Privacy Policy

Last updated: February 13, 2026

Original Language: French. In the event of any discrepancy between this English translation and the original French version, the French version shall prevail.

Your Privacy in 30 Seconds (The Essentials)

Because transparency is the foundation of trust, here is how Ragalia actually works:

1. Local Storage (Intact Memory)

Everything you say to our assistants (e.g., Isabelle) stays on your phone. Your history and memories are stored entirely and encrypted on your device using your system’s security keys. We do not have a readable copy. You remain in full control: you can perform a “Factory Reset” of the AI at any time from the settings. ⚠️ No Cloud Backup by Ragalia: In the event of loss, theft, or breakage of your phone, we cannot restore your memories. Please remember to enable your device’s encrypted backup (iCloud / Google Drive).

2. Hybrid Processing (Secure & Ephemeral Transfer)

To make the Artificial Intelligence work, we must query the Cloud, but with maximum protection in 3 steps:

Step 1 (Intelligent Scrubbing): Before leaving your phone, a high-reliability filter (Scrubber) automatically removes detected sensitive data (Bank, SSN, Phone, Email). By default, your name is replaced by a pseudonym (e.g., [User]) for the transfer.
Step 2 (Stateless Processing): The “scrubbed” data is received by our secure AI engines solely to generate the response. It is processed in Random Access Memory (RAM).
Step 3 (Zero Data Retention): Once the response is sent back to your phone, the processing environment discards the data. We apply a Zero Data Retention policy where information is never written to persistent storage (hard drive) on the server side.

3. No Training

Your private conversations are never used to train our artificial intelligence models.

4. You are the Client, not the Product

Our model is simple: you pay a subscription for a quality service. We do not sell your data and use no advertising trackers.

The detailed legal and contractual text begins below.

The purpose of this Privacy Policy (hereinafter the “Policy”) is to inform users (hereinafter “You”) of the commitments and measures taken by the company RAGALIA SASU (hereinafter “We” or “Ragalia”) to ensure the respect of your personal data.

Aware that confidentiality is the cornerstone of trust in a relationship with an Artificial Intelligence, we have designed our technology according to the principle of “Privacy by Design”.

1. Our “Local-First” Commitment (Data Sovereignty)

Ragalia’s specificity lies in its unique hybrid architecture which guarantees that you remain the sole master of your memory.

Encrypted Local Storage (At-Rest)

Your entire conversational history, consolidated “memories,” and emotional profile are stored in an encrypted database directly on your device. Decryption keys are managed by your operating system’s hardware security module (iOS Keychain / Android Keystore) and never transit through our servers.

Absence of Cloud Copy & Backups

Ragalia retains no copy of your memory on its servers. Warning: We have no means to restore your conversations in the event of loss, theft, or breakage of your device. We recommend that you enable your phone’s encrypted backup (iCloud / Google Drive) if you wish to keep a copy of your memories.

“No-Training” Guarantee

We formally commit that your personal conversations and memories will NEVER be used for the training of our artificial intelligence models or those of our partners.

2. The Data We Process

We collect and process data strictly necessary for the operation of the service, divided into two categories:

A. Administrative Data (Managed by Ragalia)

This data is stored on our secure servers for account management:

Identity & Access: Email address, password (hashed and salted).
Transactional: Subscription status, invoice history. Your full banking data is processed exclusively by our secure payment provider (PCI-DSS) and never transits in clear text on our servers.
Technical & Stability: Connection logs, anonymized crash reports (device type, OS version, time of incident – without any conversational content).

B. Conversational Data (Hybrid Architecture)

This data transits through our infrastructure to enable intelligence but is not retained.

Local Filtering (Regex Scrubber): Before any transmission to the Cloud, a local algorithm analyzes your message to detect and remove ultra-sensitive data formats (Credit Card numbers, Social Security, Phone, Email). Disclaimer: Although validated by intensive testing, this system acts as a safety aid. You agree not to voluntarily share critical secrets with the Assistant.
Name Pseudonymization: An option (enabled by default) replaces your real name with a neutral identifier or pseudonym in data sent to the Cloud.
Option Management: You can disable this option in the app settings. In this case, your name will be transmitted to the cloud to improve personalization but will remain subject to other security measures (non-retention).
Ephemeral Processing (Cloud): The “scrubbed” context is transmitted via TLS 1.3 to our AI engines. For each new interaction, the necessary conversational context is transmitted from your local device. The cloud thus retains no state between two distinct messages.

