Meet us · 9 Jul:Ravan.ai at NBFC100 Tech Summit, Hilton Chennai — see Agni run live collections calls at our booth →
agni.by ravan.ai
Pricing
+91 11 4056 6600Sign inBook a demo
Legal · Ravan.ai

Data Processing Addendum

Last updated: 11 July 2026GDPR Article 28 terms
terms of serviceprivacy policydata processing addendumrefund policy

Binding terms. This Data Processing Addendum ("DPA") forms part of the agreement between the Customer and the Ravan.ai entity identified in the applicable order form, statement of work, or service agreement ("Agreement"). It is a contractual commitment, not a description of product features. If this DPA conflicts with the Agreement on the processing of Customer Personal Data, this DPA controls to that extent.

Table of Contents

  1. Scope and roles
  2. Processor commitments
  3. Subprocessors
  4. International transfers
  5. Information and audits
  6. Annex I: Processing details
  7. Annex II: Security measures
  8. Contact
01 Scope and roles

Controller and processor

Where Ravan.ai processes Customer Personal Data on the Customer's behalf in connection with the Services, the Customer acts as the controller and Ravan.ai acts as the processor. The Customer remains responsible for determining the lawful purpose and means of its processing, including its notices and legal bases for contacting individuals.

This DPA applies to Customer Personal Data processed in providing, securing, supporting, and maintaining the Agni and Ravan.ai services. It applies for the term of the Agreement and until the return or deletion of Customer Personal Data under this DPA.

Processing detailDescription
Subject matterProvision of voice AI, telephony, campaign, analytics, support, and related platform services.
Nature and purposeHosting, transmitting, analysing, storing, and otherwise processing data as necessary to deliver the Services and comply with documented Customer instructions.
Data subjectsCustomer personnel, end users, prospects, callers, recipients, and other individuals whose data the Customer submits to the Services.
Data categoriesAccount and contact information, call metadata, recordings, transcripts, prompts, configuration data, support requests, and other Customer Personal Data submitted to the Services.
02 Processor commitments

Ravan.ai's binding obligations

Ravan.ai shall perform the following obligations whenever it processes Customer Personal Data as a processor:

  1. Documented instructions. Process Customer Personal Data only on the Customer's documented instructions, including instructions given through the Services, unless applicable law requires processing. If law requires processing, Ravan.ai will notify the Customer before processing unless that law prohibits notice.
  2. Confidentiality. Ensure that people authorised to process Customer Personal Data are bound by confidentiality obligations or an appropriate statutory duty of confidentiality.
  3. Security measures. Maintain the technical and organisational measures in Annex II, and review those measures as appropriate to the risks of the processing.
  4. Data-subject rights. Taking account of the nature of the processing, provide reasonable assistance through appropriate technical and organisational measures to help the Customer respond to requests to exercise data-subject rights.
  5. Compliance assistance. Taking account of the nature of processing and the information available to Ravan.ai, assist the Customer with data-protection impact assessments, prior consultations, and the Customer's security and breach obligations where applicable.
  6. Personal-data breaches. Notify the Customer without undue delay after becoming aware of a Personal Data Breach affecting Customer Personal Data, and provide information reasonably available to Ravan.ai so the Customer can meet its notification obligations.
  7. Return or deletion. At the Customer's choice on termination of the Services, delete or return Customer Personal Data unless applicable law requires continued retention. Any retained data remains protected under this DPA.
!

Contractual standard: these are obligations of Ravan.ai under the Agreement. A failure to perform them is handled under the Agreement's breach and remedies provisions.

03 Subprocessors

Authorisation and safeguards

The Customer gives general written authorisation for Ravan.ai to use subprocessors for the Services. Ravan.ai will maintain its currentsubprocessor notice and provide reasonable advance notice of a new or replacement subprocessor where required by applicable law, giving the Customer an opportunity to object on reasonable, documented data-protection grounds.

Ravan.ai shall enter into written agreements with each subprocessor that impose data-protection obligations materially consistent with the obligations in this DPA. Ravan.ai remains responsible for its subprocessors to the extent required by applicable data-protection law.

