Legal

Last Updated: February 11th, 2026

This Privacy Policy explains how Raven GmbH ("Raven," "we," "us," or "our") collects, uses, discloses, and otherwise processes personal data in connection with our websites and Services.

We apply the baseline practices described here globally to align with EU/Swiss expectations. Where local law requires different or additional practices, we comply with those requirements.

Controller (for processing described in this Privacy Policy where Raven acts as controller):

Raven GmbH
Nuerenbergstrasse 3
8037 Zurich
Switzerland
Email: legal@raven.build

Last Updated: January 11, 2026

1. Scope and Roles

1.1 When this Privacy Policy applies

This Privacy Policy applies when you:

visit our website(s);
create an account, administer a workspace, or use the Services;
use billing/checkout flows;
communicate with us (support, sales, marketing, events); or
use integrations configured in the Services.

1.2 Processing on behalf of an organization (processor role)

If you use Raven through an organization account, Raven may process personal data on behalf of that organization. In that context, the organization typically determines how and why personal data is processed. If you want to exercise rights relating to such data, contact your organization/administrator. In those cases, Raven's processing as a processor is governed by Raven's Data Processing Agreement ("DPA") with the organization, available at https://raven.build/dpa (or on request at legal@raven.build).

1.3 Processing as controller

Raven acts as a controller for personal data we process for:

website operation and analytics (subject to cookie choices and applicable law),
account administration for self-serve users and workspace admins,
billing administration and payment status,
security, fraud prevention, and enforcement, and
improvement of the Services as described below (subject to Enterprise defaults and choices).

2. Personal Data We Collect

We collect personal data in three ways: (A) data you provide, (B) data collected automatically, and (C) data from third parties.

2.1 Data you provide

Depending on how you use the Services, we may collect:

Account and profile data: name, email, username, organization/workspace name, role/title (if provided), authentication-related data.
Workspace administration data: user lists, permissions, configuration settings, admin activity.
Content you submit (may include personal data): prompts or other inputs, files, and outputs to the extent they include personal data.
Support and communications: emails, messages, and information you choose to share.
Billing administration data: billing contact details and invoice information (where applicable).

2.2 Data collected automatically

When you use the website or Services, we may collect:

Device and network data: IP address, device identifiers, browser type, OS/app version, language, approximate location derived from IP.
Usage Data: performance metrics, feature usage events, error/crash logs, security/audit events, and admin settings (as defined in the Terms of Service).
Cookies and similar technologies: see Section 8.

2.3 Data from third parties

We may receive personal data from:

Your organization (e.g., your admin creates your account),
payment processors (payment confirmation/status),
service providers supporting security, hosting, email delivery, and analytics (where enabled),
public sources (limited B2B contact information where permitted by law).

3. How We Use Personal Data

We use personal data for the following purposes:

3.1 Provide and operate the Services

create and manage accounts/workspaces;
provide features and collaboration functionality;
provide customer support and respond to requests;
administer subscriptions, billing status, and account communications.

3.2 Security, integrity, and fraud prevention

protect accounts and the Services from unauthorized access and abuse;
monitor, investigate, and mitigate security incidents;
enforce our terms and prevent fraud.

3.3 Improvement of the Services

We may use Usage Data to improve the Services (e.g., reliability, performance, user experience, and feature development), subject to the Plan-based rules in Section 6.

3.4 Marketing and sales (where permitted)

send newsletters, product updates, and event invitations (you can opt out);
measure engagement with communications (subject to your settings and applicable law).

3.5 Legal compliance

comply with applicable laws and lawful requests;
establish, exercise, or defend legal claims.

4. Legal Bases for Processing (GDPR/UK GDPR and Swiss-aligned)

Where applicable, we process personal data based on:

Contract: to provide the Services and perform our obligations.
Legitimate interests: to secure, maintain, and (where permitted) improve the Services and conduct B2B communications, balanced against your rights.
Consent: for certain cookies/marketing where required.
Legal obligation: to comply with laws and lawful requests.

Where Raven processes data on behalf of an organization, that organization determines the relevant legal basis.

5. No Model Training/Fine-Tuning on Customer Content

Raven does not use Customer Content (including prompts, CAD files, and generated outputs) to train or fine-tune AI/ML models, including Raven's own models or third-party model providers' models.

6. Usage Data and Improvement Choices (Non-Enterprise vs Enterprise)

6.1 Non-Enterprise Plans

If you are on a Non-Enterprise Plan, Raven may use Usage Data to improve the Services.

6.2 Enterprise Plans: opted out by default; optional opt-in

Enterprise Plans are opted out by default from Raven's use of Usage Data for improvement of the Services beyond what is necessary to provide and secure the Services.

