RNFAI

Privacy Policy

How we protect and handle your personal information

Last updated: March 15, 2024

1. Introduction and Scope

RNFAI ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered risk management platform and related services.

This policy applies to all users of our services, including executives, administrators, and authorized personnel who access our platform. By using RNFAI services, you acknowledge that you have read and understood this Privacy Policy and agree to the collection and use of information in accordance with this policy.

We are committed to transparency in our data practices and compliance with applicable privacy laws, including but not limited to the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and Personal Information Protection and Electronic Documents Act (PIPEDA).

2. Information We Collect

We collect various types of information to provide and improve our services. The categories of information we collect include:

Personal Information

  • Identity Information: Name, title, company affiliation, professional credentials, and contact details
  • Contact Information: Email addresses, phone numbers, mailing addresses, and emergency contact information
  • Professional Information: Job title, department, role responsibilities, and organizational hierarchy
  • Authentication Information: Usernames, passwords, security questions, and multi-factor authentication data
  • Communication Records: Correspondence, support tickets, feedback, and meeting recordings

Business and Operational Data

  • Risk Management Data: Risk assessments, threat analyses, compliance reports, and strategic planning documents
  • Financial Metrics: Performance indicators, budget data, and financial risk parameters (processed for analysis only)
  • Operational Metrics: Business performance data, operational efficiency measures, and key performance indicators
  • External Data Sources: Market intelligence, regulatory updates, and third-party risk feeds integrated into our platform

Technical Information

  • Usage Data: Platform interactions, feature utilization, session duration, and user behavior patterns
  • Device Information: IP addresses, browser types, operating systems, and device identifiers
  • Log Data: Server logs, error reports, security events, and system performance metrics
  • Cookies and Tracking: Session cookies, preference cookies, and analytics tracking data

3. How We Use Your Information

We use the collected information for legitimate business purposes related to providing our risk management services:

Service Provision

  • Delivering AI-powered risk analysis and strategic insights
  • Generating quantified threat probabilities and impact assessments
  • Creating compliance-ready dashboards and reports
  • Providing scenario modeling and strategic option framing
  • Maintaining platform functionality and user access

Communication and Support

  • Responding to inquiries and providing customer support
  • Sending service notifications and platform updates
  • Conducting training sessions and onboarding activities
  • Facilitating strategic consultations and advisory services

Security and Compliance

  • Protecting against fraud, unauthorized access, and security threats
  • Ensuring compliance with regulatory requirements and industry standards
  • Conducting security audits and vulnerability assessments
  • Maintaining audit trails and compliance documentation

Platform Improvement

  • Analyzing usage patterns to enhance user experience
  • Developing new features and improving existing functionality
  • Conducting research and development for AI model enhancement
  • Optimizing platform performance and reliability

4. Information Sharing and Disclosure

We maintain strict controls over information sharing and only disclose information in specific, limited circumstances:

Authorized Disclosures

  • With Your Consent: When you explicitly authorize us to share specific information
  • Service Providers: Trusted third-party vendors who assist in platform operations under strict confidentiality agreements
  • Legal Requirements: When required by law, court order, or regulatory authority
  • Business Transfers: In connection with mergers, acquisitions, or asset sales, subject to confidentiality protections

Prohibited Disclosures

  • We do not sell personal information to third parties
  • We do not share information for marketing purposes without consent
  • We do not disclose proprietary business data to competitors
  • We do not provide information to unauthorized parties

5. Data Security and Protection

We implement comprehensive security measures to protect your information against unauthorized access, alteration, disclosure, or destruction:

Technical Safeguards

  • Encryption: End-to-end encryption for data in transit and at rest using industry-standard protocols
  • Access Controls: Multi-factor authentication, role-based access controls, and principle of least privilege
  • Network Security: Firewalls, intrusion detection systems, and secure network architectures
  • Data Backup: Regular automated backups with secure storage and recovery procedures

Administrative Safeguards

  • Security Training: Regular employee training on data protection and security best practices
  • Access Management: Strict controls on who can access personal information and under what circumstances
  • Incident Response: Comprehensive procedures for detecting, responding to, and reporting security incidents
  • Vendor Management: Due diligence and ongoing monitoring of third-party service providers