3. Legal Bases and Purposes

In accordance with Article 6 of the GDPR:

Provision of AI Service: Performance of Contract (Art. 6.1.b).
Subscription Management: Performance of Contract (Art. 6.1.b) and Legal Obligation (Art. 6.1.c).
Security & Fraud: Legitimate Interest (Art. 6.1.f).

We do not sell any personal data. Sharing is strictly limited to necessary technical providers.

Cookies and Trackers

On the App: We certify that we use no third-party behavioral analysis tools for advertising purposes.
On the Website: We use cookies strictly necessary for operation (authentication/session). These cookies are deleted when the session closes.
Audience Measurement (Anonymous): We use Plausible Analytics (EU), a privacy-friendly solution that does not set cookies and collects no personal data, only aggregated trends.

Form Security (Anti-Spam)

To protect our forms (registration, waitlists) against spam without compromising your privacy, we use Cloudflare Turnstile. This solution verifies that the request comes from a human without using tracking cookies or collecting personal data for profiling purposes.

Main Sub-processors:

Artificial Intelligence: [Google Cloud / Vertex AI] (USA/EU) - “Enterprise” configuration with training opt-out.
Hosting: [Cloudflare] (USA/EU) - Security & API.
Payment: [Stripe] (Direct) and [Apple / Google] (In-App) - Secure transactions.
Communication: [Brevo] (France/EU) - Transactional emails, newsletters, and waitlist management.
Dispute Resolution: [CM2C] (France) - Consumer Mediator.

Transfers Outside the EU

Transfers to the USA are framed by the Data Privacy Framework or Standard Contractual Clauses (SCCs) with a Transfer Impact Assessment (TIA).

5. Retention Period

Account Data: Deleted 3 years after the last activity.
Billing Data: Retained for 10 years (Legal obligation).
Conversational Data (Cloud): Zero Retention. Immediate discard after processing.
Technical Logs: 12 rolling months (anonymized).

6. Security and Vulnerability Reporting

We implement advanced technical and organizational security measures:

Encryption at Rest: Use of native encryption APIs (AES-256 via Secure Enclave).
Transport Encryption: Strict TLS 1.3 for all transfers.
Partitioning: Restricted access to administrative databases.

Data Breach Notification

In accordance with Articles 33 and 34 of the GDPR, in the event of a data breach likely to result in a high risk to your rights and freedoms, we commit to informing you as well as the competent supervisory authority (CNIL) as soon as possible.

Coordinated Vulnerability Disclosure

If you are a security researcher and discover a potential vulnerability, we invite you to report it to us ethically before any public disclosure. Security Contact: security@ragalia.ai

7. Your Rights

In accordance with regulations, we commit to processing any request to exercise rights within a maximum period of one month from its receipt (this period may be extended by two months in case of complexity, in which case you will be informed).

You have the following rights:

Right of Access and Rectification:
- Administrative: You can view and correct your account information (email, etc.) from your client area.
- Conversational: You can view, modify, or delete your “memories” and history directly in the application interface.
Right to Portability: You can request the export of your conversational data. This export is provided in a structured, commonly used, and machine-readable format (JSON), allowing you to reuse it elsewhere if you wish.
Right to Object (Newsletter & Marketing): You may object at any time to receiving commercial communications by clicking on the unsubscribe link present in each email or by contacting us.
Right to Erasure (“Right to be Forgotten”):
- Locally: You can perform a “Factory Reset” via the settings.
- Globally: You can request the permanent deletion of your account. This will be effective within 30 days (except for legal retention obligations, notably for billing data which must be kept for 10 years).
Right to Lodge a Complaint: If you believe that your rights are not being respected, you can address a complaint to the CNIL (Commission Nationale de l’Informatique et des Libertés) at www.cnil.fr (or your local data protection authority).

To exercise these specific rights, contact our Data Protection Officer (DPO) at: privacy@ragalia.ai.

8. Protection of Minors

The Ragalia Service is not intended for minors. Age Restriction: You must be at least 18 years old to create an account and use Ragalia.

9. Changes to the Policy

We may update this policy to reflect legal or technical changes. In the event of a substantial modification, we will inform you by email or via a notification within the application before it comes into effect.

10. Data Controller and Contact Details

The controller of your data is the company:

RAGALIA SASU

Address: 61 rue de Lyon, 75012 Paris, France
SIRET: 99376727600013
Contact Email: legal@ragalia.ai