Minerva Data Solutions, SLU

1. Data we collect

• Account data: name, company details, role, and contact information provided during signup.
• Usage data: logs, feature interactions, configuration metadata, and monitoring events related to Raegis workspaces.
• Billing data: subscription tier, billing contact, VAT numbers, and limited payment information handled by Creem as merchant of record.
• Support communications: emails, attachments, and chat messages exchanged with support@raegis.app.
• Customer-provided content: documents and datasets uploaded for RAG processing, stored securely per workspace configuration.

2. How we use personal data

• Provide, operate, and improve the Raegis platform and APIs.
• Authenticate users, enforce access controls, and secure workspaces.
• Measure performance, reliability, and product analytics in aggregate.
• Send administrative notifications, product updates, and billing communications.
• Deliver support, incident response, and compliance reporting.

3. Legal bases under GDPR

We rely on the following legal bases: (a) performance of a contract when providing the Raegis service, (b) legitimate interests in securing and improving the platform, and (c) compliance with legal obligations. Where we rely on consent (e.g., optional marketing updates), you may withdraw it at any time.

4. Data retention

Account, billing, and support records are retained for the lifetime of the contract and as needed to meet legal obligations. Customer content stored for RAG workflows follows workspace retention policies configured by administrators and can be deleted or re-ingested on demand. Backups are encrypted and automatically purged on a rolling basis (typically within 35 days).

5. Sharing & subprocessors

We share personal data only with trusted subprocessors necessary to deliver the service, such as infrastructure providers, monitoring tools, and Creem for billing. Each subprocessor is vetted for security, confidentiality, and GDPR alignment, and data processing agreements are in place. We never sell personal data or share it with advertisers.

6. International transfers

Raegis may store or process data outside of Andorra or the EU. When we transfer personal data internationally, we rely on appropriate safeguards such as Standard Contractual Clauses and conduct transfer impact assessments to ensure GDPR-level protection.

7. Security measures

We employ encryption in transit and at rest, strict access controls, logging, and monitoring to protect personal data. Our architecture separates customer workspaces, and we provide audit trails, key rotation, and incident response procedures aligned with SOC-style controls.

8. Data subject rights

Individuals in the EU/EEA may exercise rights of access, rectification, erasure, restriction, portability, and objection. Requests can be submitted to support@raegis.app. We may verify identity before fulfilling requests and will respond within one month where possible.

9. Contact & complaints

Controller: Minerva Data Solutions, SLU, La Massana, Andorra. Email: support@raegis.app. You may also lodge a complaint with your local supervisory authority if you believe our processing violates GDPR.