Privacy Policy

Last updated: May 14, 2026

AITOC LLC ("we", "us", or "our") operates the RAFAI mobile application (the "App"). This Privacy Policy explains how your information is handled when you use the App.

1. Your Time Study Data Stays on Your Device

We do not collect, store, or have access to your time study data. All of your time study entries, activity descriptions, categories, study configurations, and settings are stored exclusively on your device using Apple's on-device database. None of this data is ever sent to our servers. We cannot see it, and we do not have a copy of it.

We do not collect analytics, usage data, or device identifiers. We do not use cookies or tracking technologies. We do not track your location.

2. Registration & Onboarding

When you first open RAFAI, you are asked to register by providing your name, work email, company name, number of employees, and revenue range. The same form is available on our website. This information is stored securely using Google cloud infrastructure and is used to:

• Generate a company code and QR code that grants access to the App
• Verify your email address via a one-time code
• Understand the types of businesses using RAFAI

This registration data is separate from your time study data. Your time studies, entries, and activity logs never leave your device. The registration information does not include any of your tracked activities or time data.

3. AI Categorization (Optional)

RAFAI offers an optional AI-powered categorization feature. This feature is off by default — it only activates if you choose to enable it and configure an LLM provider yourself.

If you enable this feature, your time study entries are sent directly from your device to the LLM provider you select (such as OpenAI, xAI, Google, or a custom LLM URL you provide). The LLM provider will be able to see the entries you send for categorization. We (AITOC) never see, route, or store this data — the connection is between your device and the provider you chose.

You supply your own API key, which is stored securely in your device's Keychain. Each provider's own privacy policy governs how they handle the data you send them.

4. Team Features

If you join a company using a team code or QR invite, a record of your membership is stored securely using Google cloud infrastructure. This includes only the company code and a join timestamp. Your time study entries and activity data are never shared with your team or uploaded to any server.

The App uses Google cloud services solely for anonymous authentication and company code validation. No personal data is sent beyond an anonymous session identifier.

5. Data Sharing

We do not sell, rent, or trade your personal information. We do not share your data with advertisers or data brokers. We have no access to your time study data in the first place.

The only external data transmission occurs when:

• You register for the App (name, email, company info stored securely via Google cloud infrastructure)
• You explicitly enable AI categorization (entries sent to your chosen LLM provider, not to us)
• You use the team join feature (anonymous identifier only)

6. Data Export and Deletion

• You can export your data at any time using the CSV export feature within the App
• You can delete individual entries, entire time studies, or all your data directly in the App
• Uninstalling the App removes all locally stored data from your device
• To request deletion of any server-stored registration or team membership data, contact us at the address below

7. Children's Privacy

The App is not intended for use by children under the age of 13. We do not knowingly collect information from children under 13.

8. Security

We protect your data through local-only storage, Keychain encryption for sensitive credentials, and anonymous authentication for team features. No data is transmitted to our servers, minimizing exposure to external threats.

9. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, delete, or export your personal data. Since your data is stored locally on your device, you have direct control over it at all times. For any server-stored data related to registration or team features, contact us to exercise your rights.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by updating the "Last updated" date at the top of this page. Continued use of the App after changes constitutes acceptance of the revised policy.

11. Contact Us

If you have questions about this Privacy Policy or your data, contact us at:

AITOC LLC
Email: contact@aitoc.co
App: https://rafai.aitoc.io
Company: https://www.aitoc.co