Enterprise Customers may opt in to:

General improvement of the Services (their Usage Data may contribute to improving the Services generally), or
Tenant-isolated improvement (ring-fenced) (their Usage Data is used only to improve the Services for that Enterprise Customer's environment and is not used to improve the Services for other customers).

How to opt in / change settings: An Administrator can request opt-in and choose the mode by contacting legal@raven.build (or via admin settings if available).

6.3 Processing that remains necessary even when opted out

Even when an Enterprise Plan is opted out by default (or chooses tenant-isolated improvement), we may still process a minimal subset of Usage Data strictly necessary to:

provide core functionality (authentication, authorization, licensing, essential uptime monitoring),
maintain security and prevent abuse/fraud,
comply with legal obligations, and
administer billing/account management.

6.4 Aggregated/de-identified data

We may create aggregated or de-identified data from Usage Data and use it for analytics and improvement, provided it does not reasonably identify an individual or a specific customer.

7. Where We Host and Process Data

7.1 EU/Switzerland hosting and processing (baseline)

Raven's Services are designed so that, to the extent Raven can control, Customer Data is hosted and processed in the European Union (EU) or in Switzerland.

7.2 Limited exceptions

Processing may occur outside the EU/Switzerland if:

you configure or request an integration/workflow that transfers data outside the EU/Switzerland,
your Enterprise configures a Customer-Provided Model Provider that processes data outside the EU/Switzerland, or
required by law.

8. Cookies and Similar Technologies (Website)

We use cookies and similar technologies to:

operate the website and Services,
remember preferences,
understand performance and usage,
(where applicable) support marketing.

Your choices: Where required by law, we provide a cookie consent tool to accept or reject non-essential cookies. You can also control cookies via browser settings, but some features may not function properly.

9. How We Disclose Personal Data

We may disclose personal data to:

9.1 Service providers

Vendors that help us deliver the Services (e.g., hosting/infrastructure, monitoring, security, email delivery, support tooling). They process personal data only as needed to provide their services and subject to contractual protections.

9.2 Payment processing (Stripe)

For self-serve purchases, payments are processed by Stripe. Stripe processes payment details according to its terms and privacy practices. Raven receives limited billing and payment status information (not full card numbers).

9.3 Your organization and other users

If you use a workspace managed by an organization, administrators and authorized users may access certain information depending on configured permissions.

9.4 Legal and safety

We may disclose information if we believe in good faith it is necessary to comply with law, protect rights and safety, investigate fraud/security incidents, or enforce terms.

9.5 Business transfers

If Raven is involved in a merger, acquisition, financing, reorganization, or sale of assets, personal data may be transferred subject to appropriate protections.

10. Data Retention

We retain personal data only as long as necessary for the purposes described in this Privacy Policy, including:

while accounts are active;
to provide support and maintain the Services;
for security, fraud prevention, and dispute resolution; and
to comply with legal/accounting requirements.

Backup copies may persist for a limited period as part of routine operations and security.

11. Security

We implement appropriate technical and organizational measures designed to protect personal data. No system is perfectly secure. You are responsible for maintaining credential confidentiality and configuring permissions appropriately.

12. Your Rights and Choices

Depending on your location and applicable law, you may have rights to:

access, correct, or delete personal data;
object to or restrict certain processing;
data portability (where applicable);
withdraw consent where processing is based on consent; and
opt out of marketing communications.

To exercise rights: email legal@raven.build. We may need to verify your identity. If your request relates to an organization-managed workspace, we may direct you to your administrator.

Marketing opt-out: Use the unsubscribe link in marketing emails. You will still receive essential service communications (e.g., security or billing notices).

13. Children

The Services are not directed to children and we do not knowingly collect personal data from children.

14. Third-Party Sites and Integrations

The Services may link to or integrate with third-party services. Their privacy practices are governed by their own policies.

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will update the "Last Updated" date and, if changes are material, provide additional notice as required by law.

16. Contact and Complaints

Raven GmbH
Nuerenbergstrasse 3
8037 Zurich
Switzerland

Email: legal@raven.build

If you are in the EU/EEA, UK, or Switzerland, you may have the right to lodge a complaint with your local supervisory authority (in Switzerland, the FDPIC).

These Terms of Service (the "Terms") govern your access to and use of Raven's cloud software services, applications, APIs, and related documentation (collectively, the "Services") provided by Raven GmbH ("Raven," "we," "us," or "our").

Raven GmbH
Nuerenbergstrasse 3
8037 Zurich
Switzerland
Email: legal@raven.build

By creating an account, accessing, or using the Services, you agree to these Terms. If you use the Services on behalf of a company or other legal entity ("Customer"), you represent that you have authority to bind that entity, and "you" refers to that entity.

Raven applies the baseline data-handling commitments in these Terms to all users globally to align with EU/Swiss expectations. Where mandatory local law requires additional rights or obligations, those mandatory rules apply.

