Privacy Policy

Last updated: 06.08.2024

Quick Overview

At Raily, we take your data protection seriously. Here's a quick summary of how wehandle your data:

  • What we collect: Identification data, profile information, location data, app usage data
  • Why we use it: To provide travel and companion matching services, personalize content, improve our app, ensure security
  • Legal bases: Contract performance, your consent, our legitimate interests
  • Who we share with: Our employees (as needed), cloud service providers, analytics partners (anonymized)
  • How long we keep it: Account data until deletion, usage data up to 24 months
  • How we protect it: Data encryption, strict access controls, regular security audits
  • Your rights: Access, correct, delete your data, limit processing, object to processing, data portability
  • AI Use: We use AI for matchmaking, content personalization, and travel recommendations

For more detailed information, please read the full policy below.

This Privacy Policy applies to the Raily service ("Service") operated by Summatus GmbH, a company registered in Germany with company number HRB 237306, and registered office at Frundsbergstraße 58a, Straßlach-Dingharting, 82064, Germany, operating under the brand name Raily, and its affiliated companies and subsidiaries (collectively referred to as "Company", "we", "us", or "our").

1. INTRODUCTION

Raily ("us", "we", or "our") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, disclose, process, and protect information about you when you use our services.

Our "Service" includes:

  • Raily mobile applications for iOS and Android
  • Raily application for smart glasses
  • Raily application for smartwatches
  • Website www.raily.app
  • Any other related services and features provided by Raily across all platforms

This privacy policy applies to all platforms where Raily is available. However, please note that certain features and data collection practices may vary depending on the platform you are using. Where there are significant differences, we will highlight them in the relevant sections of this policy.

2. INFORMATION WE COLLECT

2.1 Information you provide to us:

  • Registration data (e.g., name, email address, phone number)
  • Profile information (e.g., photo, interests, preferences)
  • Travel and booking data
  • Content you create or provide through the Service 

2.2 Information collected automatically:

  • Geolocation data
  • Device information (e.g., device type, operating system, unique device identifiers)
  • App usage data (e.g., time and duration of use, viewed pages, in-app actions)
  • Cookies and similar tracking technologies (as per our Cookie Policy)

2.3 Information from third-party sources:

  • Social media data (when connecting accounts) - used to enhance your profile and recommendations, stored until social media account disconnection
  • Information from booking partners - used to process your bookings and improve the service, stored for 3 years after trip completion

For detailed information about the specific retention periods for each type of data, please refer to our Data Retention Policy. This policy provides comprehensive information about how long we store different categories of data and the reasons for these retention periods.

In general, we adhere to the principle of data minimization and store your personal data only for as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements.

Key points from our Data Retention Policy include:

  • Account data is retained until account deletion
  • Travel and booking data is typically stored for 3 years after trip completion
  • Transaction data is kept for 7 years to comply with tax legislation
  • Geolocation data is stored for 30 days
  • User activity logs are retained for 12 months

You can request deletion of your data at any time by contacting our Data Protection Officer at dpo@raily.app. Please note that some information may be retained for legal or legitimate business purposes even after a deletion request.

2A. AI Processing of Your Information

Our service extensively uses artificial intelligence (AI) to enhance your experience. Here's how we use AI:

2A.1 Matchmaking: Our AI analyzes your profile, preferences, and behavior to suggest compatible travel companions.
2A.2 Content Personalization: AI tailors the content you see based on your interests and interactions.
2A.3 Travel Recommendations: AI generates personalized travel suggestions and itineraries.
2A.4 Visual Analysis: With your consent, our AI may analyze photos you upload to enhance matchmaking accuracy.
2A.5 Continuous Learning: Our AI systems learn from user interactions to improve service quality over time.

All AI processing is done using anonymized or pseudonymized data to protect your privacy.

3. HOW WE USE YOU RINFORMATION

We use the collected information to:

3.1 Provide and Improve Our Service

  • Operate, maintain, and enhance the functionality of our Service
  • Develop new features and services
  • Analyze usage patterns to improve user experience

3.2 Personalize Your Experience

  • Offer relevant routes and travel companions based on your interests and previous trips
  • Customize content and recommendations in the app
  • Adapt the interface to your preferences
  • Provide personalized travel tips and suggestions

3.3 Process Transactions

  • Handle bookings and reservations
  • Process payments and refunds
  • Manage loyalty programs and rewards

3.4 Communicate with You

  • Send service-related notifications and updates
  • Respond to your inquiries and support requests
  • Provide important information about your account or the Service

3.5 Ensure Security and Prevent Fraud

  • Verify users through email and phone number checks
  • Monitor suspicious activity and block malicious accounts
  • Use encryption and other technical measures to protect your data
  • Detect and prevent potential fraudulent transactions

