Meet us · 9 Jul:Ravan.ai at NBFC100 Tech Summit, Hilton Chennai — see Agni run live collections calls at our booth →
agni.by ravan.ai
Pricing
+91 11 4056 6600Sign inBook a demo
Security · Ravan.ai

Incident Response

Last updated: 11 July 202624-hour customer notification
trust centerdata processing addendumsubprocessorsincident response

Operating commitment. Any team member who suspects unauthorised access, disclosure, loss, alteration, or unavailability of Customer Personal Data must escalate it immediately. Ravan.ai will notify affected Customer contacts within 24 hours after confirming an incident affecting their Customer Personal Data, and will not wait for a complete root-cause analysis before giving that notice.

One-page response process

  1. Report and open an incident
  2. Contain and preserve evidence
  3. Assess impact
  4. Notify customers
  5. Recover and review
  6. Escalation contacts
01 Report

Open an incident immediately

Any employee, contractor, or service provider who identifies a suspected security event must report it to the incident lead through the security escalation channel immediately and no later than one hour after discovery. Suspected events include exposed credentials, unauthorised access, misdirected data, malware, lost devices, unexpected deletion, and abnormal access to recordings or transcripts.

The incident lead assigns an owner, opens a time-stamped incident record, records the affected systems and customers, and begins an evidence log. The reporter must not delete logs, rotate credentials, or alter evidence before the incident lead has directed containment.

02 Contain

Stop further exposure

  • Disable or rotate exposed credentials and revoke active sessions.
  • Restrict the affected user's access to the minimum needed for investigation.
  • Pause affected integrations, exports, or call workflows where necessary to prevent continued exposure.
  • Preserve relevant audit logs, access records, configuration history, and affected call-session identifiers.
03 Assess

Determine whether Customer Personal Data is affected

The incident lead determines, as quickly as practicable, whether Customer Personal Data was involved; the affected customers; the categories and approximate volume of data; likely consequences; and the containment actions already taken. The assessment is recorded even where the conclusion is that no Customer Personal Data was affected.

04 Notify

Tell the affected customer within 24 hours of confirmation

Once Ravan.ai confirms an incident affecting Customer Personal Data, the incident lead notifies each affected Customer's designated security or privacy contact within 24 hours. The initial notice may be preliminary, but will include the known facts, the affected systems or data categories, containment actions, and a contact for follow-up. Ravan.ai will provide material updates as the investigation develops.

The Customer remains responsible for notifications to regulators and data subjects unless the Agreement states otherwise. Ravan.ai will provide reasonable information and assistance required for those notifications under the Data Processing Addendum.

05 Recover

Restore safely and prevent recurrence

Before returning an affected service to normal operation, the incident lead verifies that containment is effective and that any required access, configuration, or deployment changes have been reviewed. Within ten business days after closure, the incident owner documents root cause, corrective actions, owners, and due dates. Material actions are tracked to completion and tested.

Report a security incident

Include the affected workspace or customer, relevant phone number or call-session ID, time discovered, and any immediate containment action already taken.

privacy@ravan.aiinfo@ravan.ai

Put Agni on your phone lines.

Book a 30-minute walkthrough, or call our AI agent right now: +91 11 4056 6600

Book a demoStart free
agni.

Voice AI agents for enterprise customer calls. Built for Indian conversations — 30+ languages, Hinglish native.

LinkedInXInstagramFacebook

Product

  • Platform overview
  • Agent Builder
  • Knowledge Base
  • Inbound Calls
  • Outbound Campaigns
  • Call Analytics
  • APIs & Webhooks
  • Languages & Voices

Use Cases

  • Ravan Revenue Recovery
  • Sales & Lead Qualification
  • Customer Support
  • Collections & EMI
  • Appointment Scheduling
  • Feedback & CSAT
  • Recruitment
  • E-commerce COD & RTO

Industries

  • BFSI & NBFC
  • Insurance
  • Healthcare
  • Real Estate
  • EdTech
  • Logistics
  • D2C & E-commerce

Resources

  • Documentation
  • Case Studies
  • Integrations
  • ROI Calculator
  • Blog
  • FAQ
  • Trust Center

Company

  • About
  • Press & Media
  • Careers
  • Contact Sales
  • Sign in

DND / NCPR scrubbing · Consent logging · Calling-window enforcement · Call recordings & audit trails · DPDP-era consent design · SOC 2 ready · GDPR ready · HIPAA ready

Visit the Trust Center →

© 2026 Ravan Technologies Pvt. Ltd. · New Delhi, India · Dubai Silicon Oasis, Dubai, UAE · Delaware, USA · info@ravan.ai

Privacy PolicyData Processing AddendumSubprocessorsIncident ResponseTerms of ServiceRefund PolicyTrust Center