04 International transfers

Transfers of Customer Personal Data

Ravan.ai shall not transfer Customer Personal Data outside the applicable permitted processing location except on the Customer's documented instructions or where a lawful transfer mechanism is in place. Where EU or UK data-protection law applies, Ravan.ai will use an applicable transfer mechanism, which may include the European Commission's Standard Contractual Clauses or the UK International Data Transfer Addendum, as applicable.

05 Information and audits

Demonstrating compliance

Ravan.ai shall make available information reasonably necessary to demonstrate compliance with this DPA. On reasonable written notice, no more than once in any 12-month period unless a material incident or regulator requires otherwise, the Customer may audit Ravan.ai's compliance with this DPA or appoint an independent auditor bound by confidentiality to do so. Audits must be conducted during normal business hours, in a manner that does not unreasonably disrupt the Services or expose other customers' confidential information.

Annex I

Details of processing

The processing details in Section 1 form Annex I to this DPA. Additional processing instructions, data categories, retention periods, and deployment locations may be recorded in an order form, statement of work, or other written deployment documentation. To the extent of a conflict, the more protective written instruction applies to the relevant processing.

Annex II

Technical and organisational measures

Ravan.ai shall maintain measures appropriate to the risk, including the following safeguards for Customer Personal Data:

  • Access management: role-based access controls, least-privilege access, and restricted production-data access for authorised personnel.
  • Encryption: encryption of stored data and encryption in transit using current transport-security controls.
  • Logging and monitoring: audit logging and monitoring of access to sensitive data, service errors, and security-relevant events.
  • Secure operations: vulnerability management, security testing, and change-management practices appropriate to the Services.
  • Availability and recovery: backup and recovery measures designed to restore availability and access following an incident.
  • Incident management: processes to identify, assess, contain, investigate, and communicate Personal Data Breaches.
  • Vendor management: risk-based review and written data-protection commitments for subprocessors that process Customer Personal Data.

Ravan.ai may update these measures provided that the updates do not materially diminish the overall security of the Services.

Privacy and DPA contact

Send data-processing questions, subprocessor objections, or signed DPA requests to our privacy team.

privacy@ravan.aiinfo@ravan.ai

Ravan.ai Data Processing Addendum · Version 1.0

Privacy PolicyTerms of ServiceTrust Center

Put Agni on your phone lines.

Book a 30-minute walkthrough, or call our AI agent right now: +91 11 4056 6600

Book a demoStart free
agni.

Voice AI agents for enterprise customer calls. Built for Indian conversations — 30+ languages, Hinglish native.

LinkedInXInstagramFacebook

Product

  • Platform overview
  • Agent Builder
  • Knowledge Base
  • Inbound Calls
  • Outbound Campaigns
  • Call Analytics
  • APIs & Webhooks
  • Languages & Voices

Use Cases

  • Ravan Revenue Recovery
  • Sales & Lead Qualification
  • Customer Support
  • Collections & EMI
  • Appointment Scheduling
  • Feedback & CSAT
  • Recruitment
  • E-commerce COD & RTO

Industries

  • BFSI & NBFC
  • Insurance
  • Healthcare
  • Real Estate
  • EdTech
  • Logistics
  • D2C & E-commerce

Resources

  • Documentation
  • Case Studies
  • Integrations
  • ROI Calculator
  • Blog
  • FAQ
  • Trust Center

Company

  • About
  • Press & Media
  • Careers
  • Contact Sales
  • Sign in

DND / NCPR scrubbing · Consent logging · Calling-window enforcement · Call recordings & audit trails · DPDP-era consent design · SOC 2 ready · GDPR ready · HIPAA ready

Visit the Trust Center →

© 2026 Ravan Technologies Pvt. Ltd. · New Delhi, India · Dubai Silicon Oasis, Dubai, UAE · Delaware, USA · info@ravan.ai

Privacy PolicyData Processing AddendumSubprocessorsIncident ResponseTerms of ServiceRefund PolicyTrust Center