Last updated: February 11, 2026

1. Plans

Raven offers plans described on our pricing page, in-product, or during purchase (each a "Plan"). For purposes of these Terms:

"Non-Enterprise Plans" means any plan purchased or used on a self-serve basis (including free or paid self-serve plans).
"Enterprise Plans" means plans provisioned for organizational use and designated as "Enterprise" by Raven.

Plan features, limits, and support levels may vary and may be updated from time to time.

2. Definitions

"Authorized User" means an individual you authorize to use the Services under your account/workspace.
"Administrator" means an Authorized User with privileges to manage workspace settings, user access, and configurations.
"Customer Content" means CAD files, models, drawings, assemblies, project data, prompts, instructions, parameters, annotations, metadata, and generated outputs uploaded to or created within the Services by or for you.
"Customer Data" means Customer Content plus account/workspace data provided in connection with the Services, excluding Usage Data.
"Usage Data" means data collected or generated about how the Services are accessed and used (e.g., device/app version, feature usage events, performance metrics, security/audit events, error/crash logs, and admin settings). Usage Data does not include the substantive contents of Customer Content.
"Model Provider" means a third party that provides an AI model or inference service integrated into the Services.
"Customer-Provided Model Provider" means a Model Provider selected and configured by an Enterprise Customer using the Customer's own credentials and/or contract with that provider.

3. Access, Accounts, and Acceptable Use

3.1 Account responsibility

You are responsible for all activity under your account, including actions of Authorized Users and Administrators and the configuration of permissions.

3.2 Security

You must keep credentials confidential and promptly notify us at legal@raven.build of any suspected unauthorized access.

3.3 Restrictions

You will not (and will not allow others to):

reverse engineer, decompile, or attempt to extract source code except to the extent permitted by mandatory law;
bypass usage limits, rate limits, or security controls;
use the Services to develop or improve a competing product;
upload or process content in violation of applicable law or third-party rights;
attempt to disrupt or compromise the Services.

4. License

Subject to these Terms and your Plan, Raven grants you a limited, non-exclusive, non-transferable, non-sublicensable right to access and use the Services during the applicable subscription term for your internal business purposes.

5. Customer Content, Ownership, and Limited License to Operate the Services

5.1 Ownership

As between the parties, you retain all rights in Customer Data and Customer Content. Raven retains all rights in the Services, including software, workflows, and underlying technology.

5.2 Limited license to provide the Services

You grant Raven a limited license to host, process, transmit, display, and otherwise use Customer Data to:

provide the Services and requested features;
improve, secure, maintain, and troubleshoot the Services;
provide support at your request;
prevent abuse/fraud and enforce these Terms; and
comply with legal obligations.

5.3 Enterprise Plans

By default, Customer Content from Enterprise plan customers is not used to improve the Service.

5.4 Outputs

You may use outputs generated by the Services in accordance with these Terms and applicable law. Raven does not claim ownership of your outputs.

5.5 Feedback

If you provide feedback or suggestions, you grant Raven a worldwide, royalty-free, irrevocable license to use them to improve the Services, without identifying you as the source unless you agree.

6. AI Features, Model Providers, and Model Training

6.1 Processing to provide requested features

Some features may process Customer Content (including prompts and other inputs) to generate outputs and deliver requested functionality. Raven processes such inputs only to provide the requested feature, plus the limited purposes in Section 5.2.

6.2 No training / no fine-tuning on Customer Content

Raven does not use Customer Content (including prompts, CAD files, and generated outputs) to train, fine-tune, or otherwise improve any AI/ML models, including:

Raven's own models, and
any third-party Model Provider models.

6.3 Third-party Model Providers (if used)

If Raven uses a Model Provider for inference:

Raven will share only the minimum Customer Content necessary to perform the request; and
Raven will contractually prohibit the Model Provider from using Customer Content to train or fine-tune its models.

6.4 Customer-Provided Model Providers (Enterprise)

Enterprise Customers may choose to configure a Customer-Provided Model Provider (for example, using the Customer's own third-party APIs, credentials, endpoints, or accounts). If an Enterprise Customer configures a Customer-Provided Model Provider, Raven may route relevant requests to that provider where required to deliver the requested features.

In that case:

the Customer is responsible for its relationship, terms, and compliance with the Customer-Provided Model Provider;
Raven will send only the minimum Customer Content necessary to perform the request; and
Raven still does not train or fine-tune models on Customer Content.

6.5 Human access

Raven personnel do not access Customer Content except:

to provide support requested by you (and where feasible, with your authorization),
to investigate and mitigate security incidents, abuse, or fraud, or
to comply with law.

7. Usage Data and Improvement of the Services

7.1 Usage Data collection

Raven may collect and use Usage Data to operate, secure, maintain, and support the Services, including monitoring performance, diagnosing errors, and detecting abuse.

