RVVETAI Book demo
Trust center
Data

Privacy Policy

Applies to rivvetai.com, app.rivvetai.com, and the Rivvet AI Services.

Effective June 28, 2026 Published at /legal/privacy

Home / Legal / Privacy Policy

Privacy Policy

NexTech Advisors, LLC d/b/a Rivvet AI

Version 2.0 · Effective: June 28, 2026

Applies to rivvetai.com, app.rivvetai.com, and the Rivvet AI Services.

1. WHO WE ARE

NexTech Advisors, LLC d/b/a Rivvet AI (“Rivvet,” “we,” “us,” or “our”) is a Utah limited liability company that provides AI employees, hosted applications, and related services to service and commerce businesses. Questions about this Privacy Policy may be directed to legal@rivvetai.com.

2. SCOPE

This Privacy Policy applies to: (a) visitors to our websites (rivvetai.com, app.rivvetai.com, demo.rivvetai.com, and associated subdomains); (b) individuals whose information is processed through our Services on behalf of our business clients; and (c) our business clients and their authorized users. It does not apply to third-party websites linked from our sites, or to our employees and contractors, who are covered by separate workplace policies.

3. DATA WE COLLECT

3.1 Information You Provide Directly.

When you contact us, request a demo, or sign up for our Services, we may collect: name; business name and address; email address; phone number; job title; and payment and billing information (processed through our payment processor; we do not store full payment card numbers).

3.2 Information Collected Automatically.

When you visit our websites, we may automatically collect: IP address; browser type and version; operating system; referring URLs; pages viewed and time spent; and device identifiers. We use cookies and similar technologies as described in Section 6.

3.3 Client Data We Process on Behalf of Business Clients.

When we provide Services to a business client, we process data the client provides or that the client’s customers exchange with our AI employees and applications, which may include: customer names, phone numbers, and email addresses; appointment and scheduling information; call recordings and transcripts (where legally permitted and disclosed); uploaded content and images submitted to hosted applications; and communications exchanged through our AI systems. We process this data as a service provider and processor on behalf of our clients, who are the controllers of that data.

3.4 AI Interaction Data.

Our AI employees collect data from interactions they conduct on behalf of our clients, including call transcripts, chat logs, message data, and booking data. This data is associated with the relevant client’s records, not with Rivvet’s own user accounts.

3.5 Hosted Consumer Applications.

Where we build or host a consumer-facing application on behalf of a business client, end users interact with that application under the client’s brand. We process the resulting data (which may include uploaded photos, descriptions, and contact details) as a processor on the client’s behalf. The client’s own privacy policy governs its relationship with those end users.

4. HOW WE USE DATA

We use collected data to:

  • Deliver, operate, and improve our Services
  • Process transactions and send billing communications
  • Respond to inquiries and provide customer support
  • Send service-related communications (onboarding, updates, security notices)
  • Send marketing communications, subject to your opt-out rights
  • Analyze usage patterns to improve platform performance
  • Comply with legal obligations and enforce our agreements

We do not use Client Data for our own marketing, to train foundation AI models on identifiable personal information, or for any purpose other than delivering the contracted Services.

5. HOW WE SHARE DATA

5.1 Service Providers and Subprocessors.

We share data with vetted third-party service providers (“subprocessors”) who help us operate our platform. They are contractually required to protect data and use it only for the purposes we specify. We do not publish the full list, but our current Subprocessor List is available to clients on written request to legal@rivvetai.com, and we provide notice of changes as described in our Data Processing Agreement. See Section 10.

5.2 Business Clients.

Data collected through AI employee interactions is shared with the business client on whose behalf the AI employee operates. Clients are responsible for their own use of that data under their agreements with their customers.

5.3 Legal Requirements.

We may disclose data if required by law, court order, or government authority, or where we believe disclosure is necessary to protect our rights or the safety of others.

5.4 Business Transfers.

If Rivvet is acquired, merges, reorganizes (including a conversion to a corporation), or sells substantially all of its assets, data may be transferred as part of that transaction. We will provide notice before data is subject to a materially different privacy policy.