3.6 Marketing and Advertising (with your consent)

  • Send promotional offers and newsletters
  • Display targeted advertisements
  • Conduct market research and surveys

3.7 Legal and Regulatory Compliance

  • Comply with applicable laws and regulations
  • Respond to legal requests and prevent harm
  • Enforce our Terms of Service and other legal agreements

3.8 Analytics and Research

  • Conduct data analysis to better understand our users
  • Improve our algorithms for matchmaking and recommendations
  • Prepare aggregated statistical reports and business intelligence

3.9 Social Features

  • Enable social interactions within our community
  • Facilitate sharing of travel experiences and recommendations

3.10 AI-Driven Features

  • Power our AI-based matchmaking system
  • Generate personalized recommendations and content
  • Improve our AI models and algorithms
  • Analyze aggregate trends and patterns to enhance our services

We process this information given our legitimate interest in improving the Service and your experience with it, and where it is necessary for the adequate performance of the contract with you. Where we process your information for marketing purposes or with your consent, you have the right to withdraw your consent at any time.

For more detailed information about the specific data used for each purpose, please refer to our Data Processing Addendum.

4. LEGAL BASES FOR PROCESSING

We process your data on the following legal grounds:

  • Performance of a contract with you: processing necessary to provide the services you request
  • Our legitimate interests: e.g., improving our Service, preventing fraud, marketing our services
  • Your consent: for certain types of processing, such as sending marketing messages
  • Compliance with legal obligations: e.g., storing transaction data for tax purposes

5. HOW WE SHARE YOUR INFORMATION

We are committed to maintaining your trust, and we want you to understand when and with whom we may share the information we collect. We may share your information in the following situations:

5.1 Service Providers and Partners

We engage third-party service providers and partners to perform various functions on our behalf. These may include:

  • Cloud storage providers
  • Payment processors
  • Customer supportservices
  • Marketing and advertising partners
  • Fraud prevention services

We enter into data processing agreements with these providers, ensuring they only use your information for the specific purposes we've authorized and that they maintain adequate protection of your data. For a current list of our service providers, please refer to our Subprocessors List.

5.2 Other Users

We may share some of your information with other users of the Service in accordance with your privacy settings. This may include:

  • Your profile information (as set in your privacy settings)
  • Travel preferences and interests
  • Reviews and ratings you provide
  • Content you choose to share publicly on the Service

You can control what information is visible to other users in the app settings. We encourage you to review these settings regularly.

5.3 Legal and Regulatory Authorities

We may disclose your information to law enforcement, government authorities, or other third parties if:

  • Required by law, regulation, legal process, or governmental request
  • Necessary to protect our rights, property, or safety, or the rights, property, or safety of others
  • Needed to detect, prevent, or address fraud, security or technical issues
  • Required to comply with our legal obligations or enforce our Terms of Service

5.4 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of our assets, your information may be transferred as part of that transaction. We will notify you (for example, via email or a notice on our website) of any such change in ownership or control of your personal information.

5.5 Aggregated or De-identified Data

We may share aggregated or de-identified information, which cannot reasonably be used to identify you, with third parties for industry and market analysis, demographic profiling, research, analytics, and other similar purposes.

5.6 With Your Consent

We may share your information with third parties when you give us explicit consent to do so. For example, if you choose to share your travel plans or connect with a travel companion through our Service.

5.7 Social Media Platforms

If you choose to connect your account to social media platforms or use social media features on our Service, these platforms may access certain information about your use of our Service. Any information that you provide via these platforms is subject to their privacy policies.

5.8 Affiliated Companies

We may share your information with our affiliated companies (companies under common ownership or control) for the purposes described in this Privacy Policy.

We will always strive to ensure that any sharing of your information is performed in a manner that protects your privacy rights and is in compliance with applicable data protection laws.

For more detailed information about our data sharing practices, including the types of data shared with specific categories of recipients, please refer to our Data Processing Addendum.

If you have any questions about how we share your information, please contact our Data Protection Officer at dpo@raily.app.

5.9 AI Service Providers

We may share anonymized or pseudonymized data with AI service providers who help us improve our AI models and algorithms. These providers are bound by strict confidentiality agreements and are prohibited from using the data for any other purpose.

6. INTERNATIONAL DATA TRANSFERS

The Company operates globally and may transfer your data to different regions depending on your location and the services you use. We ensure an adequate level of protection for such transfers in compliance with applicable data protection laws.

