1. Who We Are and Scope of This Policy

Rawberry ("Rawberry," "we," "us," or "our") operates a cloud-based AI-powered CRM platform for photographers and photography businesses. Rawberry is currently operating as a sole proprietorship pending incorporation and will update these policies upon incorporation. This Privacy Policy applies to personal information we collect through our website (rawberry.ai), our web and mobile applications, and any related services (collectively, the "Service").

This Policy does not apply to personal information that our Users (photographers) collect from their own clients through our platform. Users are independently responsible for their clients' data and their own privacy practices.

We currently operate and serve users within the United States only.

2. Information We Collect

2.1 Information You Provide Directly

• Account information: name, email address, password (hashed), profile photo
• Business information: business name, address, phone number, website URL
• Payment information: billing name, address, and payment card details (processed by our payment processor; we do not store full card numbers)
• Communications: messages you send to our support team
• Content you create: client records, contracts, invoices, questionnaires, booking data, and other data you enter into the Service

2.2 Information Collected Automatically

• Log data: IP address, browser type and version, pages visited, timestamps, referring URLs
• Device information: device type, operating system, unique device identifiers
• Usage data: features used, actions taken, session duration
• Cookies and similar technologies: see Section 7 below

2.3 Information from Third Parties

• Payment processors (e.g., Stripe): transaction confirmation and fraud signals
• OAuth providers (e.g., Google): if you authenticate using a social login
• Analytics providers: aggregated usage and performance data

3. How We Use Your Information

• Provide, operate, and improve the Service
• Process payments and manage your subscription
• Authenticate your identity and secure your account
• Send transactional communications (receipts, password resets, account alerts)
• Send product updates, feature announcements, and educational content (you may opt out at any time)
• Respond to your support requests and inquiries
• Monitor and analyze usage trends to improve user experience
• Detect, investigate, and prevent fraudulent or illegal activity
• Comply with legal obligations and enforce our Terms of Service
• Defend our legal rights and protect the safety of users and third parties

3A. AI Features — Data Access and Processing Disclosure

Rawberry's core functionality is powered by AI that accesses your CRM data to automate tasks, generate content, and assist you. This section explains exactly what data the AI accesses and how it is used.

What Data the AI Accesses

The Rawberry AI assistant and automation engine may access all data stored in your CRM account, including:

• Client profiles: names, contact details, relationship history, notes, and tags
• Booking and job records: dates, venues, package details, status, and associated communications
• Contracts and quotes: document content, pricing, terms, and signature status
• Invoices and payment records: amounts, due dates, payment status, and transaction history
• Call transcripts and meeting notes: full text of transcribed calls, AI-generated summaries, and extracted action items
• Email threads: content of emails synced from connected Gmail accounts
• Instagram and contact form lead records: inquiry content, source, and follow-up history
• Workflow and task data: automation rules, scheduled actions, and task completion history
• Your account settings and preferences: pricing templates, email templates, and business configuration

How the AI Uses This Data

The AI accesses the above data exclusively to provide the following features to you:

• Generating draft quotes, contracts, and follow-up emails based on call transcripts and client context
• Prioritizing and routing leads captured from Gmail, Instagram, and contact forms
• Answering questions you ask via the voice or chat assistant about your business, clients, or pipeline
• Identifying overdue invoices, unsigned contracts, and at-risk leads requiring follow-up
• Populating CRM fields automatically based on data extracted from calls, emails, and messages
• Suggesting and executing workflow automations based on client interaction patterns

AI Data Principles

• We do not use your CRM data or call transcripts to train AI models for commercial sale or for use with any other customer's account
• AI-generated outputs (quotes, emails, summaries) are drafts for your review — you remain responsible for all communications sent to your clients
• The AI operates within a scoped context window. Data from your account is never shared with or visible to other Rawberry users
• We may use aggregated, anonymized, non-identifiable usage patterns to improve the Service
• Third-party AI model providers we use are bound by data processing agreements prohibiting use of your data for model training

You may disable AI features at any time from your account settings. Disabling AI will prevent automation and assistant functions but will not affect your stored data or non-AI features.

