytics Cookies: Help us understand how you use the Service
• Advertising Cookies: Used to deliver relevant advertisements (with consent)

8.2 Managing Cookies

You can control cookies through your browser settings. However, disabling certain cookies may limit your ability to use some features of the Service.

9. Third-Party Services and Integrations

The Service integrates with various third-party services. When you connect these services:

• We access data only as necessary to provide the Service
• We store authentication tokens securely and encrypted
• Third-party services have their own privacy policies that govern their data practices
• You can revoke access to third-party services at any time

We are not responsible for the privacy practices of third-party services. We encourage you to review their privacy policies.

Common third-party services we integrate with include: Gmail, Outlook, Notion, Plaid, Snowflake, Salesforce, HubSpot, Apollo, Perplexity, and others.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country.

When we transfer your information internationally, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the European Commission
• Other legally recognized transfer mechanisms
• Compliance with applicable data protection laws

By using the Service, you consent to the transfer of your information to countries outside your country of residence.

11. Children's Privacy

The Service is not intended for individuals under the age of 18 (or the age of majority in your jurisdiction). We do not knowingly collect personal information from children.

If you believe we have collected information from a child, please contact us immediately at privacy@narya.io, and we will take steps to delete such information.

12. AI and Machine Learning

Our Service uses AI and machine learning technologies. When we use your data for AI/ML purposes:

• We use anonymized and aggregated data for model training when possible
• Your personal information is not used to train models without your explicit consent
• Agent interactions and outputs may be logged for service improvement and debugging
• We implement safeguards to prevent unauthorized access to your data

You can opt out of certain AI/ML processing features through your account settings, though this may limit Service functionality.

13. Data Processing Legal Basis (GDPR)

For users in the EEA, we process your personal information based on the following legal bases:

• Contract Performance: To provide the Service and fulfill our Terms of Service
• Legitimate Interests: To improve the Service, prevent fraud, and ensure security
• Consent: For marketing communications and optional features
• Legal Obligations: To comply with applicable laws and regulations

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated Privacy Policy on this page
• Updating the "Last updated" date
• Sending an email notification to registered users (for material changes)
• Displaying a prominent notice in the Service

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy. If you do not agree to the changes, you must stop using the Service and delete your account.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

16. Data Protection Officer (GDPR)

If you are located in the EEA and have questions about our data processing activities, you may contact our Data Protection Officer: