Privacy Policy

Last updated: July 2025

1. Introduction

Raiven Technologies LLC ("we," "our," or "us") operates the Restricted AI Virtual Edge Network, a secure AI platform designed for government and defense contractors to analyze Controlled Unclassified Information (CUI) data. This Privacy Policy explains how we collect, use, disclose, and protect your information in compliance with federal security standards including FedRAMP Moderate, CMMC Level 2, and FIPS 140-2.

2. Information We Collect

2.1 Account Information

We collect and retain only essential account information necessary for system access and security compliance. This includes company email addresses for notification purposes, user credentials managed through AWS Identity and Access Management (IAM), and necessary authentication cookies and certificates required for secure user sessions. We do not collect or store any personal information beyond what is required for system authentication and access control.

2.2 CUI Data Processing

All Controlled Unclassified Information (CUI) data is processed exclusively in temporary memory during runtime sessions. We implement a zero-knowledge architecture where CUI data is never stored on our systems once a user session is terminated. This temporary processing approach ensures that sensitive government and defense contractor information remains secure and is not subject to long-term storage risks. Processing logs and audit trails are maintained for compliance purposes but contain no CUI content.

2.3 Hardware and Smartcard Authentication Data

We utilize client-side device data to authenticate that the hardware being used is approved for CUI access. This hardware authentication process helps prevent data spills and leaks by ensuring that only authorized devices can access the system. The authentication process includes hardware token validation, device fingerprinting, security posture verification, and smartcard certificate validation to maintain the integrity of our zero-knowledge CUI protection system.

Our smartcard detection system may identify and validate enterprise smartcard readers, corporate badge certificates, PIV (Personal Identity Verification) cards, CAC (Common Access Card) certificates, and other enterprise authentication hardware. This includes detecting smartcard hardware types, certificate authorities, enterprise domains, and authentication capabilities to ensure compliance with federal security requirements for CUI access.

2.4 System and Security Data

Our system maintains comprehensive access logs and authentication events for security monitoring and compliance purposes. We collect system performance metrics, security monitoring data, and compliance audit information to ensure continuous protection of the platform. This data is used exclusively for security analysis, threat detection, and maintaining compliance with federal security standards.

3. How We Use Your Information

We use the collected information exclusively for providing secure AI analysis services for CUI data, authenticating and authorizing user access, and maintaining compliance with government security standards. Your information enables us to generate audit trails and compliance reports required by federal regulations, send launch notifications and service updates, and monitor system security and performance. We do not use your information for any commercial purposes, marketing activities, or third-party data sharing beyond what is required for system operation and compliance.

4. Data Security and Protection

We implement a comprehensive security architecture designed to protect sensitive government and defense contractor data. All data is encrypted using quantum-resistant algorithms that provide protection against current and future cryptographic threats. Our zero-trust architecture ensures continuous verification at every access point, eliminating implicit trust assumptions and requiring authentication for all system interactions.

Data is stored exclusively in AWS GovCloud (US) infrastructure, which provides the highest level of security controls for government workloads. Our platform maintains FedRAMP Moderate authorization, ensuring compliance with federal security controls and continuous monitoring requirements. We achieve Cybersecurity Maturity Model Certification (CMMC) Level 2 compliance, meeting the comprehensive security controls required for Department of Defense contractors. All cryptographic operations utilize FIPS 140-2 Level 2 validated modules to ensure the highest standards of cryptographic security.

5. Access Control and Authorization

Access to the RAIVEN platform is subject to rigorous review and approval processes. Only United States citizens with approved access to CUI data are permitted to establish accounts on our platform. This restriction ensures compliance with federal security requirements and maintains the integrity of our controlled environment. All access requests undergo thorough vetting procedures to verify eligibility and security clearance levels.

We implement logical domain separation to prevent cross-contamination of CUI or sensitive company data between different organizations. This isolation ensures that each organization's data remains completely separate and secure, preventing any potential exposure of sensitive information across organizational boundaries. The domain separation is enforced at multiple levels including network isolation, container separation, and cryptographic boundaries.

