Privacy Policy

Effective Date: May 12, 2026

1. Introduction

This Privacy Policy explains how Michael Kiser Consulting ("we," "us," or "the Company"), operating RAVS Pass at ravspass.com ("the Service"), collects, uses, shares, and protects your personal information. By using the Service, you consent to the practices described in this policy.

2. Information We Collect

We collect the following categories of information:

Account Information

  • Email address — used for account login, communication, and password recovery
  • Name — used to personalize your account and generated documents
  • Password hash — your password is cryptographically hashed before storage. We never store or have access to your plaintext password.

Uploaded Content

  • Safety documents — documents you upload for review or repair, including PDFs, DOCX files, and pasted text
  • Company information — details you provide about your company and industry for program building

Service Data

  • Review results — compliance grades, deficiency reports, and element-by-element assessments generated by the AI
  • Build results — complete safety programs generated by the AI
  • Purchase history — records of your transactions, including tier purchased, amount paid, and date

Automatically Collected Information

We may collect standard technical information such as your IP address, browser type, and device information through server logs. This data is used for security, troubleshooting, and service improvement.

3. How We Use Your Information

We use your information for the following purposes:

  • Account management: Creating and maintaining your account, authenticating logins, and communicating with you about your account
  • AI processing: Sending your uploaded document text to our AI provider (Anthropic) to perform reviews, repairs, and program builds
  • Payment processing: Processing your purchases securely through Stripe
  • Service delivery: Generating compliance reports, rewritten documents, and new safety programs
  • Service improvement: Understanding how the Service is used to improve its accuracy and features
  • Legal compliance: Meeting legal obligations, resolving disputes, and enforcing our Terms of Service

4. Third-Party Services

We use the following third-party services to operate RAVS Pass. Each has its own privacy policy governing the data they process:

Anthropic (AI Processing)

Your uploaded document text is sent to Anthropic's Claude API for AI-powered review, repair, and program generation. Anthropic processes your document text to generate compliance assessments and safety programs. Under Anthropic's API terms, data sent through their API is not used to train their models and is not stored permanently by Anthropic. Anthropic may retain API inputs and outputs for a limited period (typically 30 days) for trust and safety purposes. For full details, refer to Anthropic's Privacy Policy.

Stripe (Payment Processing)

All payment transactions are processed through Stripe. We do not store your credit card number, CVV, or full payment card details on our servers. Stripe collects and processes payment information in accordance with PCI DSS standards. For full details, refer to Stripe's Privacy Policy.

Vercel (Hosting)

The Service is hosted on Vercel's infrastructure. Vercel may collect standard server logs including IP addresses and request metadata. For full details, refer to Vercel's Privacy Policy.

PostgreSQL Database

Your account information, review results, build results, and purchase history are stored in a PostgreSQL database. This database is secured with encryption and access controls. We do not share raw database contents with any third party.

5. Cookies

RAVS Pass uses cookies strictly for essential functionality:

  • Session cookies (NextAuth): These cookies maintain your login session so you stay authenticated as you navigate the Service. They are essential for the Service to function and cannot be disabled.

We do not use advertising cookies, tracking pixels, or third-party analytics cookies. We do not engage in cross-site tracking.

6. Data Retention

We retain your data as follows:

  • Account information: Retained for as long as your account is active. If you request account deletion, we will delete your personal information within 30 days.
  • Uploaded documents: Retained in our system to allow you to access your review and build results. You may request deletion at any time.
  • Review and build results: Retained so you can access your generated reports and documents. Deleted upon account deletion or upon request.
  • Purchase history: Retained for accounting and legal purposes as required by applicable law, even after account deletion.
  • Data sent to Anthropic: Anthropic may retain API data for up to 30 days for trust and safety purposes, after which it is deleted per their retention policy.

7. Data Security

We implement reasonable technical and organizational measures to protect your personal information, including:

  • Passwords are stored as cryptographic hashes, never in plaintext
  • All data in transit is encrypted via HTTPS/TLS
  • Database access is restricted and secured with access controls
  • Payment processing is handled by Stripe, a PCI DSS-compliant processor

No method of electronic storage or transmission is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Your Rights

You have the following rights regarding your personal information:

  • Access: You may request a copy of the personal information we hold about you.
  • Correction: You may request that we correct any inaccurate personal information.
  • Deletion: You may request that we delete your account and associated personal information. We will process deletion requests within 30 days. Some data (such as purchase history) may be retained as required by law.
  • Data portability: You may request your data in a machine-readable format.

To exercise any of these rights, contact us at info@ravspass.com.

9. California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights:

  • Right to know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the sources of that information, the business purposes for collecting it, and the categories of third parties with whom we share it.
  • Right to delete: You may request deletion of your personal information, subject to certain exceptions permitted by law.
  • Right to opt out of sale: We do not sell your personal information. We have never sold personal information and have no plans to do so.
  • Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights. You will not receive different pricing or a different level of service for exercising your rights.

To submit a CCPA request, contact us at info@ravspass.com. We will verify your identity before processing any request and respond within 45 days.

10. Children's Privacy

RAVS Pass is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from anyone under 18 years of age. If we become aware that a user is under 18, we will take steps to delete their account and personal information promptly. If you believe a minor has provided us with personal information, please contact us at info@ravspass.com.

11. Data Sharing

We do not sell, rent, or trade your personal information. We share your data only in the following circumstances:

  • Service providers: With the third-party services described in Section 4 (Anthropic, Stripe, Vercel) solely for the purpose of operating the Service
  • Legal requirements: When required by law, legal process, or government request
  • Protection of rights: When necessary to protect the rights, safety, or property of Michael Kiser Consulting, our users, or the public
  • Business transfers: In connection with a merger, acquisition, or sale of assets, in which case your data would remain subject to this Privacy Policy

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. Your continued use of the Service after changes are posted constitutes your acceptance of the revised policy. We encourage you to review this policy periodically.

13. Contact Information

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

Michael Kiser Consulting
Email: info@ravspass.com