5.5 No Sale of Personal Information.

We do not sell, rent, or trade personal information, and we do not share it for cross-context behavioral advertising.

6. COOKIES, TRACKING & UNIVERSAL OPT-OUT

We use cookies and similar technologies to maintain session state and authentication, analyze website traffic, and improve user experience. You may control cookies through your browser settings; disabling them may affect some functionality. Where required by applicable law, we recognize and honor universal opt-out preference signals, including the Global Privacy Control (GPC), and treat them as a valid request to opt out of sale or sharing.

7. DATA RETENTION

We retain personal data only as long as necessary to fulfill the purposes in this Policy, comply with legal obligations, resolve disputes, and enforce agreements. Typical periods:

  • Client account data: duration of the client relationship plus 3 years
  • Call recordings and transcripts: 90 days unless the client requests shorter retention or the Order specifies otherwise
  • Website visitor data: up to 24 months
  • Billing records: 7 years, as required by applicable tax and accounting laws

On termination of a client contract, we will export Client Data on written request within 30 days and delete it within 90 days of contract end, subject to legal retention requirements.

8. SECURITY

We implement commercially reasonable technical and organizational measures to protect data, including encryption in transit (TLS 1.2+) and at rest, access controls and authentication, monitoring, and subprocessor security assessments. Further detail is in our Security Overview at rivvetai.com/legal/security. No security measure is 100% effective. In the event of a data breach affecting your personal information, we will notify affected parties as required by applicable law.

9. YOUR U.S. STATE PRIVACY RIGHTS

Depending on your state of residence, comprehensive U.S. state privacy laws, including the California Consumer Privacy Act and California Privacy Rights Act (CCPA/CPRA) and comparable laws in states such as Virginia, Colorado, Connecticut, Texas, Oregon, and others, may give you the following rights with respect to personal information we hold as a controller:

  • Right to know / access: the categories and specific pieces of personal information we have collected.
  • Right to delete: deletion of personal information we have collected, subject to exceptions.
  • Right to correct: correction of inaccurate personal information.
  • Right to portability: a copy of your data in a portable format.
  • Right to opt out: of the sale or sharing of personal information and of targeted advertising. We do not sell or share personal information.
  • Right to limit sensitive data: we do not use sensitive personal information beyond what is necessary to provide the Services.
  • Right to non-discrimination: we will not discriminate against you for exercising these rights.

To exercise your rights, email legal@rivvetai.com. We will respond within the timeframe required by applicable law (generally 45 days). We may need to verify your identity, and authorized agents may submit requests where the law permits. Where you are an end user of a hosted application operated on behalf of a business client, please direct rights requests to that client as the controller; we will assist the client in responding.

10. SUBPROCESSORS

We engage subprocessors to deliver the Services. Each is bound by data processing terms at least as protective as our own commitments and may use data only to provide services to Rivvet. We maintain a current Subprocessor List that identifies each subprocessor, its purpose, the data it processes, and its location. Because the list may change and contains vendor details, we provide it to clients on written request to legal@rivvetai.com, and we give at least 30 days’ notice before adding or replacing a subprocessor, as described in our Data Processing Agreement.

11. INTERNATIONAL DATA TRANSFERS

Our Services are operated from the United States. If you are located outside the United States, your data will be transferred to and processed in the United States. By using our Services, you consent to this transfer, and we take steps to ensure such transfers comply with applicable data protection laws.

12. CHILDREN’S PRIVACY

Our Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. Hosted consumer applications we operate on behalf of clients are likewise not directed to children. If we learn we have collected personal information from a child under 13, we will promptly delete it.

13. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time. We will post the updated policy at rivvetai.com/legal/privacy with a new Effective Date and version number. For material changes, we will provide additional notice to clients by email or a prominent notice on our website.

14. CONTACT US

Questions, complaints, or privacy-rights requests: NexTech Advisors, LLC d/b/a Rivvet AI · legal@rivvetai.com · rivvetai.com/legal/privacy.