Last Updated / Последнее обновление: February 5, 2026
Raava ("we," "us," or "our"), registered in Astana, Kazakhstan, respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered IELTS and SAT preparation platform in accordance with applicable data protection laws including: Law of the Republic of Kazakhstan "On Personal Data and Its Protection" dated May 21, 2013 No. 94-V; Federal Law of the Russian Federation "On Personal Data" No. 152-FZ dated July 27, 2006; General Data Protection Regulation (EU) 2016/679 (GDPR); and other applicable data protection regulations in CIS countries.
Мы обрабатываем ваши персональные данные в соответствии с законодательством Республики Казахстан, Российской Федерации и других стран СНГ о защите персональных данных. Используя наш сервис, вы соглашаетесь с условиями настоящей Политики конфиденциальности.
3.1 Service Delivery and Core Functions: Provide AI tutoring and feedback; generate personalized study plans; track progress and performance; enable social features (challenges, leaderboards); deliver notifications and reminders; provide customer support; process authentication and authorization; maintain platform security.
3.2 AI and Machine Learning: Train and improve AI models for evaluations; develop natural language processing algorithms; enhance speech recognition accuracy; improve score prediction models; personalize content recommendations. Before AI training, personal identifiers are removed and data is anonymized.
3.3 Analytics and Improvement: Analyze user behavior to enhance features; conduct A/B testing; measure feature effectiveness; identify and fix bugs; optimize platform performance; conduct educational research (with aggregated, anonymized data only).
3.4 Communication: Send service updates and notifications; respond to support requests; send transactional emails (payment confirmations, password resets); send promotional communications (with consent - you may opt out); conduct surveys and gather feedback; send security alerts.
3.5 Business Operations: Process payments and prevent fraud; enforce Terms of Service; comply with legal obligations; respond to legal requests; protect intellectual property rights; prevent illegal activities; maintain business records; conduct internal audits.
3.6 Legal Bases for Processing (GDPR/EU Users): (a) Performance of contract: Processing necessary to provide Service; (b) Legitimate interests: Service improvement, security, fraud prevention; (c) Legal obligation: Compliance with tax, accounting, and legal requirements; (d) Consent: Marketing communications, optional features. You may withdraw consent at any time.
We do not sell your personal data. We may share information with:
4.1 Service Providers and Processors:
All service providers are bound by data processing agreements and process data only as instructed.
4.2 Legal Requirements and Protection: When required by law, court order, subpoena, or government regulation in Kazakhstan, Russian Federation, CIS countries, or other jurisdictions; To protect rights, property, or safety of Company, users, or public; In connection with investigation of fraud, security breaches, or illegal activities; To enforce Terms of Service or defend legal claims.
4.3 Business Transfers: In the event of merger, acquisition, bankruptcy, reorganization, or sale of assets, your information may be transferred. You will be notified of any change in ownership or use of personal data, and choices you may have.
4.4 With Your Consent: When you explicitly authorize us to share specific information with third parties; When you participate in social features (leaderboards show usernames and scores publicly); When you connect third-party services or integrations.
4.5 Anonymized and Aggregated Data: We may share anonymized, aggregated statistics and research data that does not identify individuals, for purposes including: industry research, academic publications, marketing materials, investor reports.
Your personal data may be transferred to and processed in countries outside your country of residence, including United States, European Union member states, and other countries where our servers, service providers, and business partners are located. Data protection laws in these countries may differ from laws in your country.
For Kazakhstan and CIS Users: We comply with cross-border data transfer requirements. Personal data of Kazakhstan citizens may be processed in Kazakhstan data centers or transferred abroad with appropriate safeguards. For transfers to countries not ensuring adequate protection, we use Standard Contractual Clauses (SCCs) approved by relevant authorities, binding corporate rules, or other lawful transfer mechanisms.
For EU/EEA Users: We transfer data outside EEA only: (a) to countries with adequacy decision; (b) using Standard Contractual Clauses (SCCs) approved by European Commission; (c) when necessary for contract performance; (d) with your explicit consent. You may request copies of safeguards at privacy@raava.net.
6.1 Access and Portability (Right to Know): Request copy of your personal data in structured, machine-readable format (JSON or CSV). Contact privacy@raava.net.
