Skip to content
Rimas

Privacy policy — Rimas

Rimas — Privacy policy

Last updated: June 26, 2026

This policy explains how Rimas, a product of SV Dev, LLC, handles personal data of customers, end users, and visitors. It applies to the rimas.app product, its subdomains, and the marketing pages at svdev.tech and siliconvillage.dev.

We operate under the General Data Protection Regulation (EU 2016/679) for European data subjects, the California Consumer Privacy Act (Cal. Civ. Code §1798.100 et seq.) for California residents, and equivalent frameworks where applicable.

1. Who we are and how to contact the data protection officer

Rimas is operated by SV Dev, LLC, a Delaware (USA) limited liability company. We act as the data controller for personal data processed through the Rimas product.

For any privacy request — access, deletion, rectification, opposition, portability — contact our data protection officer at dpo@rimas.app. We answer in writing within the statutory deadlines (typically 15 calendar days).

2. What personal data we collect

We collect only the data needed to operate the service and meet our legal obligations.

  • Account dataFull name, work email, optional phone number, and avatar that you provide when signing in or being invited to a workspace.
  • Execution dataResponses to workflow items, captured photos, videos, and audio, and digital signatures generated when you approve or submit a run.
  • Automatic metadataGeolocation at the moment of capture, capture timestamps, and device information attached to each evidence file.
  • Technical dataIP address, user agent, language, and access logs needed to operate the service and prevent abuse.

3. Why we collect it (lawful bases)

We process personal data under the following lawful bases:

  • Contract performanceOperating the service for our customers and their authorized users.
  • Legal obligationProducing records demanded by health inspections, regulators, or court orders.
  • Legitimate interestSecuring the service, preventing fraud, and improving product reliability — always balanced against your rights.
  • ConsentMarketing communications and any processing where consent is the only adequate basis.

4. Who we share data with

We share personal data only with the following categories of recipients:

  • Infrastructure providersCloud compute, storage, content delivery, and push notification providers under written data-processing agreements.
  • Workspace approvers and administratorsInside a customer workspace, run data is visible to the roles configured by the customer (approver, admin, auditor). The customer is responsible for that role configuration.
  • AuthoritiesWhen we are legally required to disclose, we do so under the narrowest interpretation of the request.

5. International transfers

Personal data may be stored or processed in data centers outside your country of residence, including in the United States and the European Union.

When we transfer data internationally, we rely on standard contractual clauses and, where applicable, supplementary measures (encryption in transit and at rest).

6. How long we keep it

Retention windows are configurable per workspace. By default, execution data (run answers, photos, signatures) is kept for five years to support audit and inspection requirements; the immutable audit log itself is retained indefinitely for legal traceability.

When a customer cancels the service, we keep data for thirty days to allow export and recovery, after which we delete it from our active systems and from backups within the next backup cycle.

7. Your rights

You can exercise the following rights at any time by contacting dpo@rimas.app:

  • AccessConfirm what we hold about you and obtain a copy.
  • RectificationCorrect inaccurate or incomplete data.
  • DeletionRequest erasure when legal grounds allow.
  • PortabilityReceive your data in a structured, machine-readable format.
  • OppositionObject to processing based on legitimate interest.
  • Consent withdrawalWithdraw consent at any time, without affecting prior lawful processing.

We never charge you for exercising these rights. If we cannot fulfill a request, we explain why and how to escalate.

8. Security

We protect personal data with layered technical and organizational measures:

  • Encryption in transitAll traffic is served over TLS 1.2+.
  • Encryption at restCustomer data is encrypted with provider-managed keys.
  • Immutable audit logAll sensitive actions are recorded in an append-only log.
  • Role-based accessWorkspace permissions follow the principle of least privilege.

9. Cookies and similar technologies

We use a small number of cookies and local storage entries:

  • EssentialRequired for authentication, language selection, and security tokens. Cannot be disabled.
  • AnalyticsPrivacy-respecting traffic measurement. Disabled if you have not consented or if no analytics provider is configured.
  • PreferencesLocale, theme, and minor UI settings remembered across visits.

You can manage cookies in your browser settings; disabling essential cookies will prevent parts of the service from working.

10. Minors

Rimas is a workplace product not intended for minors under 18. We do not knowingly collect data from minors. If you believe we have, contact dpo@rimas.app and we will delete the data without delay.

11. Changes to this policy

We may update this policy to reflect product, legal, or operational changes. Material changes are notified by email to workspace administrators at least 15 days before they take effect. The date at the top of this page always reflects the latest revision.

12. Contact and supervisory authority

If you have questions about this policy or how we handle your data, write to dpo@rimas.app.

EU and EEA residents may also lodge a complaint with their local data protection authority. California residents may contact the California Attorney General's office.