3B. Call Transcription Data

When you enable the call transcription feature, Rawberry collects and processes the following data:

Data Collected

• Call transcripts: text generated from real-time speech-to-text processing during Google Meet sessions and phone calls. Raw audio is processed in memory only and is never stored by Rawberry.
• Meeting metadata: participant names, meeting duration, timestamps, and Google Meet session identifiers
• AI-generated summaries and action items: structured outputs extracted from transcript content
• Sentiment and intent signals: inferences drawn by AI from call content regarding client interest and booking likelihood

How Call Data Is Used

• To populate client and job records in your CRM automatically
• To generate draft quotes and follow-up communications
• To provide a searchable, retrievable record of client interactions
• To power AI assistant responses about specific client conversations

Call Data Retention

• Raw audio recordings are NOT retained by Rawberry. Audio is processed in real time solely to generate a transcript and is permanently discarded immediately upon transcription.
• Transcripts and AI summaries are retained as part of your CRM records for the life of your account
• Upon account deletion, all transcripts and AI-generated summaries are deleted within 30 days from production systems and within 90 days from backups

Your Recording Obligations

You are solely responsible for obtaining consent from all call participants before enabling transcription. Rawberry will display a visible notification when a transcription is in progress, but the legal obligation to notify and obtain consent from your clients rests entirely with you. See Section 9.2 of the Terms of Service for your full obligations under applicable recording laws.

Our use of data obtained through Google APIs complies with the Google API Services User Data Policy at developers.google.com/terms/api-services-user-data-policy.

3C. Gmail and Instagram OAuth Data

Gmail Data

When you connect Gmail via OAuth, Rawberry accesses:

• Email content (message bodies and attachments) from incoming inquiries and client threads
• Email metadata: sender address, subject line, timestamps, and thread identifiers
• Sent email records for communications sent via Rawberry on your behalf

Gmail data is used solely to: (a) capture and qualify photography leads; (b) associate email threads with client records; (c) enable the AI to draft and send follow-up emails on your behalf; and (d) provide a unified inbox view.

Notwithstanding anything else in this Privacy Policy, our use of Gmail data is subject to these additional restrictions in compliance with Google's API Services User Data Policy:

• We will not use Gmail data to serve advertisements to you or any third party
• We will not allow any human employee or contractor to read your Gmail message content except: (i) with your explicit affirmative consent for a specific message; (ii) as necessary for security incident response or abuse investigation; (iii) as required by applicable law; or (iv) where data has been aggregated and anonymized such that individual messages cannot be identified
• We will not transfer, sell, or use Gmail data for any purpose other than operating and improving the features you have enabled within the Service

You may revoke Gmail access at any time from Google Account settings (myaccount.google.com > Security > Third-party apps with account access) or from your Rawberry account settings.

Instagram Data

When you connect your Instagram Business or Creator account via Meta's Graph API, Rawberry accesses:

• Incoming Direct Message content from prospective and existing clients
• Message metadata: sender username, profile ID, timestamp, and message thread identifier
• Sender profile information made available through the API: display name and profile photo

Instagram data is used solely to capture and qualify leads, create and update client records, enable AI-drafted responses, and display a unified inbox. We do not use Instagram message content to build audience profiles, serve targeted advertising, or transfer data to Meta or third parties for marketing purposes. We comply with Meta's Platform Terms for all data accessed through the Instagram Graph API.

You may disconnect Instagram at any time from your Rawberry account settings.

4. How We Share Your Information

We do not sell your personal information. We may share it only in the following circumstances:

4.1 Service Providers

We share information with trusted third-party vendors who perform services on our behalf, including:

• Cloud infrastructure and hosting (e.g., Amazon Web Services, Google Cloud)
• Payment processing (e.g., Stripe)
• Email delivery (e.g., SendGrid, Postmark)
• Analytics (e.g., Mixpanel, Google Analytics)
• Customer support tools (e.g., Intercom)
• AI model providers (e.g., OpenAI, Anthropic) — bound by data processing agreements prohibiting model training on your data

These providers are contractually bound to use your information only to perform services for us and in accordance with this Policy.

4.2 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Service prior to any such transfer.

4.3 Legal Compliance and Protection

We may disclose your information if required by law, subpoena, or court order, or when we believe in good faith that disclosure is necessary to protect rights, property, or safety.

4.4 With Your Consent

We may share your information for other purposes with your explicit consent.

5. Data Retention

We retain your personal information for as long as your account is active or as necessary to provide the Service. After account deletion or termination:

• Your data is available for export for 30 days
• After 30 days, your data is deleted from production systems
• Backup copies may be retained for up to 90 days before being purged
• Certain records may be retained longer as required by law (e.g., financial and tax records — up to 7 years)
• Raw audio from call transcription is never stored — it is discarded immediately upon transcription

You may request deletion of your personal information at any time by contacting support@rawberry.ai. We will process your request within 45 days as required by applicable law.