6.2 Correction (Right to Rectification): Update or correct inaccurate personal information through account settings or by contacting support@raava.net.
6.3 Deletion (Right to Erasure / "Right to be Forgotten"): Request deletion of your account and associated personal data. Deletion requests processed within 30 days. Some data may be retained as legally required (financial records, legal compliance). To delete account: account settings → delete account, or email privacy@raava.net.
6.4 Restriction of Processing: Request limitation of how we process your data in certain circumstances: accuracy of data is contested; processing is unlawful but you don't want deletion; we no longer need data but you need it for legal claims; you objected to processing pending verification.
6.5 Objection to Processing: Object to processing based on legitimate interests or for direct marketing. We will stop processing unless we have compelling legitimate grounds.
6.6 Withdraw Consent: For processing based on consent (marketing, optional features), withdraw consent at any time. Does not affect lawfulness of prior processing.
6.7 Opt-Out of Marketing: Unsubscribe from promotional emails via unsubscribe link in emails or account settings. Transactional/service emails continue.
6.8 Cookie Management: Control cookies through browser settings. Disabling essential cookies may affect Service functionality. See Section 11.
6.9 Complaint to Supervisory Authority:
To exercise any rights, contact: privacy@raava.net or Data Protection Officer: dpo@raava.net. We respond within legally required timeframes: 30 days (GDPR), 45 days (Kazakhstan law).
We implement industry-standard technical and organizational security measures:
However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal data using commercially reasonable means, we cannot guarantee absolute security. You acknowledge that you provide information at your own risk. In the event of a data breach affecting your personal data, we will notify you and relevant authorities within legally required timeframes (72 hours under GDPR, as required by Kazakhstan/Russian law).
Account Data: Retained while account is active plus 30 days after deletion request
User Submissions (essays, recordings): Retained for 90 days after submission for quality assurance, then deleted unless account is active
Chat History: Retained for 90 days, then archived or deleted
Analytics Data: Aggregated and anonymized data retained indefinitely
Payment Records: Retained for 7-10 years for tax, accounting, and legal compliance (as required by Kazakhstan/Russian law)
Support Communications: Retained for 3 years for quality assurance and legal defense
Backup Copies: Deleted during normal backup rotation cycle (typically 90 days)
Legal Hold: Data subject to legal obligations, disputes, or investigations retained until resolved
Our Service is intended for users aged 13 and above in accordance with Children's Online Privacy Protection Act (COPPA) and similar international regulations. We do not knowingly collect personal information from children under 13 without verified parental consent. If we learn that we have collected data from a child under 13 without proper consent, we will delete it promptly within 48 hours of discovery.
Users between 13 and 18 years (or age of majority in jurisdiction) should have parental or guardian consent to use Service. Parents/guardians can contact privacy@raava.net to: review their child's information; request deletion of their child's data; refuse further collection or use of their child's information.
In Kazakhstan and Russian Federation, special provisions regarding processing of minors' personal data under applicable laws apply, including requirements for parental consent and limitations on data processing.
Company: Raava
Address: Astana, Kazakhstan
Privacy Contact: privacy@raava.net
Data Protection Officer: dpo@raava.net
General Support: support@raava.net
Essential Cookies: Required for authentication, security, and core functionality. Cannot be disabled without affecting Service.
Analytics Cookies: Help us understand how users interact with Service (Google Analytics, Vercel Analytics). Can be disabled through cookie preferences.
Preference Cookies: Remember your settings, language, theme. Can be disabled.
Marketing Cookies: Track effectiveness of advertising campaigns (if applicable). Can be disabled.
Control cookies through: (a) Browser settings; (b) Cookie preference center (if enabled); (c) Email privacy@raava.net to opt out. Disabling cookies may affect Service functionality.
We may update this Privacy Policy periodically to reflect changes in practices, legal requirements, or Service features. Material changes will be communicated via email or in-app notification at least 30 days before taking effect. The "Last Updated" date at top of this Policy indicates when it was last revised. Continued use of Service after changes constitutes acceptance of updated Privacy Policy. If you do not agree to changes, discontinue use and request account deletion.