Privacy Policy
The short version: We collect only what we need to run Randi. We don't sell your data. We don't train AI models on your conversations or documents. Your data is encrypted, US-hosted, and stays yours. You can request deletion at any time.
1. Who we are
Randi is an AI-powered knowledge assistant delivered over SMS. It is operated by Randi App, LLC ("Randi," "we," "us," or "our"). Our contact email is trav@hey-randi.com.
2. What information we collect
Information you give us directly
- Account information — name, email address, and password (stored as a bcrypt hash, never in plaintext) when you sign up.
- Phone number — your mobile number, used to link your Randi account to the SMS number you text from.
- Early access / waitlist information — if you request access, we store your name, email, company, role, and optional phone number.
- Knowledge base content — documents, manuals, spec sheets, and entries you or your organization upload or create inside the Randi admin panel.
Information generated through use
- SMS conversations — messages you send to your Randi number, AI-generated replies, and any images or attachments included. These are stored to maintain conversation context and are visible to your account's administrators.
- Usage logs — basic server logs including timestamps and request metadata. We do not log message content in server logs beyond standard error handling.
Information we do not collect
- We do not use tracking cookies, advertising pixels, or third-party analytics on our product pages.
- We do not collect payment card numbers — billing is handled entirely by Stripe, which has its own privacy policy.
3. How we use your information
- To operate Randi — receive your messages, generate AI responses, and deliver them back to you.
- To search your knowledge base content against your questions in real time.
- To authenticate you and manage your account and subscription.
- To contact you about your account, technical issues, or (with your consent) product updates.
- To comply with legal obligations.
We do not use your data to train AI models. Your conversations and documents are processed by the Anthropic API in real time for response generation only. Anthropic's API terms of service prohibit using API inputs and outputs to train models.
4. How we share your information
We do not sell your personal information. We share data only with the vendors necessary to operate Randi:
- Supabase — our database provider, storing user accounts, conversations, and knowledge base content. Hosted on AWS in US-East-1. SOC 2 Type II certified.
- Anthropic — the AI API that powers Randi's responses. Your message content is sent to Anthropic to generate replies. Anthropic does not store or train on API data per their usage policies.
- Linq — our SMS delivery partner. Messages you send via text are received through Linq's messaging infrastructure.
- Stripe — payment processing and subscription billing. We pass your billing email to Stripe; we never see or store your card details.
- Railway — the cloud hosting provider running our servers.
We may disclose information if required by law, court order, or to protect the safety of users or the public.
5. Data retention
- Conversation history is retained as long as your account is active and for up to 12 months after account closure, unless you request deletion sooner.
- Knowledge base content is retained until you delete it or close your account.
- Account data is retained while your account is active. After closure, we anonymize or delete records within 90 days.
6. Security
We take reasonable technical and organizational measures to protect your data:
- All data is encrypted at rest (AES-256) and in transit (TLS 1.2+).
- Passwords are hashed using bcrypt — we cannot recover or read them.
- User sessions use short-lived signed JSON Web Tokens (JWTs).
- Our database infrastructure is SOC 2 Type II certified.
- Access to production systems is restricted and logged.
No system is perfectly secure. If you believe you've found a security vulnerability, please email us at trav@hey-randi.com rather than filing a public report.
7. Your rights
Depending on where you are located, you may have rights to:
- Access — request a copy of the personal data we hold about you.
- Correction — ask us to fix inaccurate data.
- Deletion — ask us to delete your account and personal data. We will do so within 30 days, subject to legal retention requirements.
- Portability — request your data in a machine-readable format.
- Opt-out of marketing — you can unsubscribe from any marketing emails using the link in those emails, or by contacting us.
To exercise any of these rights, email trav@hey-randi.com with "Privacy Request" in the subject line. We will respond within 30 days.
8. California residents (CCPA)
If you are a California resident, you have the right to know what personal information we collect, request deletion, and opt out of the sale of your information. We do not sell personal information. To submit a request, email trav@hey-randi.com.
9. Children's privacy
Randi is not directed at children under 13. We do not knowingly collect personal information from anyone under 13. If you believe we have done so, contact us and we will delete the information.
10. SMS messaging terms
When you text the Randi number, you consent to receive automated AI-generated replies in response to your messages. This is not a marketing program — messages are transactional responses to your own inquiries. Standard carrier message and data rates may apply. To stop receiving messages, reply STOP at any time.
11. Changes to this policy
We may update this policy from time to time. We will post the updated policy here with a new effective date. For significant changes, we will notify account holders by email at least 14 days before the changes take effect.
12. Contact us
Questions about this policy or our data practices? We're a small team and we read every email.