1. Introduction
At NTRVSTA Inc. ("NTRVSTA," "we," "us," or "our"), we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered interview and structured conversation platform, including our website, mobile applications, and related services (collectively, the "Services").
This Privacy Policy is designed to comply with the General Data Protection Regulation ("GDPR"), the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA/CPRA"), and aligns with SOC 2 Type II security and privacy principles.
By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services.
2. Data Controller Information
For the purposes of the GDPR and other applicable data protection laws, the data controller is:
NTRVSTA | Ryz Labs Studio LLC
4500 Park Granada, Suite 202
Calabasas, CA 91302
United States
Email: info@ntrvsta.com
Website: https://www.ntrvsta.com
For EU/EEA residents, you may also contact our Data Protection Officer at dpo@ntrvsta.com.
3. Definitions
"Personal Data" means any information relating to an identified or identifiable natural person, including information referred to as "personal information" under the CCPA.
"Sensitive Personal Information" (SPI) means Personal Data that reveals racial or ethnic origin, religious beliefs, mental or physical health conditions, sexual orientation, citizenship or immigration status, genetic or biometric data, precise geolocation, contents of communications, or financial account credentials.
"Processing" means any operation performed on Personal Data, including collection, recording, organization, storage, adaptation, retrieval, use, disclosure, or destruction.
"Data Subject" means the individual to whom the Personal Data relates.
"Service Provider" / "Processor" means a third party that processes Personal Data on our behalf pursuant to a written contract.
4. CCPA Notice at Collection
This section provides California residents with specific disclosures required under the CCPA/CPRA.
4.1 Categories of Personal Information Collected
We collect the categories of Personal Data detailed in Section 5 below. We collect this information for the business and commercial purposes described in Section 6.
4.2 Sale and Sharing of Personal Information
We do not sell Personal Data for monetary consideration. We may "share" Personal Data for cross-context behavioral advertising as defined by the CCPA. You may opt out of the sale or sharing of Personal Data by:
• Emailing info@ntrvsta.com with subject line "CCPA Opt-Out Request"
• Using the "Do Not Sell or Share My Personal Information" link on our website
• Enabling Global Privacy Control (GPC) signals in your browser
We honor GPC signals as valid opt-out requests under the CCPA.
4.3 Sensitive Personal Information
We may collect Sensitive Personal Information such as health data, precise geolocation, and biometric information (voice and video recordings). We use Sensitive Personal Information only for purposes permitted under the CCPA/CPRA, including providing the Services you request and maintaining security. We do not use SPI for purposes that would require offering a "Limit the Use of My Sensitive Personal Information" option.
4.4 Retention
We retain Personal Data for as long as necessary to provide our Services, comply with legal obligations, resolve disputes, and enforce agreements. Specific retention periods are described in Section 11.
4.5 Minors
We do not knowingly sell or share the Personal Data of individuals under 16 years of age.
5. Categories of Personal Data We Collect
The following table details the categories of Personal Data we collect, examples of such data, and the parties with whom we may share this data:
Name, email, phone number, IP address, device ID, account credentials
Service Providers, Analytics Partners, Business Partners
Purchase history, subscription details, usage records, consumer profiles
Service Providers, Analytics Partners
Payment card type, last 4 digits, billing address (full card numbers processed by Stripe)
Payment Processors (Stripe, Payoneer)
Browsing history, search history, interaction with Services, referral sources
Service Providers, Analytics Partners, Advertising Partners
IP-based location, GPS coordinates (with consent)
Service Providers, Analytics Partners
Video recordings, voice recordings, photographs, screen captures
Service Providers, AI Processing Partners, Business Partners
Resume, job title, work history, professional qualifications, interview responses
Service Providers, Business Partners, Authorized Employers
Voice prints, facial geometry (for avatar and AI features)
Service Providers (AI/ML processing)
Profiles reflecting preferences, characteristics, behavior, aptitudes
Service Providers, Analytics Partners, Business Partners
* Denotes categories that may include Sensitive Personal Information under CCPA/CPRA.
6. Sources of Personal Data
6.1 Directly from You
• Account registration and profile creation
• Interview sessions and structured conversations
• Forms, surveys, and questionnaires
• Customer support communications
• Payment and billing information
6.2 Automatically Collected
• Device information (browser type, operating system, device identifiers)
• Log data (IP address, access times, pages viewed, referral URLs)
• Cookies and similar tracking technologies
• Location data (IP-based and, with consent, precise GPS)
6.3 From Third Parties
• Social media platforms (when you connect accounts)
• Business partners and employers using our platform
• Analytics and advertising partners
• Public databases and government records
7. Purposes of Processing and Legal Bases
We process your Personal Data for the following purposes. For EU/EEA residents, we have identified the legal basis for each processing activity under the GDPR:
Creating accounts, processing interviews, providing AI avatar features, facilitating structured conversations
Performance of Contract (Art. 6(1)(b))
Processing payments, managing subscriptions, billing inquiries
Performance of Contract (Art. 6(1)(b))
Avatar generation, voice synthesis, interview analysis, compliance scoring
Consent (Art. 6(1)(a)); Contract (Art. 6(1)(b))
Detecting and preventing fraud, unauthorized access, security incidents
Legitimate Interests (Art. 6(1)(f))
Service notifications, support responses, account updates
Performance of Contract (Art. 6(1)(b)); Legitimate Interests (Art. 6(1)(f))
Promotional emails, targeted advertising, interest-based marketing
Consent (Art. 6(1)(a)); Legitimate Interests (Art. 6(1)(f))
Usage analysis, product development, service optimization
Legitimate Interests (Art. 6(1)(f))
Responding to legal requests, regulatory compliance, tax obligations
Legal Obligation (Art. 6(1)(c))
For Sensitive Personal Information under the GDPR (e.g., biometric data), we rely on explicit consent (Art. 9(2)(a)) unless another exception applies.