6. Data Sharing and Disclosure

We maintain a strict policy against selling, trading, or renting your personal information. Information disclosure occurs only under specific circumstances where required by law or government regulation, necessary for compliance with federal security requirements, required for audit and compliance purposes, or explicitly authorized by your organization's security policies. Any disclosure is limited to the minimum information necessary to fulfill the legal or regulatory requirement.

7. Data Retention

Our data retention policies are designed to minimize data exposure while maintaining necessary compliance and security functions. CUI data is retained only for the duration of active analysis sessions and is immediately purged from memory upon session termination. Audit logs are maintained for the period required by federal compliance standards to ensure proper oversight and accountability. Account information is retained until explicit account deletion is requested, at which point all associated data is securely deleted according to National Institute of Standards and Technology (NIST) guidelines for secure data disposal.

8. Your Rights and Choices

You maintain several rights regarding your information and system access. You may request information about data we hold about your account, update or correct your information as needed, and request complete deletion of your account and associated data. We provide an unsubscribe mechanism for launch notifications and promotional communications, allowing you to opt out of these communications while maintaining essential system notifications. You may also request compliance and audit reports related to your account activity and data handling.

9. Hardware Security and Smartcard Authentication

Our system implements advanced hardware security measures to ensure that only authorized devices can access CUI data. We utilize hardware tokens such as YubiKeys, smart cards, enterprise smartcard readers, PIV cards, CAC cards, or Trusted Platform Modules (TPM) for secure key storage and authentication. The system generates ECDSA key pairs directly on hardware tokens, ensuring that private keys never leave the secure hardware environment. This approach prevents key extraction attacks and maintains the highest level of cryptographic security.

Multi-factor authentication combines password-based authentication with hardware token verification, smartcard certificate validation, and biometric authentication where available. The system implements PBKDF2 key derivation with 100,000 iterations to ensure robust password security. Hardware and smartcard authentication data is used to verify that devices meet CUI access requirements and prevent unauthorized access attempts that could lead to data spills or leaks. Our smartcard detection system validates enterprise certificate authorities, corporate domains, and authentication capabilities to ensure compliance with federal security standards.

10. Government Compliance

Our platform maintains comprehensive compliance with federal government security standards and requirements. We hold FedRAMP Moderate authorization, which authorizes our platform for federal government use with moderate impact level security controls and continuous monitoring. Our Cybersecurity Maturity Model Certification (CMMC) Level 2 compliance ensures that we meet the comprehensive security controls required for Department of Defense contractors and their supply chains.

We maintain Federal Information Security Management Act (FISMA) compliance and adhere to National Institute of Standards and Technology (NIST) guidelines for information security. Our platform implements all required security controls and undergoes regular assessments to maintain compliance status. We maintain detailed audit trails and compliance documentation to support government oversight and regulatory requirements.

11. Real-Time Security Monitoring

Our system implements comprehensive real-time security monitoring to detect and respond to potential threats. We continuously monitor user activity patterns and system interactions to identify anomalous behavior that could indicate security threats. The monitoring system analyzes access patterns, authentication attempts, and data processing activities to maintain the integrity of our zero-knowledge CUI protection system.

When suspicious activity is detected, the system automatically implements protective measures including access blocking, session termination, and security alerts. All security events are logged and analyzed to improve threat detection capabilities and maintain compliance with federal security requirements. The monitoring system operates continuously to ensure that any potential security incidents are identified and addressed immediately.

12. Contact Information

For privacy-related questions, concerns, or to exercise your rights regarding your information, please contact us through the following channels. For general privacy inquiries, please email support@raivenchat.com. For security-related concerns or incident reporting, please contact security@raivenchat.com. For compliance-related questions or audit requests, please contact compliance@raivenchat.com. We are committed to responding to all inquiries promptly and thoroughly addressing any privacy or security concerns you may have.

13. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or security standards. When material changes are made to this policy, we will notify users through our platform interface or via email notifications. We encourage you to review this policy periodically to stay informed about how we protect your information and maintain compliance with federal security requirements. Your continued use of the platform after any changes to this policy constitutes acceptance of the updated terms.