6.1 For Users in the European Economic Area (EEA), UK, and Switzerland:

Your data may be transferred to and stored in countries outside the EEA, UK, and Switzerland. We ensure an adequate level of protection for such transfers by using:

  • Standard Contractual Clauses approved by the European Commission
  • Transfers to countries recognized by the European Commission as providing an adequate level of protection
  • Where applicable, other appropriate safeguards as required by GDPR and UK GDPR

6.2 For Users in the Gulf Cooperation Council (GCC) Region:

Your data is primarily stored and processed within the GCC region. We use local data centers in the UAE and Saudi Arabia to ensure data localization requirements are met. In some cases, your data may be transferred to other countries for specific processing activities. For such transfers, we implement appropriate safeguards as required by local data protection laws, including:

  • Data transfer agreements based on the Standard Contractual Clauses
  • Ensuring the receiving countries have adequate data protection laws as recognized by GCC authorities
  • Obtaining necessary permits from local data protection authorities, where required

6.3 For Users in the United States:

Your data may be transferred to and stored in countries outside the United States. We ensure an adequate level of protection for such transfers by using:

  • Standard Contractual Clauses
  • Where applicable, Privacy Shield certification for transfers to the EEA, UK, and Switzerland
  • Other appropriate safeguards as required by U.S. federal and state laws

6.4 For Users in Other Regions:

If you are located in a region not mentioned above, your data may be transferred to and stored in countries outside your region. We implement appropriate safeguards for such transfers in compliance with applicable local laws, which may include:

  • Data transfer agreements based on the Standard Contractual Clauses
  • Ensuring the receiving countries have adequate data protection laws as recognized by your local authorities
  • Obtaining necessary permits from local data protection authorities, where required

Regardless of your location, we are committed to protecting your data and ensuring that any international transfers comply with applicable data protection laws. For more information about the specific safeguards applied to your data transfers, please contact our Data Protection Officer at dpo@raily.app.

7. DATA SECURITY

We implement the following technical and organizational measures to protect your data:

  • Data encryption in transit (using SSL/TLS protocols)
  • Data encryption at rest (AES-256)
  • Strict access control to data (principle of least privilege)
  • Regular security audits and penetration tests
  • Staff training on data security and privacy
  • Physical security of data centers

7A AI System Security and Oversight

7A.1 We implement rigorous security measures for our AI systems, including:

  • RRegular audits and testing of AI models
  • Encryption of AI training data and model parameters
  • Strict access controls to AI systems and related data

7A.2 Human Oversight:

Our AI systems are subject to human oversight to ensure fairness, accuracy, and compliance with ethical standards.

7A.3 Bias Mitigation:

Bias Mitigation: We actively work to identify and mitigate potential biases in our AI systems.

7A.4 Explainability:

Explainability: We strive to make our AI systems as transparent and explainable as possible, while protecting our proprietary technology.

8. DATA RETENTION

We retain your data only for as long as necessary for the purposes described in this policy or as required by law:

  • Account data: until account deletion
  • Trip data: 3 years after trip completion
  • Transaction data: 7 years (in accordance with tax legislation)
  • Activity logs: 12 months
  • Geolocation data: 30 days

Our data retention practices apply across all platforms where Raily is available (mobile apps, smart glasses, smartwatches, and web version). For detailed information about our data retention practices, including specific retention periods for different types of data and how they may vary by platform, please refer to our Data Retention Policy.

9. YOUR RIGHTS

Under GDPR, you have the following rights:

  • Right to access your data
  • Right to rectify inaccurate data
  • Right to erase data
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent at any time
  • Right to Explanation: You have the right to request an explanation of how our AI systems have influenced significant decisions affecting you.
  • Right to Human Review: You can request human review of significant decisions made by our AI systems.

To exercise these rights, please follow these steps:

1.  Download PDF and fill it
2. Send document to privacy@raily.app
3. We will process your request within 30 days and inform you of the results

10. USE OF AI AND MACHINE LEARNING

Raily extensively uses artificial intelligence (AI) and machine learning technologies to provide and improve our services. This includes:

10.1 Matchmaking:

Our core matchmaking algorithm uses AI to analyze user profiles, preferences, and behavior to suggest compatible travel companions.

10.2 Visual and SocialMatching:

We use advanced AI models like YOLO and CLIP for analyzing visual content and social media data to enhance matchmaking accuracy.

10.3 PersonalizedRecommendations:

AI powers our system for providing personalized travel recommendations and itinerary suggestions.

10.4 Content Analysis:

We use AI to analyze messages and user-generated content in an aggregated manner to improve our services and ensure community safety.

10.5 ContinuousImprovement:

Continuous Improvement: Our AI systems continuously learn and improve based on user interactions and feedback.