6. Data Security

We implement industry-standard security measures to protect your personal information, including:

• Encryption in transit (TLS 1.2 or higher) and at rest (AES-256)
• Hashed password storage (bcrypt)
• Role-based access controls limiting employee access to personal data
• Regular security assessments and vulnerability testing
• SOC 2-aligned operational security practices

Despite our efforts, no security system is impenetrable. In the event of a data breach affecting your rights, we will notify you as required by applicable law, and no later than 72 hours after we become aware of the breach.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to operate and improve the Service:

• Essential cookies: required for authentication and core functionality. Cannot be disabled without impairing the Service.
• Analytics cookies: help us understand how users interact with the Service (e.g., Google Analytics). These may be disabled.
• Preference cookies: remember your settings and preferences.
• Marketing cookies: used to measure marketing campaign effectiveness. These may be disabled.

You can control cookie settings through your browser preferences. We honor browser-level "Do Not Track" signals for analytics and marketing cookies.

8. Children's Privacy (COPPA Compliance)

The Service is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. In compliance with the Children's Online Privacy Protection Act (COPPA):

• Users must be at least 18 years old to create an account
• We do not knowingly collect, use, or disclose personal information from children under 13
• If we learn we have inadvertently collected information from a child under 13, we will delete it promptly

If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us immediately at support@rawberry.ai.

9. California Privacy Rights (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with the following rights:

9.1 Right to Know

You have the right to request disclosure of: (a) the categories and specific pieces of personal information we have collected about you; (b) the categories of sources; (c) the business purpose for collection; and (d) the categories of third parties with whom we share it.

9.2 Right to Delete

You have the right to request deletion of your personal information, subject to certain exceptions (e.g., completing a transaction, legal obligations, or internal uses reasonably aligned with your expectations).

9.3 Right to Correct

You have the right to request correction of inaccurate personal information we maintain about you.

9.4 Right to Opt Out of Sale / Sharing

We do not sell or share personal information for cross-context behavioral advertising. If this changes, we will update this Policy and provide an opt-out mechanism.

9.5 Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights. We will not deny services, charge different prices, or provide a different level of service based on your exercise of these rights.

9.6 How to Submit a Request

To exercise your rights, you may email us at legal@rawberry.ai or submit a request through your account settings. We will verify your identity and respond within 45 days (extendable by an additional 45 days with notice). You may designate an authorized agent to make requests on your behalf, subject to verification.

9.7 Categories of Personal Information Collected (CCPA)

In the past 12 months, we have collected:

• Identifiers: name, email address, IP address, account username
• Commercial information: subscription plan, payment history, product usage
• Internet or network activity: log data, usage data, cookie data
• Geolocation data: approximate location derived from IP address
• Professional information: business name, job title
• Electronic communications data: call transcripts and AI-generated summaries produced from real-time speech-to-text processing (no raw audio is retained); email content and metadata accessed via Gmail OAuth; Instagram Direct Message content accessed via Meta Graph API
• AI-derived inferences: summaries, action items, lead scores, and client relationship insights generated from the above data

We do not collect sensitive personal information as defined under CPRA (e.g., Social Security numbers, health data, precise geolocation, racial/ethnic origin, sexual orientation).

10. Other U.S. State Privacy Rights

As we expand, we will update this Policy to address rights under additional state privacy laws (e.g., Virginia VCDPA, Colorado CPA, Connecticut CTDPA). Contact us at legal@rawberry.ai to inquire about your state-specific rights.

11. International Users

The Service is currently available to U.S.-based users only. We do not actively market to or serve users outside the United States. If you access the Service from outside the U.S., please be aware that your information may be transferred to, stored, and processed in the United States.

12. Third-Party Links and Services

The Service may contain links to third-party websites or integrate with third-party tools. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you access through or in connection with the Service.

13. Changes to This Privacy Policy

We may update this Policy from time to time. We will notify you of material changes by: (a) sending an email to the address associated with your account; and/or (b) posting a prominent notice on the Service. Material changes will be effective 30 days after notice. Continued use of the Service after the effective date constitutes acceptance.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For California residents with unresolved complaints, you may contact the California Privacy Protection Agency (CPPA) at cppa.ca.gov.