Legal

Privacy Policy

Last updated: May 2026

Information We Collect

We collect information you provide directly, including your name, email address, and any details shared with your assigned analyst. We also collect usage data and technical information necessary to operate the platform (device type, IP address, session activity).

How We Use Your Information

Your information is used exclusively to provide the Raha protection service: threat monitoring, breach detection, incident response, and analyst communications. We do not sell your data to third parties or use it for advertising.

Data Retention

We retain your data for the duration of your membership and for 12 months thereafter, unless you request earlier deletion. Threat intelligence findings may be retained in anonymized form for platform security research.

Third-Party Services

We use Supabase for secure data storage and Stripe for payment processing. Both operate under their own privacy policies and maintain appropriate data protection standards. No personal data is shared with threat intelligence providers — only anonymized asset identifiers.

Your Rights

You may request access to, correction of, or deletion of your personal data at any time by contacting your analyst or writing to privacy@raha.security. We will respond within 30 days.

Security

All data is encrypted in transit (TLS 1.3) and at rest. Access to member data is restricted to your assigned analyst and authorized Raha staff. We conduct regular security reviews of our own infrastructure.

Contact

For privacy inquiries: privacy@raha.security. For urgent security matters, contact your analyst directly through the Raha app.