8. How We Share Your Personal Data
8.1 Service Providers
We engage trusted third-party service providers to perform functions and provide services on our behalf, including:
• Cloud hosting and infrastructure (AWS, Google Cloud)
• Payment processing (Stripe, Payoneer)
• AI/ML processing and model providers
• Customer support and communication platforms
• Security and fraud prevention services
All service providers are contractually obligated to use Personal Data only for specified purposes and maintain appropriate security measures.
8.2 Business Partners
We may share Personal Data with employers, recruiters, and organizations that use our platform to conduct interviews and structured conversations. These parties act as independent data controllers with respect to the data they receive.
8.3 Analytics and Advertising Partners
We work with third parties to analyze usage of our Services and deliver targeted advertising. These disclosures may constitute "sharing" under the CCPA. You may opt out as described in Section 4.2.
8.4 Legal and Safety Disclosures
We may disclose Personal Data when we believe it is necessary to:
• Comply with applicable law, regulation, legal process, or governmental request
• Protect the rights, property, or safety of NTRVSTA, our users, or the public
• Enforce our Terms of Use and other agreements
• Detect, prevent, or address fraud, security, or technical issues
8.5 Business Transfers
In the event of a merger, acquisition, bankruptcy, or other corporate transaction, your Personal Data may be transferred to the acquiring entity. We will notify you of any such change and any choices you may have regarding your Personal Data.
8.6 Aggregated and De-identified Data
We may create and share aggregated, de-identified, or anonymized data that cannot reasonably be used to identify you. This data is not subject to this Privacy Policy.
9. International Data Transfers
NTRVSTA is headquartered in the United States. If you are located outside the United States, your Personal Data will be transferred to and processed in the United States and potentially other countries where our service providers operate.
9.1 Transfers from the EU/EEA/UK
For transfers of Personal Data from the European Economic Area, United Kingdom, or Switzerland to countries not deemed to provide an adequate level of data protection, we implement appropriate safeguards including:
• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data Processing Agreements incorporating supplementary measures where necessary
• Binding Corporate Rules for intra-group transfers (where applicable)
You may request a copy of the applicable safeguards by contacting us at dpo@ntrvsta.com.
9.2 EU-U.S. Data Privacy Framework
We are committed to complying with the EU-U.S. Data Privacy Framework, the UK Extension, and the Swiss-U.S. Data Privacy Framework as applicable. Please contact us for information about our participation status.
10. Cookies and Tracking Technologies
We use cookies and similar technologies to operate, analyze, and improve our Services.
10.1 Types of Cookies We Use
• Essential Cookies: Required for core functionality such as authentication and security.
• Functional Cookies: Remember your preferences and settings across sessions.
• Performance/Analytical Cookies: Help us understand how visitors interact with our Services. We use Google Analytics; you may opt out at tools.google.com/dlpage/gaoptout.
• Advertising Cookies: Used to deliver relevant advertisements and measure campaign effectiveness.
10.2 Managing Cookie Preferences
You can manage cookies through your browser settings. Disabling certain cookies may affect functionality. We also provide a cookie preference center on our website for granular control.
10.3 Do Not Track and Global Privacy Control
We recognize Global Privacy Control (GPC) signals as valid opt-out requests under the CCPA. We do not currently respond to "Do Not Track" browser signals in other contexts.
11. Data Retention
We retain Personal Data only as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.
11.1 Retention Periods
Account Information
Duration of account + 3 years
Interview Recordings
As specified by Business Partner or 2 years
Transaction/Payment Data
7 years (tax/legal requirements)
Log Data
90 days (security logs: 1 year)
Marketing Preferences
Until opt-out + suppression list maintained
11.2 Deletion
When Personal Data is no longer needed, we securely delete or anonymize it. Some data may be retained in backups for a limited period per our disaster recovery procedures.
12. Data Security (SOC 2 Type II Aligned)
We implement comprehensive technical, administrative, and physical safeguards to protect your Personal Data. Our security program is designed in alignment with SOC 2 Type II trust service criteria.
