Legal

Privacy Policy

How we collect, use, store and protect personal data submitted through ragbase.ai, our LinkedIn lead forms, demo bookings and consultations.

Last updated: May 14, 2026

This Privacy Policy explains how RAGbase ("RAGbase", "we", "us") processes personal data when you visit ragbase.ai, submit a LinkedIn lead form for one of our offerings, request a demo, book a consultation, contact us by email, or otherwise interact with our marketing touchpoints.

RAGbase builds private AI agents and RAG infrastructure for law firms, healthcare networks, finance teams and other regulated industries. We treat the privacy of prospects, clients and visitors with the same seriousness we apply to client data inside our products.

1. Who we are

For the purposes of the EU General Data Protection Regulation ("GDPR") and equivalent laws, the data controller is:

2. Data we collect

We only collect data you choose to share with us. In practice:

2.1 LinkedIn Lead Gen forms. When you submit a LinkedIn lead form for RAGbase (e.g. "Request demo"), LinkedIn shares with us the fields you authorize, which typically include: full name, professional email address, job title, company name, country, and the LinkedIn ad / campaign you responded to. We do not receive your LinkedIn password or private LinkedIn activity.

2.2 Demo and consultation bookings. When you book a discovery call or paid consultation, we collect your name, business email, company, role, and the information you choose to add in the description field. If you book a paid consultation, payment is processed by Stripe; we receive a confirmation and limited metadata (e.g. last four digits of the card, country) but not full card details.

2.3 Email and direct contact. When you email us, we receive your email address and any content you include.

2.4 Technical data. When you browse ragbase.ai we may receive standard technical information such as IP address, browser type, language, referrer, pages visited and time spent. This is collected through our hosting provider logs and analytics tools (see Section 7).

2.5 Client data inside RAGbase products. This policy covers our website and marketing. When you become a client, the way we handle your documents, queries and agent logs is governed by a separate Data Processing Agreement (DPA) and Master Services Agreement (MSA). In short: in our private deployments, your documents and indexes stay inside your own infrastructure (on-prem or VPC), and only minimal prompt chunks are sent to the LLM provider you select.

3. How we use your data

We process the data described above to:

  • Respond to your demo request, schedule and run discovery / consultation calls.
  • Send you the materials, proposals or follow-ups you asked for.
  • Send occasional B2B marketing emails about RAGbase (private AI for legal, healthcare, finance, etc.). You can unsubscribe at any time.
  • Measure the performance of our marketing (LinkedIn campaigns, Google Ads, organic search) at an aggregated level.
  • Operate and secure the website, prevent abuse and comply with our legal obligations.

We do not sell or rent personal data, and we do not use the contact data you submit to train third-party AI models.

Where GDPR applies, we rely on the following legal bases:

  • Consent — when you submit a LinkedIn lead form, fill in a contact form, or opt in to marketing. You can withdraw consent at any time.
  • Performance of a contract / pre-contractual steps — to reply to your request, scope a project, or run a paid consultation.
  • Legitimate interests — to operate and improve our website, measure marketing performance, and contact business prospects whose professional details we lawfully obtained. We balance these interests against your rights.
  • Legal obligation — for accounting, tax and fraud-prevention requirements.

5. How we share data

We share personal data only with:

  • Our team at RAGbase, on a strict need-to-know basis.
  • Trusted subprocessors that help us run the business (see Section 6). They act under written agreements and only on our instructions.
  • Authorities, if we are legally compelled to do so (court order, valid legal request).
  • Successors, in the event of a merger, acquisition or reorganization, under equivalent protections.

6. Subprocessors

We work with the following categories of subprocessors for our marketing and website operations:

  • Hosting & CDN — Google Cloud (Cloud Run, Cloud Build) for hosting ragbase.ai.
  • Analytics — Google Analytics 4 for aggregate traffic measurement.
  • Advertising — LinkedIn Ads and Google Ads, for campaign delivery and measurement.
  • Email & CRM — our internal CRM ("Ground Control") and Google Workspace for outbound and inbound email.
  • Scheduling — calendar tools used to confirm demos and consultations.
  • Payments — Stripe, for paid consultations.

A current list of subprocessors used in our client deployments is provided separately in the Data Processing Agreement signed at contract time. You can request it at privacy@ragbase.ai.

7. Cookies & analytics

ragbase.ai uses a small number of cookies and similar technologies:

  • Strictly necessary cookies — to make the site work (routing, security, scroll restoration).
  • Analytics cookies — Google Analytics 4 to understand how the site is used in aggregate.
  • Advertising / measurement — LinkedIn Insight Tag and Google Ads conversion tags, where active, to measure ad performance.

You can control cookies through your browser settings, and you can opt out of Google Analytics via the Google Analytics opt-out browser add-on.

8. Data retention

We keep personal data only for as long as we need it:

  • Lead and prospect data — up to 24 months from the last meaningful interaction, then deleted or anonymized.
  • Customer and contract data — for the duration of the contract plus the period required by accounting and tax law (typically up to 10 years in the EU / 7 years in the US).
  • Technical logs — typically up to 12 months.

9. Security

We apply organizational and technical measures appropriate to the sensitivity of the data we handle, including:

  • TLS encryption in transit, encryption at rest for our databases.
  • Role-based access, least-privilege principles and audit logging.
  • Strict separation between marketing systems and client production systems.
  • Built for compliance: GDPR, HIPAA-ready, SOC 2 roadmap; on-prem or VPC deployment options for client data.

No system is perfectly secure. If you become aware of a vulnerability, please contact us at security@ragbase.ai.

10. International transfers

RAGbase operates from both the United States and France. Personal data may therefore be transferred between the EU/EEA and the United States. Where required, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (SCCs) with our subprocessors, and we apply additional measures (encryption, access controls) as needed.

11. Your rights

Depending on where you live (EU/EEA, UK, California, etc.), you may have the right to:

  • Access the personal data we hold about you.
  • Correct or update inaccurate data.
  • Delete your data ("right to be forgotten").
  • Restrict or object to certain processing.
  • Receive your data in a portable format.
  • Withdraw consent at any time, without affecting prior processing.
  • Lodge a complaint with your local data protection authority (e.g. the CNIL in France).

To exercise any of these rights, email privacy@ragbase.ai. We will respond within the timeframes required by applicable law (typically within 30 days).

12. Children

RAGbase is a B2B service. Our website and forms are not directed at children under 16, and we do not knowingly collect their personal data. If you believe a child has provided us with personal data, please contact us so we can delete it.

13. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or in the law. We will update the "Last updated" date at the top of the page. For material changes we will provide a more prominent notice (for example, by email or on the homepage).

14. Contact us

For any privacy question, request or complaint, you can reach us at:

  • Email: privacy@ragbase.ai
  • Mail (US): RAGbase, 500 Terry Francine St., San Francisco, CA 94158, United States
  • Mail (EU): RAGbase, 149 Avenue du Maine, 75014 Paris, France