Physical Safeguards

  • Facility Security: Secure data centers with controlled access and environmental monitoring
  • Equipment Protection: Secure disposal of hardware and media containing sensitive information
  • Workspace Security: Clean desk policies and secure storage for physical documents

6. Data Retention and Deletion

We retain personal information only as long as necessary to fulfill the purposes outlined in this policy and comply with legal obligations:

Retention Periods

  • Account Information: Retained while your account is active and for 7 years after account closure for compliance purposes
  • Risk Management Data: Retained according to regulatory requirements and client agreements, typically 7-10 years
  • Communication Records: Retained for 5 years for support, training, and compliance purposes
  • Financial Data: Retained for 7 years in accordance with financial record-keeping requirements
  • Usage Logs: Retained for 2 years for security monitoring and system optimization
  • Security Logs: Retained for 3 years for incident investigation and compliance auditing

Deletion Procedures

  • Secure deletion of data when retention periods expire
  • Immediate deletion upon valid deletion requests (subject to legal requirements)
  • Regular purging of temporary files and cached data
  • Verification of deletion completion and documentation

7. Your Privacy Rights

You have various rights regarding your personal information, which may vary based on your location and applicable laws:

Access and Portability Rights

  • Right to Access: Request access to your personal information and details about how it's processed
  • Right to Portability: Request transfer of your personal information in a structured, machine-readable format
  • Right to Information: Receive clear information about our data processing activities

Correction and Deletion Rights

  • Right to Rectification: Request correction of inaccurate or incomplete personal information
  • Right to Erasure: Request deletion of your personal information under certain circumstances
  • Right to Restriction: Request limitation of processing under specific conditions

Control and Objection Rights

  • Right to Object: Object to processing of your personal information for certain purposes
  • Right to Withdraw Consent: Withdraw consent for processing where consent is the legal basis
  • Right to Opt-Out: Opt out of certain data processing activities, including marketing communications

Exercising Your Rights

To exercise any of these rights, please contact us using the information provided in Section 11. We will respond to your request within the timeframes required by applicable law, typically within 30 days.

8. International Data Transfers

As a global platform, your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers:

Transfer Mechanisms

  • Adequacy Decisions: Transfers to countries with adequate data protection as determined by relevant authorities
  • Standard Contractual Clauses: Use of approved contractual clauses for transfers to countries without adequacy decisions
  • Binding Corporate Rules: Internal policies ensuring consistent data protection across our organization
  • Certification Schemes: Participation in recognized privacy certification programs

Additional Protections

  • Technical measures such as encryption and pseudonymization
  • Contractual commitments from data processors and recipients
  • Regular monitoring and auditing of international data flows
  • Incident response procedures for cross-border data breaches

9. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience and analyze platform usage. For detailed information about our cookie practices, please refer to our Cookie Policy.

Types of Cookies

  • Essential Cookies: Necessary for platform functionality and security
  • Performance Cookies: Help us understand how users interact with our platform
  • Functional Cookies: Enable enhanced functionality and personalization
  • Analytics Cookies: Provide insights into platform usage and performance

Managing Cookies

You can control cookie settings through your browser preferences or our platform settings. Note that disabling certain cookies may affect platform functionality.

10. Children's Privacy

RNFAI services are designed for business and professional use and are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18 years of age.

If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly. If you believe we have collected information from a child under 18, please contact us immediately.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:

  • Update the "Last updated" date at the top of this policy
  • Notify users of material changes through our platform or email
  • Provide reasonable advance notice of changes that affect your rights
  • Maintain previous versions of the policy for reference
  • Obtain consent for changes that require it under applicable law

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

12. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Privacy Officer: privacy@rnfai.com

General Inquiries: executives@rnfai.com

Phone: +1‑718‑579‑4306

Mailing Address:
RNFAI Privacy Office
1300 College Ave
Bronx, NY 10456
United States

We are committed to addressing your privacy concerns promptly and will respond to your inquiries within the timeframes required by applicable law.