12.1 Technical Safeguards
• Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
• Multi-factor authentication (MFA) for all privileged access
• Network segmentation and firewall protections
• Intrusion detection and prevention systems (IDS/IPS)
• Vulnerability scanning and penetration testing
• Secure software development lifecycle (SSDLC) practices
12.2 Administrative Safeguards
• Information security policies and procedures
• Employee security awareness training
• Background checks for employees with data access
• Role-based access controls (RBAC) with least privilege
• Vendor security assessments and due diligence
• Incident response and breach notification procedures
12.3 Physical Safeguards
• SOC 2 Type II certified data centers (AWS, Google Cloud)
• Physical access controls and monitoring
• Environmental controls and disaster recovery capabilities
12.4 Compliance and Auditing
• Annual SOC 2 Type II audits by independent third parties
• Continuous monitoring and logging of security events
• Regular risk assessments and control testing
• Business continuity and disaster recovery plans
While we strive to protect your Personal Data, no method of transmission or storage is 100% secure. Please help protect your data by using strong passwords and limiting access to your devices.
13. Your Privacy Rights
13.1 Rights Under the GDPR (EU/EEA/UK Residents)
If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following rights:
• Right of Access: Request confirmation of whether we process your Personal Data and obtain a copy.
• Right to Rectification: Request correction of inaccurate or incomplete Personal Data.
• Right to Erasure ("Right to be Forgotten"): Request deletion of your Personal Data in certain circumstances.
• Right to Restriction: Request that we restrict processing of your Personal Data.
• Right to Data Portability: Receive your Personal Data in a structured, commonly used, machine-readable format.
• Right to Object: Object to processing based on legitimate interests or for direct marketing.
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.
• Right to Lodge a Complaint: File a complaint with your local supervisory authority.
To exercise these rights, contact us at dpo@ntrvsta.com. We will respond within 30 days (extendable by 60 days for complex requests).
13.2 Rights Under the CCPA/CPRA (California Residents)
If you are a California resident, you have the following rights:
• Right to Know: Request disclosure of the categories and specific pieces of Personal Data we have collected, the sources, purposes, and third parties with whom we share it.
• Right to Delete: Request deletion of your Personal Data, subject to certain exceptions.
• Right to Correct: Request correction of inaccurate Personal Data.
• Right to Opt-Out of Sale/Sharing: Direct us not to sell or share your Personal Data for cross-context behavioral advertising.
• Right to Limit Use of Sensitive Personal Information: Limit our use of SPI to purposes specified by law (not applicable as we do not use SPI for non-permitted purposes).
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights.
How to Submit a Request
You may submit a request by:
• Emailing info@ntrvsta.com with subject "CCPA Request"
• Calling our number: 1-310-621-6250
• Using the online request form at ntrvsta.com/privacy-request
Verification
We will verify your identity before fulfilling requests by matching information you provide with information we have on file. For requests submitted by an authorized agent, we require written authorization and may verify directly with you.
Response Timing
We will acknowledge receipt within 10 business days and respond substantively within 45 days (extendable by an additional 45 days with notice).
13.3 Rights Under Other State Laws
Residents of Virginia, Colorado, Connecticut, Utah, and other states with comprehensive privacy laws have similar rights. Please contact us at info@ntrvsta.com to exercise your rights.
13.4 Nevada Residents
Nevada residents may opt out of the sale of certain Personal Data by emailing info@ntrvsta.com with subject line "Nevada Do Not Sell Request."
14. Children's Privacy
Our Services are not directed to children under the age of 16 (or 13 in certain jurisdictions). We do not knowingly collect Personal Data from children. If you believe we have collected information from a child, please contact us immediately at info@ntrvsta.com, and we will take steps to delete such information.
If we learn that we have collected Personal Data from a child under 16 without verifiable parental consent, we will delete that information as quickly as possible.
15. Third-Party Links and Services
Our Services may contain links to third-party websites, applications, or services. This Privacy Policy does not apply to those third parties. We encourage you to review their privacy policies before providing any Personal Data. We are not responsible for the privacy practices of third parties.
16. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:
• Posting the updated policy on our website with a new effective date
• Sending an email notification to registered users
• Displaying a prominent notice in our Services
Your continued use of our Services after the effective date of any changes constitutes acceptance of the updated Privacy Policy.
17. Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
General Inquiries:
NTRVSTA | Ryz Labs Studio LLC
4500 Park Granada, Suite 202
Calabasas, CA 91302
Email: info@ntrvsta.com
Website: https://www.ntrvsta.com
Data Protection Officer (for EU/EEA/UK inquiries):
Email: info@ntrvsta.com
CCPA/Privacy Rights Requests:
Email: info@ntrvsta.com
Toll-Free: 1-310-621-6250
18. SMS/Text Message Communications
By providing your phone number, you agree to receive text messages from NTRVSTA related to your account and Services. Message and data rates may apply. Message frequency varies based on your interactions.
To opt out of text messages, reply STOP to any message. For help, reply HELP or contact info@ntrvsta.com.
