Privacy Policy
Roarvia Private Limited ("Mitra AI," "we," "us," or "our") operates the Mitra mobile application (available on Android) and the website at mitraai.app (collectively, the "Service"). This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our Service.
Mitra is a business-to-business (B2B) product designed for sales professionals. By using the Service, you acknowledge that you have read and understood this Privacy Policy.
1. Information We Collect
1.1 Information You Provide Directly
Account Information:
- Name and email address (during registration)
- Phone number (if you sign in via phone OTP)
Business Profile (during onboarding):
- Company name
- Company website URL
- LinkedIn profile URL
- Services your company offers
- Ideal Customer Profile (ICP) description
Prospect Data (entered by you or discovered by AI):
- Prospect name, job title, and company
- Prospect LinkedIn URL, email address, phone number, and location
Sales Activity Data:
- Chat messages exchanged with the Mitra AI assistant
- Outreach drafts including message content, subject lines, and channel selection (LinkedIn, email, or phone)
- Call log notes including outcomes, next steps, and follow-up dates
Outreach Sequences and Scheduling:
- Outreach sequence configurations including sequence name, trigger type, and status
- Individual sequence steps including channel, scheduled timing, and completion status
- Scheduled routine configurations for automated recurring actions (e.g., periodic signal scans)
Waitlist Registration (pre-launch):
- Email address
- Name (optional)
1.2 Authentication Data
We offer two sign-in methods, both processed through our authentication provider:
- Google Sign-In: When you sign in with Google, we receive your Google account email address, display name, and profile image from Google's OAuth service.
- Phone OTP: When you sign in with your phone number, we receive your phone number and process a one-time verification code sent via SMS.
Session tokens are stored locally on your device and are not transmitted to third parties beyond our authentication provider.
1.3 Information Collected Automatically
- Push Notification Token: If you enable push notifications, we collect your device's push notification token to deliver alerts about prospect signals and draft reviews.
- Referral Tracking: If you join our waitlist through a referral link, we record the referral source to manage waitlist positioning.
- Optimization Logs: When the AI generates outreach drafts, we log generation iterations and quality scores to improve draft quality over time.
1.4 Device Permissions (Mobile App)
The Mitra mobile app may request the following device permissions. Each is optional and requires your explicit consent:
| Permission | Purpose |
|---|---|
| Microphone | Record voice notes during prospect research |
| Contacts | Sync your contact list to help identify and enrich your prospect list |
| Photo Library | Attach images to prospect profiles |
| Push Notifications | Receive alerts about new prospect signals and drafts ready for review |
You can revoke any permission at any time through your device settings.
1.5 AI-Derived Data
Mitra's AI generates and stores the following data based on your interactions:
- User Memory: Preferences, context, facts, signals, outcomes, and patterns extracted from your conversations and activity. This allows Mitra to personalize its assistance over time.
- Match Scores: AI-generated scores (0-100) indicating how well a prospect matches your Ideal Customer Profile.
- Prospect Intelligence: Enriched research data about prospects gathered from publicly available sources, stored as structured records linked to each prospect.
2. How We Use Your Information
| Data Category | Purpose |
|---|---|
| Account and authentication data | Creating and managing your account; verifying your identity |
| Business profile | Personalizing AI recommendations; discovering relevant prospects; generating targeted outreach drafts |
| Prospect data | Researching prospects; generating personalized outreach drafts; tracking outreach sequences; detecting buying signals |
| Chat messages | Generating AI responses; maintaining conversation context; improving the quality of AI assistance |
| User memory | Personalizing AI outputs; learning your communication style; improving draft quality across sessions |
| Outreach drafts and call logs | Tracking your sales pipeline; optimizing message effectiveness |
| Outreach sequences and scheduled routines | Automating multi-step outreach workflows; executing recurring signal detection and follow-up tasks on your behalf |
| Optimization logs | Improving AI draft generation quality; internal quality scoring |
| Push notification tokens | Delivering timely alerts about new prospect signals and tasks requiring your attention |
| Waitlist data | Managing pre-launch access queue; processing referral tracking |
We do not sell your personal information to third parties.
3. Third-Party Services
We share your data with third-party services to operate and improve the Service. Each service receives only the data necessary for its specific function.
3.1 Authentication and Infrastructure
| Category | Data Shared | Purpose |
|---|---|---|
| Google (OAuth) | Email, name, profile image | User authentication via Google Sign-In |
| Cloud database and authentication provider | All user data (database of record) | Database hosting, authentication, phone OTP delivery, row-level security enforcement |
| Push notification delivery service | Push notification tokens, notification content | Delivering push notifications to your device |
3.2 AI and Language Models
Mitra uses multiple large language model providers to provide intelligent assistance. Your messages, prospect data, and business context are processed by these services to generate responses, research, drafts, and intelligence. Data is routed to the optimal provider based on the task, not broadcast to all providers simultaneously.
