RIAX Privacy Policy
Last Updated: April 16, 2026
Node AI Inc., doing business as RIAX ("RIAX," "we," "us," or "our"), is committed to protecting the privacy and security of our users' information. This Privacy Policy describes how we collect, use, share, and protect information when you use our AI-powered intelligence platform and services.
1. Information We Collect
Information You Provide
- Account Information: Name, email address, company name, and contact details when you register
- Meeting Data: Meeting recordings, transcripts, and notes from integrated platforms (Zoom, Microsoft Teams)
- Integration Credentials: OAuth tokens and API keys for connected services (with your explicit consent)
Information Collected Automatically
- Usage Data: Features used, meeting durations, platform interactions
- Log Data: IP addresses, browser type, access times, and referring pages
- Device Information: Operating system, device type, and unique device identifiers
2. How We Use Your Information
We use collected information to:
- Provide and improve our AI meeting intelligence, client health scoring, task management, and calendar hub services
- Generate meeting summaries, behavioral classifications, compliance flags, and action items
- Calculate and update client health scores across engagement, compliance, and service quality metrics
- Unify calendar data from multiple sources and surface scheduling intelligence
- Integrate with your authorized third-party services (Redtail CRM, Wealthbox, Salesforce, Orion, Black Diamond, etc.)
- Ensure platform security and prevent fraud
- Comply with legal obligations and regulatory requirements
- Communicate with you about service updates and support
3. Information Sharing
We do not sell, rent, or trade your personal information. We may share information:
- With Your Consent: When you explicitly authorize sharing with integrated services
- Service Providers: With vendors who assist in operating our platform (hosting, analytics)
- Legal Requirements: When required by law, regulation, or legal process
- Business Transfers: In connection with a merger, acquisition, or sale of assets
4. Data Security
We implement industry-standard security measures including:
- Encryption in transit (TLS 1.3) and at rest (AES-256)
- Multi-tenant data isolation via acts_as_tenant — no firm can access another firm's data
- Access controls and authentication mechanisms
- Regular security assessments and monitoring
- Secure US-based data centers (AWS) with physical security controls
5. Data Retention
- Meeting Transcripts: Retained according to your firm's configured retention policy (default: 7 years per SEC Rule 204-2 recordkeeping requirements)
- Meeting Recordings (Audio/Video): Retained according to your firm's configured retention policy (default: 90 days). Firm administrators can configure retention windows of 30 days, 90 days, 1 year, or indefinite based on compliance needs
- Account Data: Retained for the duration of your account plus 90 days after closure
- Usage Logs: Retained for 12 months for security and troubleshooting
6. Your Rights and Choices
You have the right to:
- Access, correct, or delete your personal information
- Export your data in a portable format
- Opt-out of non-essential communications
- Configure data retention settings
- Revoke integration permissions at any time
When You Leave RIAX
If you cancel your subscription or terminate your account:
- Data export: You may request a full export of all your data (meeting transcripts, client health scores, task history, compliance records) in a portable format. RIAX will fulfill export requests within 30 calendar days
- Data deletion: Upon request, RIAX will securely delete all your data within 60 calendar days. We will confirm deletion in writing
- No data hostage: Your data is never held hostage. Export and deletion are available regardless of the reason for departure, payment status, or contract terms
- Regulatory exception: If applicable law requires RIAX to retain certain records (e.g., SEC recordkeeping), we will notify you of the specific records and retention period. All other data will be deleted on schedule
7. AI and Machine Learning
Important: We do NOT use your meeting data, transcripts, client health scores, or any client information to train our AI models. Your data is processed only to provide services to you and is never used to improve our general AI capabilities.
AI Transparency Disclosure
RIAX uses third-party AI services to power its intelligence features, including meeting analysis, behavioral classification, compliance detection, and practice insights. We do not operate our own large language model.
Current AI service providers:
- Anthropic (Claude) — accessed via Amazon Web Services (AWS Bedrock) — used for meeting transcript analysis, behavioral insights, compliance keyword detection, and AI-generated task suggestions
- AssemblyAI — used for meeting transcript generation (speech-to-text)
How your data is handled with AI services: Meeting transcripts and CRM data are sent to AI services solely for real-time analysis and intelligence generation. No data is stored by the AI provider beyond the duration of the processing request. AI providers do not use your data to train or improve their models. All AI processing occurs within secure, SOC 2-compliant infrastructure.
AI service providers may be added, changed, or updated over time as we improve our platform. This section will be updated to reflect any material changes to our AI service providers. The data handling commitments described above apply to all current and future AI service providers used by RIAX.
What is NOT sent to AI services: Google Calendar data, login credentials, OAuth tokens, financial account numbers, Social Security numbers, or any data from integrations other than meeting transcripts and CRM records necessary for intelligence generation.
8. Google API Services User Data
Google API Services Disclosure: RIAX's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
- RIAX accesses Google Calendar data (calendar events, event times, attendee information) solely to provide the Unified Calendar Hub feature, including displaying events from multiple sources and detecting scheduling conflicts.
- Google user data is not used for advertising, marketing, or any purpose unrelated to providing or improving the calendar integration functionality.
- Google user data is not shared with third parties except as necessary to provide the core calendar service.
- Google Calendar data is not sent to any AI model or machine learning service. Our AI processing is limited to meeting transcripts obtained through a separate integration and does not involve Google user data.
- Users can revoke Google Calendar access at any time through their RIAX integration settings or their Google Account permissions page.
9. Compliance
RIAX is designed to support compliance with:
- SEC recordkeeping requirements (Rule 204-2)
- FINRA regulations
- GDPR (for EU users)
- CCPA (for California residents)
- SOC 2 Type 1 (in progress — expected Q2 2026)
10. Children's Privacy
Our services are not directed to individuals under 18. We do not knowingly collect information from children.
11. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of material changes via email or platform notification.
12. Contact Us
For privacy-related questions or concerns:
Node AI Inc. (dba RIAX)
Email:
Address: Troy, Michigan 48098