Data Protection Policy

Rayantra processes personal, operational, and infrastructure data on behalf of industrial and enterprise operators. This Data Protection Policy describes how we govern that processing — the principles, the safeguards, and the rights of every individual whose data flows through the platform.

Our registered details and contact channels are listed in the Company Information card at the bottom of this page.

This Policy applies to all Rayantra services, all customer environments operated under those services, and all Rayantra personnel, contractors, and authorized sub-processors involved in processing data on our behalf.

We process three broad categories of data: personal information, operational & infrastructure data, and technical information. Each is governed by purpose-bound access controls and audited processing.

• Name, business email, phone number, and role.
• Company name, industry, billing identifiers.
• Authentication identifiers and SSO subject IDs.
• Operator activity logs scoped to the authenticated account.

• Robot telemetry, mission state, and event streams.
• Vision payloads (frames, detections) within configured retention.
• Model artifacts, rollouts, drift metrics, and inference logs.
• Site, region, and capacity metadata.

• Edge-node health, hardware attestation, and firmware versions.
• Aggregate platform performance and reliability metrics.
• Security signals for anomaly detection and incident response.

• Lawfulness, fairness, transparency. We process data with a clear legal basis and explain how.
• Purpose limitation. Data is used only for the purpose collected.
• Data minimization. We collect only what is needed.
• Accuracy. We keep records accurate and current.
• Storage limitation. Retention is finite and configurable.
• Integrity & confidentiality. Encryption and access control by default.
• Accountability. Auditable processing, mapped to a Data Protection Officer.

• To deliver the Services and contracted operational outcomes.
• To secure the platform and respond to incidents.
• To meet legal, regulatory, and audit obligations.
• To improve reliability and performance, in aggregate.

• End-to-end encryption (TLS 1.3) for all network communications.
• mTLS for service-to-service authentication, hardware-rooted attestation for edge devices.
• Customer-managed encryption keys (BYOK) and per-tenant data separation.
• Continuous vulnerability scanning, signed releases, and audited deploys.
• 24/7 security operations monitoring with automated incident response.

• Role-based access control with least-privilege defaults.
• SSO via SAML/OIDC, SCIM provisioning, hardware MFA enforced for privileged roles.
• Immutable audit logs streamed to customer SIEM where configured.
• Just-in-time elevated access with approval workflows for sensitive operations.

Retention windows are documented per data category and configurable per tenant. By default, operational telemetry is retained for 90 days, audit logs for 365 days, and account data for the duration of the customer relationship. Customers can extend or shorten windows where law permits.

Rayantra shares data only with vetted sub-processors contractually obligated to maintain our data-protection standards. A current sub-processor list is available on request to privacy@rayantra.com.

Customers can pin storage and processing to specific regions (EU, AP, NA). Where cross-border transfers are necessary, we rely on standard contractual clauses and equivalent legal mechanisms.

Rayantra operates a 24/7 incident response capability with defined severity classifications, SLAs, and customer notification protocols. Material incidents are reported to affected customers within 72 hours, in line with GDPR and applicable regulatory requirements.

You may exercise the following rights subject to applicable law:

• Right to access and obtain a copy of your personal data.
• Right to rectify inaccurate personal data.
• Right to erasure subject to legal retention.
• Right to restrict or object to processing.
• Right to data portability in a structured format.
• Right to lodge complaints with your data protection authority.

Submit requests to privacy@rayantra.com.

• All personnel undergo annual data-protection and security training.
• Access to customer data is logged and audited.
• Employees follow documented operational protocols for incidents and requests.

• SOC 2 Type II audited annually.
• ISO 27001 certified information-security management system.
• GDPR-compliant processing and Data Protection Officer appointed.
• HIPAA-ready architecture for healthcare-adjacent deployments.

This Policy is reviewed quarterly. Material changes are notified to customers at least 30 days before taking effect, with an updated “Last updated” date and a changelog available on request.

For data protection requests, audits, or to contact our Data Protection Officer, reach out to privacy@rayantra.com.