Data shared with AI providers includes: user messages, prospect data, company descriptions, research queries, and draft content. All providers are accessed via API, which typically excludes data from model training.
3.3 Research and Enrichment
Mitra uses B2B data enrichment and web research services to gather publicly available professional information about prospects and companies. Data shared with these services includes: person names, company names, email addresses, LinkedIn URLs, and search queries. Enrichment data is derived from publicly available professional information.
3.4 Important Notes on Third-Party Processing
- Each third-party service processes data according to its own privacy policy. We encourage you to review their policies.
- AI model providers may retain inputs and outputs according to their respective data processing agreements. We use API-level access which typically excludes data from model training, but we cannot guarantee the internal practices of these providers.
- A complete list of sub-processors is available at mitraai.app/sub-processors or upon request at privacy@mitraai.app.
4. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data under the following legal bases:
| Legal Basis | Applies To |
|---|---|
| Contractual necessity (Art. 6(1)(b) GDPR) | Processing necessary to provide the Service you subscribed to: account management, AI assistance, draft generation, signal detection |
| Legitimate interest (Art. 6(1)(f) GDPR) | B2B sales tool functionality, prospect research using publicly available professional data, service improvement through anonymized analytics |
| Consent (Art. 6(1)(a) GDPR) | Optional features requiring device permissions (microphone, contacts, photo library, push notifications) |
Regarding prospect data: Mitra processes professional data about third parties (your prospects). The legal basis for this processing is the legitimate interest of you, the user, in conducting lawful B2B outreach. Prospect data originates from publicly available sources (LinkedIn profiles, company websites, public business records) or is provided directly by you. You are responsible for ensuring your use of prospect data complies with applicable laws.
5. International Data Transfers
Mitra AI is operated from India. Your data is stored and processed primarily in the United States through our infrastructure and AI service providers.
- For EU/EEA users: Data transfers to the United States are governed by Standard Contractual Clauses (SCCs) maintained by our service providers.
- For UK users: Transfers are covered by the International Data Transfer Agreement and/or Addendum as applicable.
- Indian IT Act compliance: We comply with the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.
By using the Service, you consent to the transfer of your data to the United States and other jurisdictions where our service providers operate.
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Active account data (profile, prospects, messages, drafts, memories) | Retained for the duration of your account plus 30 days after account termination |
| Optimization logs | Retained for 12 months, then aggregated and anonymized |
| Waitlist data | Retained until you create a full account or request deletion |
| Backup copies | Retained for up to 30 days after primary data deletion |
After the applicable retention period, data is permanently deleted from our systems.
7. Your Rights
7.1 GDPR Rights (EU/EEA and UK Users)
You have the right to:
- Access your personal data (Art. 15)
- Rectify inaccurate personal data (Art. 16)
- Erase your personal data ("right to be forgotten") (Art. 17)
- Restrict processing of your personal data (Art. 18)
- Data portability -- receive your data in a structured, machine-readable format (Art. 20)
- Object to processing based on legitimate interest, including AI profiling (Art. 21)
- Withdraw consent at any time for consent-based processing
- Lodge a complaint with your local data protection supervisory authority
7.2 CCPA Rights (California Users)
You have the right to:
- Know what personal information we collect, use, and disclose
- Delete your personal information
- Opt out of the sale of personal information -- we do not sell your personal information
- Non-discrimination for exercising your privacy rights
7.3 Indian IT Act Rights
You have the right to:
- Access your personal data held by us
- Correct inaccurate personal data
- Withdraw consent for processing
7.4 Exercising Your Rights
To exercise any of the above rights, contact us at:
Email: privacy@mitraai.app
We will respond to your request within 30 days. To verify your identity, requests must be submitted from the email address associated with your Mitra account.
8. Data Security
We implement the following security measures to protect your data:
- Row-Level Security (RLS): Enforced on all database tables, ensuring users can only access their own data.
- JWT Authentication: All API requests are authenticated using cryptographically signed JSON Web Tokens (HS256 algorithm).
- HTTPS Encryption: All data transmitted between your device, our servers, and third-party services is encrypted in transit using TLS.
- Access Controls: Backend operations use scoped service credentials with principle of least privilege.
No system is 100% secure. While we implement commercially reasonable security measures, we cannot guarantee absolute security of your data.
9. Children's Privacy
Mitra is a B2B product designed for business professionals. The Service is not intended for anyone under the age of 18. We do not knowingly collect personal information from individuals under 18. If we become aware that we have collected data from a minor, we will take steps to delete that information promptly.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by:
- Sending a notification to the email address associated with your account, or
- Displaying a prominent notice within the Mitra app
Your continued use of the Service after the effective date of any updated Privacy Policy constitutes your acceptance of the changes.
11. Contact Us
If you have questions about this Privacy Policy or our data practices, contact us at:
Entity: Roarvia Private Limited
Email: privacy@mitraai.app
Address: Nelamangala, Bangalore, Karnataka, India