10.6 Transparency:

We are committed to being transparent about our use of AI. The matching percentage displayed next to people or places clearly indicates how our AI has determined compatibility based on your profile and preferences.

10.7 User Control:

You have direct control over your interests and preferences. Any changes you make will immediately affect your matching percentages and results, allowing you to see how your input influences the AI's decisions.

All information processed by our AI systems is handled in accordance with this Privacy Policy and applicable data protection laws. We do not use AI for emotion recognition or biometric categorization beyond what is necessary for improving matches and recommendations.

11. CRYPTOCURRENCY AND TOKENS

Our app may utilize tokens and cryptocurrency. Information about transactions in tokens and cryptocurrency is processed and stored by us in accordance with applicable laws. We do not store or process information about users' wallets or wallet addresses. Users are responsible for the safe storage of their wallets and the confidentiality of private keys.

12. NFTs

Our app may offer exclusive NFTs related to travels and the app experience. We only collect information necessary to provide NFT functionality, such as your wallet identifier. All NFT information is stored decentrally on the blockchain.

13. CHILDREN'S PRIVACY

Our Service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information.

14. CHANGES TO THIS PRIVACY POLICY

We may update this privacy policy from time to time. We will notify you of any significant changes:

  • Through a push notification in the app
  • By email associated with your account
  • Via a banner on our website's homepage

15. CONTACT INFORMATION

If you have any questions about this privacy policy or our data processing, please contact our Data Protection Officer:

Email: dpo@raily.app

Address: Frundsbergstraße 58a, Straßlach-Dingharting, 82064, Deutschland

If you are not satisfied with our response, you have the right to lodge a complaint with the data protection supervisory authority in your jurisdiction. For EU users, a list of supervisory authorities is available here: https://edpb.europa.eu/about-edpb/board/members_en

16. LIMITATION OF LIABILITY

In no event shall Raily be liable for any damages whatsoever, including special, indirect, consequential, or incidental damages, or damages for lost profits, loss of revenue, loss of data or use, arising out of or related to the use of the Service or this Privacy Policy, whether based on warranty, contract, tort (including negligence), statute, or any other legal theory, whether or not Raily has been informed of the possibility of such damage.

17. USER CONSENT

When you register to use Raily, we ask for your explicit consent to process your personal data. This consent is a key legal basis for our data processing activities.

17.1 Scope of Consent

By agreeing to our terms during registration, you consent to the collection, use, storage, and processing of the following categories of your personal data:

  • Name and surname
  • Email address
  • Phone number
  • Profile picture
  • Geolocation data
  • Information about your interests and preferences
  • App usage data

17.2 Purposes of Processing

You agree to the processing of your personal data for the following purposes:

  • Providing Raily services, including travel and companion matching
  • Personalizing content and recommendations
  • Improving app functionality and user experience
  • Communicating with you
  • Ensuring security and preventing fraud

17.3 Third-Party Data Sharing

You understand that your data may be shared with third parties acting on behalf of Raily, exclusively for the purposes stated above and with appropriate data protection measures in place.

17.4 International Data Transfers

You agree to the transfer of your data to countries outside the European Economic Area if necessary for service provision, ensuring an adequate level of data protection.

17.5 Duration of Consent

Your consent is valid from the moment it is provided until you delete your account or withdraw your consent.

17.6 Right to Withdraw Consent

You have the right to withdraw your consent at any time by sending a request to privacy@raily.app or through the appropriate section in the app. However, please note that withdrawing your consent will result in the termination of your access to Raily services. This is because your consent forms the legal basis for our processing of your personal data, which is essential for providing our services.

If you choose to withdraw your consent:

  • Your account will be deactivated
  • You will no longer have access to Raily services
  • We will cease processing your personal data for the purposes outlined in this policy, except where we have other legal grounds to continue processing (e.g., for legal compliance or legitimate interests)
  • We will retain your data only as long as necessary for legal or business purposes, as outlined in our Data Retention Policy.

Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

17.7 Accessing Consent Information

You can review the full text of the consent you provided during registration at any time in the app's settings or "Legal Information" section.

18. AI TRANSPARENCY AND ACCOUNTABILITY

18.1 AI Disclosure:

We clearly disclose when you are interacting with an AI system within our service.

18.2 AI DecisionExplanations:

Upon request, we will provide explanations of significant decisions made by our AI systems affecting your user experience.

18.3 AI Ethics:

We adhere to ethical AI principles, including fairness, transparency, and respect for user privacy.

18.4 AI ImpactAssessments:

We regularly conduct AI impact assessments to identify and mitigate potential risks associated with our AI systems.

18.5 AI Governance:

We have established an AI governance framework to ensure responsible development and use of AI technologies.