7.2 Non-Enterprise Plans: improvement of the Services

If you are on a Non-Enterprise Plan, Raven may use Usage Data to improve the Services (e.g., reliability, performance, user experience, feature development). For clarity, this does not involve training or fine-tuning AI/ML models on Customer Content (see Section 6.2).

7.3 Enterprise Plans: opted out by default; optional opt-in

Enterprise Plans are opted out by default from Raven's use of Usage Data for improvement of the Services (i.e., product analytics and improvement activities beyond what is necessary to provide and secure the Services).

An Enterprise Customer may choose one of the following options:

(A) Opt-in to general improvement of the Services. If the Enterprise Customer opts in, Raven may use Usage Data (and, where applicable, limited interaction metadata) to improve the Services generally.
(B) Opt-in to tenant-isolated improvement (ring-fenced). If the Enterprise Customer opts in to tenant-isolated improvement, Raven may use Usage Data to improve the Services only for that Enterprise Customer's environment (e.g., performance tuning, configuration improvements, reliability and quality enhancements specific to that tenant). In this mode, Raven will not use that Enterprise Customer's data to improve the Services for other customers.

How to opt in / change settings: The Enterprise Customer's Administrator may request opt-in (and choose option A or B) by contacting legal@raven.build (or via an admin console setting if available). Raven may require verification of administrator authority before applying changes.

7.4 What "opt-out by default" does not restrict

Even for Enterprise Plans that are opted out by default (or that choose tenant-isolated improvement), Raven may still process a minimal subset of Usage Data strictly necessary to:

provide core functionality (authentication, authorization, licensing, essential uptime monitoring),
maintain security and prevent abuse/fraud,
comply with legal obligations, and
administer billing/account management.

7.5 Aggregated/de-identified data

Raven may create aggregated or de-identified data derived from Usage Data and use it for legitimate business purposes, provided it does not reasonably identify you or any individual.

8. Data Location and International Use

8.1 EU hosting and processing (baseline)

Raven's Services are designed so that, to the extent Raven can control, Customer Data is hosted and processed in the European Union (EU) or Switzerland.

8.2 Limited exceptions

In limited circumstances, certain processing may occur outside the EU or Switzerland if:

you configure or request an integration/workflow that transfers data outside the EU/Switzerland,
you configure a Customer-Provided Model Provider whose processing occurs outside the EU/Switzerland, or
required by law.

8.3 Data Processing Agreement

To the extent Raven processes Personal Data on behalf of Customer, the parties agree that Raven's Data Processing Agreement ("DPA"), available at https://raven.build/dpa, is incorporated into and forms part of these Terms. In the event of any conflict between the DPA and these Terms with respect to data protection matters, the DPA will control.

9. Fees, Billing, and Payment

9.1 Self-serve billing (Stripe)

Non-Enterprise Plans may be purchased and managed via Stripe (our payment processor). By subscribing, you authorize Stripe to process payments on your behalf.

Raven does not store full payment card details; Stripe processes payment information according to its terms and privacy practices. Raven typically receives limited billing and payment status information.

9.2 Taxes

Fees are exclusive of taxes unless stated otherwise. You are responsible for applicable taxes except those based on Raven's net income.

10. Confidentiality

Each party may receive non-public information from the other. The receiving party will protect it using reasonable care and use it only to perform under these Terms. Standard exceptions apply (public information, independently developed, lawfully received without restriction, etc.).

11. Warranties and Disclaimers

To the maximum extent permitted by law, the Services are provided "as is" and "as available." Raven disclaims all implied warranties, including merchantability, fitness for a particular purpose, and non-infringement.

AI outputs may be incorrect or incomplete. You are responsible for verifying outputs before relying on them in manufacturing, safety-critical, or regulated uses.

12. Limitation of Liability

To the maximum extent permitted by law:

Raven's total liability arising out of or related to the Services will not exceed the fees paid (or payable) by Customer in the 6 months preceding the event giving rise to the claim.
Neither party is liable for indirect, incidental, special, consequential, or punitive damages, or lost profits/revenue.
Nothing limits liability that cannot be limited under mandatory law.

13. Term and Termination

Your subscription term depends on your Plan. Raven may suspend or terminate access for material breach, non-payment (where applicable), or security reasons. Upon termination, access ends and data handling follows our operational retention and deletion practices described in our Privacy Policy (including limited backup retention for security and compliance).

14. Governing Law and Venue

These Terms are governed by the laws of Switzerland, without regard to conflict-of-law rules. The courts of Zurich, Switzerland have exclusive jurisdiction, unless mandatory law requires otherwise.

15. Changes

We may update these Terms with reasonable notice (e.g., posting and/or email). Changes do not apply retroactively.

16. Contact

Questions about these Terms: legal@raven.build