Version 4.1
Effective Date: 02/02/2026

GDPR • CCPA/CPRA • SOC 2 Type II Aligned

1. Introduction

At NTRVSTA Inc. (“NTRVSTA,” “we,” “us,” or “our”), we are committed to protecting your privacy and ensuring the security of your personal information.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered interview and structured conversation platform, including our website, mobile applications, APIs, and related services (collectively, the “Services”).

This Privacy Policy is designed to comply with the GDPR, CCPA/CPRA, and aligns with SOC 2 Type II security and privacy principles, including transparency obligations related to AI systems.

By accessing or using our Services, you agree to this Privacy Policy. If you do not agree, please do not use our Services.

2. Data Controller Information

For purposes of applicable data protection laws, the data controller is:

NTRVSTA | Ryz Labs Studio LLC
4500 Park Granada, Suite 202
Calabasas, CA 91302
United States

Email: info@ntrvsta.com
Website: https://www.ntrvsta.com

For EU/EEA residents, you may contact our Data Protection Officer at info@ntrvsta.com.

3. Definitions

Personal Data – Information relating to an identifiable person.
Sensitive Personal Information (SPI) – Includes biometric data, health data, precise geolocation, and similar protected categories.
Processing – Any operation performed on Personal Data.
Data Subject – The individual to whom the data relates.
Service Provider / Processor – Third parties processing data on our behalf.
AI Features – Transcription, NLP, scoring, feedback, AI audio, and avatars.
AI Outputs – Transcripts, summaries, feedback, and scoring results.
Synthetic Media – AI-generated or AI-manipulated audio/video.
AI Vendors – Third parties such as OpenAI, Anthropic Claude, and ElevenLabs.

4. CCPA Notice at Collection

This section applies to California residents.

4.1 Categories of Personal Information Collected
We collect the categories detailed in Section 5 for the purposes described in Section 7.

4.2 Sale and Sharing of Personal Information
We do not sell Personal Data. We may share data for cross-context behavioral advertising.

You may opt out by:

• Emailing info@ntrvsta.com (subject: CCPA Opt-Out Request)
• Using the “Do Not Sell or Share My Personal Information” link
• Enabling Global Privacy Control (GPC)

4.3 Sensitive Personal Information
We process SPI only as permitted under CCPA/CPRA and do not use it for restricted purposes.

4.4 Retention
Data is retained as described in Section 11.

4.5 Minors
We do not knowingly sell or share data of individuals under 16.

5. Categories of Personal Data We Collect

Categories include:

• Identifiers (name, email, IP address)
• Commercial information
• Financial data (processed by Stripe/Payoneer)
• Internet activity
• Geolocation data (with consent)
• Audio/visual data*
• Professional/employment data*
• Biometric data*
• Inferences

* May include Sensitive Personal Information.

6. Sources of Personal Data

6.1 Directly from You

• Account creation
• Interviews and conversations
• Forms and support communications
• Billing information

6.2 Automatically Collected

• Device and log data
• Cookies and tracking technologies
• Location data

6.3 From Third Parties

• Social platforms
• Business partners and employers
• Analytics and advertising partners

7. Purposes of Processing and Legal Bases

We process Personal Data for:

• Service delivery
• Payment processing
• AI processing
• Security and fraud prevention
• Communications
• Marketing
• Analytics and improvement
• Legal compliance

Legal bases include contract performance, consent, legitimate interests, and legal obligation.

8. How We Share Your Personal Data

8.1 Service Providers
Cloud hosting, payments, AI vendors, support, and security services.

8.2 Business Partners
Employers and organizations using the platform.

8.3 Analytics and Advertising Partners
May constitute “sharing” under CCPA.

8.4 Legal and Safety Disclosures
When required by law or to protect rights and safety.

8.5 Business Transfers
In mergers, acquisitions, or similar events.

8.6 Aggregated and De-identified Data
Used for analytics and improvement.

9. International Data Transfers

Data may be processed in the United States and other countries.

9.1 EU/EEA/UK Transfers
We use safeguards such as Standard Contractual Clauses (SCCs).

9.2 EU-U.S. Data Privacy Framework
We commit to applicable framework requirements.

10. Cookies and Tracking Technologies

10.1 Types of Cookies

• Essential
• Functional
• Performance/Analytics
• Advertising

10.2 Managing Cookies
Via browser settings or our cookie preference center.

10.3 GPC and Do Not Track
We honor GPC signals under CCPA.

11. Data Retention

We retain data only as long as necessary.

11.1 Retention Periods

• Account data: account lifetime + 3 years
• Interview recordings: up to 2 years
• Payment data: 7 years
• Logs: 90 days (security logs up to 1 year)

11.2 Deletion
Data is securely deleted or anonymized when no longer needed.

12. AI Data Processing (Transparency & No Training Commitment)

12.1 How AI Uses Your Data
Audio, video, text inputs, and synthetic media.

12.2 AI Vendors
OpenAI, Anthropic Claude, ElevenLabs.

12.3 No Training on User Content
We do not allow vendors to train models on your content.

12.4 Human Review
Limited review for QA, security, and compliance.

13. Data Security (SOC 2 Type II Aligned)

13.1 Technical Safeguards

• Encryption (TLS, AES-256)
• MFA
• Firewalls and IDS/IPS
• Secure development practices

13.2 Administrative Safeguards

• Security policies
• Employee training
• RBAC and vendor assessments

13.3 Physical Safeguards

• SOC 2 certified data centers
• Disaster recovery controls

13.4 Compliance and Auditing

• Annual SOC 2 audits
• Continuous monitoring

14. Your Privacy Rights

14.1 GDPR Rights
Access, rectification, erasure, portability, objection, consent withdrawal.

14.2 CCPA/CPRA Rights
Know, delete, correct, opt-out, limit use, non-discrimination.

Requests via:

• info@ntrvsta.com
• 1-310-621-6250
• ntrvsta.com/privacy-request

14.3 Other U.S. State Laws
Similar rights apply (VA, CO, CT, UT).

14.4 Nevada Residents
Email info@ntrvsta.com (subject: Nevada Do Not Sell Request).

15. Children’s Privacy

We do not knowingly collect data from children under 16. Any such data will be deleted promptly.

16. Third-Party Links and Services

We are not responsible for third-party privacy practices.

17. Changes to This Privacy Policy

Updates will be communicated via website notice, email, or in-app notification.

18. Contact Information

NTRVSTA | Ryz Labs Studio LLC
4500 Park Granada, Suite 202
Calabasas, CA 91302

Email: info@ntrvsta.com
Website: https://www.ntrvsta.com

Data Protection Officer: info@ntrvsta.com
CCPA Requests: info@ntrvsta.com | 1-310-621-6250

19. SMS/Text Message Communications

By providing your phone number, you consent to receive SMS related to your account and Services.
Message and data rates may apply.

To opt out, reply STOP.
For help, reply HELP or contact info@ntrvsta.com.

‍