Ragalia

Last updated: November 27, 2025

Your Privacy in 30 Seconds (The Essentials)

Because transparency is the foundation of trust, here is how Ragalia actually works:

Local Storage (Intact Memory)

Everything you say to Isabelle stays on your phone. Your history and memories are stored entirely and encrypted on your device. We do not have a copy.

Hybrid Processing (Secure Sending)

For Isabelle to be smart, we must query the Cloud, but with maximum protection in 3 steps:

Step 1 (Filtering before sending)

Before leaving your phone, the sent message is “cleaned” to remove identifiable data (names, addresses). Note: Your local copy remains intact.

Step 2 (Cloud Processing)

These anonymized data are received by our secure AI engines solely to generate the response.

Step 3 (Immediate Forgetting)

Once the response is sent back to your phone, the Cloud forgets everything instantly. Nothing is stored there.

No Training

Your private conversations are never used to train our artificial intelligences.

You are the Client, not the Product

Our model is simple: you pay a subscription for a quality service. We do not sell your data to advertisers.

The detailed legal and contractual text begins below.

The purpose of this Privacy Policy (hereinafter the “Policy”) is to inform users (hereinafter “You”) of the commitments and measures taken by the company RAGALIA SASU (hereinafter “We” or “Ragalia”) to ensure the protection of your personal data.

Aware that confidentiality is the cornerstone of trust in a relationship with an Artificial Intelligence, we have designed our technology according to the principle of “Privacy by Design.”

1. Our “Local-First” Commitment (Data Sovereignty)

The unique feature of Ragalia lies in its hybrid architecture which guarantees that you remain the sole master of your memory.

Encrypted Local Storage

Your entire conversation history, your consolidated “memories,” and your emotional profile are stored in an encrypted database directly on your device.

Absence of Persistent Cloud Copy (“Zero Retention”)

Ragalia retains no copy of your memory on its servers.

Data Loss

In the event of loss, theft, or breakage of your device without a personal backup on your part, we are technically unable to restore your conversational data, because we do not possess it.

”No-Training” Guarantee

We formally commit that your conversations and personal memories will NEVER be used for the training of our artificial intelligence models or those of our partners.

2. The Data We Process

We collect and process data strictly necessary for the operation of the service, divided into two categories:

A. Administrative Data (Managed by Ragalia)

This data is stored on our secure servers for the management of your account:

  • Identity & Access: Email address, password (hashed and salted).
  • Transactional: Subscription status (Active/Inactive), billing history. Note: Your full banking data is processed exclusively by our secure payment provider (PCI-DSS) and never transits in clear text on our servers.
  • Technical: Connection logs (Technical logs), anonymized crash reports, device type, operating system version. These logs are purged of any conversational content.

B. Conversational Data (Hybrid Architecture)

This data (your messages, Isabelle’s responses) transits through our infrastructure to enable intelligence, but is not retained:

  • Local Filtering (Anonymization): Before any transmission, local processing aims to minimize identifiable data.
  • Ephemeral Processing (Cloud): To generate a response or consolidate a memory, encrypted data packets (TLS 1.3) are sent to our AI engines.
  • Immediate Deletion: Once the computation is finished (response generated), the data is immediately erased from the random access memory (RAM) of the processing servers. It persists only on your device.

In accordance with Article 6 of the GDPR, we only process your data if a valid legal basis exists:

Purpose of Processing

  • Provision of AI Service (“Isabelle”): Performance of Contract (Art. 6.1.b) - Necessary to respond to your messages.
  • Subscription Management & Billing: Performance of Contract (Art. 6.1.b) - Legal Obligation (Art. 6.1.c) for accounting.
  • Security & Fraud Detection: Legitimate Interest (Art. 6.1.f) - To protect the integrity of the application against abuse (“Jailbreak”, attacks).
  • Technical Improvement (Crash logs): Legitimate Interest (Art. 6.1.f) - To fix bugs and ensure stability.

4. Data Sharing and Processors

We do not sell, rent, or market any of your personal data. It is shared only with our technical service providers (sub-processors) strictly necessary for the service:

  • Model Providers (LLM): [Google Cloud / Vertex AI] (USA/EU) - For conversational intelligence. Strict contractual clause: No training on client data.
  • Hosting & Orchestration: [Vercel / AWS] (USA/EU) - For the technical API.
  • Payment: [Stripe / Apple / Google] - For secure transaction management.

Transfers Outside the European Union

Some of our service providers may process data in the United States. These transfers are governed by:

  • The EU-U.S. Data Privacy Framework.
  • Failing that, the Standard Contractual Clauses (SCCs) of the European Commission, guaranteeing an equivalent level of protection.

5. Retention Period

We apply strict retention rules (Data Minimization):

  • Account Data (Email): Retained as long as the account is active. Deleted 3 years after your last activity (prolonged inactivity), unless an early deletion request is made.
  • Billing Data: Retained for 10 years in accordance with legal accounting obligations (Article L123-22 of the French Commercial Code).
  • Conversational Data (Cloud): Zero retention (0 seconds). Real-time processing (“In-Memory”) without disk storage.
  • Technical Logs: Retained for 12 rolling months for security and debugging.

6. Security and Vulnerability Reporting

We implement advanced technical and organizational security measures: strong encryption (AES-256) of local databases, HTTPS/TLS 1.3 protocol for all transfers, and restricted access to administrative databases.

Responsible Reporting (Coordinated Vulnerability Disclosure)

If you are a security researcher and discover a potential vulnerability, we invite you to report it to us ethically before any public disclosure. Security Contact: security@ragalia.ai

7. Your Rights

In accordance with regulations, you have the following rights:

  • Right of access and rectification: You can consult and correct your administrative data in your account, and your conversational data (“memories”) directly within the application interface.
  • Right to portability: You can request the export of your conversational data in a structured, commonly used, and machine-readable format (JSON) for your personal use.
  • Right to erasure (“Right to be Forgotten”):
    • Locally: You can delete specific memories or reset the AI (“Factory Reset”) at any time via settings.
    • Globally: You can request the permanent deletion of your account. This will be effective within 30 days (barring legal retention obligations).

To exercise these rights, contact our Data Protection Officer (DPO) at: privacy@ragalia.ai.

8. Protection of Minors

The Ragalia Service is not intended for minors. Age Restriction: You must be at least 18 years old to create an account and use Ragalia. We do not knowingly collect data from minors. If we are informed that an account belongs to a minor, we will take immediate measures to delete that account and all associated data.

9. Changes to the Policy

We may update this policy to reflect legal or technical changes. In the event of a substantial modification, we will inform you by email or via a notification within the application before it enters into force.

10. Data Controller and Contact Details

The controller of your data is the company: RAGALIA SASU 61 rue de Lyon, 75012 Paris, France Contact email: legal@ragalia.ai