Raison

Privacy Policy

Last updated: February 19, 2026

1. Introduction & Data Controller

Welcome to Raison. This Privacy Policy explains how Coyotiv GmbH ("we," "our," or "us"), as the data controller, collects, uses, and safeguards your personal data when you use our AI prompt management platform at raison.ist.

Data Controller: Coyotiv GmbH, c/o Factory Works GmbH, Rheinsberger Straße 76/77, 10115 Berlin, Germany.

By using Raison, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our services.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Name and email address — provided directly at sign-up, or via Google OAuth
  • Password (hashed) — for email/password accounts; never stored in plain text
  • Profile picture — retrieved from your Google account (if using Google OAuth)
  • OAuth provider ID — to link your account securely when using Google sign-in

2.2 Organization & Team Data

When you create or join an organization, we collect and store:

  • Organization name, industry, and size — provided during onboarding
  • Member list and roles — who belongs to the organization and their access level
  • Invitation records — email addresses of invited members

2.3 Prompt and Configuration Data

As the core of our service, we store the prompts, versions, and deployment configurations you create:

  • Prompt content and versions — the text and metadata of all prompt versions you create and publish
  • Drafts — work-in-progress prompt edits, stored per user per prompt
  • Deployment records — which prompt versions are active per environment
  • Projects and environments — your project structure and environment configuration

Core prompt storage and delivery: We do NOT transmit your stored prompts to any external AI provider. Your prompts live in our database and are served to your application via our API and SDK. AI model calls using those prompts are made on your side using your own provider credentials.

AI Prompt Builder (BRAID): BRAID (Bounded Reasoning for Autonomous Inference and Decisions) is a structured prompting framework. The AI Prompt Builder uses BRAID together with OpenAI's language models to help you design Mermaid-based reasoning diagrams through a conversational interface. When you use this feature:

  • Your chat messages, your current prompt content, and any Handlebars variables are sent to OpenAI for processing. Your data is not used to train any AI models, as expressly prohibited under our agreement with OpenAI.
  • Your full BRAID conversation history (messages, generated diagrams, edits) is stored in our database, linked to your draft.
  • BRAID conversations are automatically deleted when you delete the associated draft, or when your account is closed.

2.4 Usage Data

We collect usage data to operate and improve the service:

  • API request counts — number of prompt fetches per environment
  • Activity timestamps — when versions were created, approved, or deployed
  • Error rates — aggregate counts of failed requests for reliability monitoring
  • IP addresses — used for rate limiting and security; not stored long-term

2.5 Payment Information

Payment processing is handled entirely by Polar. We do not store credit card numbers or bank account details. We only receive:

  • Subscription status and plan type
  • Billing history and invoice records
  • Last four digits of payment method (for display purposes)

2.6 Cookies and Tracking

We use cookies for:

  • Essential cookies — required for authentication and session management
  • Analytics cookies — to understand how users interact with our website (optional)
  • Preference cookies — to remember your settings and choices (optional)

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area, we process your personal data under the following legal bases (Article 6 GDPR):

  • Contract performance (Art. 6(1)(b)) — processing your account data, prompt data, and billing information is necessary to provide the Service you signed up for
  • Legitimate interests (Art. 6(1)(f)) — processing usage data, IP addresses for rate limiting, and security monitoring to maintain service reliability and protect against abuse
  • Legal obligation (Art. 6(1)(c)) — retaining billing records for 7 years as required by German tax law
  • Consent (Art. 6(1)(a)) — optional analytics cookies and marketing communications, which you can withdraw at any time

4. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our prompt management platform
  • Serve prompt versions to your applications via our API and SDK
  • Operate the BRAID AI Prompt Builder within our system
  • Manage organization membership, roles, and invitations
  • Process payments and manage your subscription
  • Send transactional emails (verification, invitations, billing alerts)
  • Enforce rate limits and protect against abuse
  • Respond to your support requests
  • Generate aggregate analytics to improve service reliability
  • Comply with legal obligations

We will only send marketing communications if you have explicitly opted in. You can unsubscribe at any time.

5. Third-Party Services

We share data with the following third-party services:

ServicePurposeData Shared
GoogleOAuth authenticationOAuth tokens, email, profile info
PolarPayment processingBilling details, subscription info
OpenAIAI inference for the BRAID AI Prompt BuilderYour BRAID chat messages, current prompt content, and Handlebars variables
ResendTransactional emailsEmail address, name
Vercel AnalyticsWebsite analytics (landing page)Anonymized page view data

All third-party services are bound by their own privacy policies and data processing agreements. We only work with providers who maintain appropriate security standards.

6. Data Retention

We retain your data according to the following schedule:

  • Account data — retained while your account is active; deleted upon account closure
  • Prompt versions and deployment history — retained while your account is active; deleted upon account closure
  • Drafts — retained until you delete them or publish a version; deleted upon account closure
  • BRAID conversations — stored in our database and linked to your draft. This includes your chat messages, AI responses, and generated Mermaid diagrams. Conversations are automatically deleted when you delete the associated draft, or when your account is closed.
  • Usage statistics — retained indefinitely in anonymized form for analytics
  • Billing records — retained for 7 years as required by German tax law
  • IP addresses (rate limiting) — held in memory; cleared automatically when the rate limit window expires (not written to persistent storage)

When you close your account, all personally identifiable information is removed. Anonymous usage statistics are retained for service improvement and cannot be linked back to you.

7. Your Rights

Under GDPR and other applicable laws, you have the following rights. To exercise any of them, contact us at contact@raison.ist.

7.1 Right to Access

You can request a copy of all personal data we hold about you by contacting us at contact@raison.ist. We will respond within 30 days.

7.2 Right to Rectification

You can update your name and email through your account settings, or contact us for other corrections.

7.3 Right to Erasure ("Right to be Forgotten")

You can request account closure by contacting us at contact@raison.ist. Upon closure, we will:

  • Delete all personally identifiable information
  • Delete all prompts, versions, drafts, and organization data you own
  • Anonymize your usage data (retained for analytics)
  • Cancel any active subscriptions at the end of the billing period
  • Revoke all API keys associated with your account

Billing records are retained for 7 years as required by law even after account closure.

7.4 Right to Data Portability

You can request an export of your prompt data by contacting us at contact@raison.ist. We will provide your data in a machine-readable JSON format within 30 days.

7.5 Right to Object

You can opt out of non-essential data processing, including marketing communications and optional analytics cookies, at any time.

7.6 Right to Withdraw Consent

Where we rely on your consent (e.g., optional cookies, marketing emails), you can withdraw it at any time. Withdrawal does not affect processing that occurred before the withdrawal.

7.7 Right to Lodge a Complaint

If you believe we have not handled your data correctly, you have the right to lodge a complaint with your local data protection authority. In Germany, this is the Berliner Beauftragte für Datenschutz und Informationsfreiheit (BlnBDI).

8. Data Security

We implement industry-standard security measures to protect your data:

  • All data is encrypted in transit using TLS 1.3
  • Passwords are hashed using a strong one-way hashing algorithm; never stored in plain text
  • API keys are hashed and never stored in plain text
  • Database access is restricted and logged
  • Environment-scoped API keys to limit access blast radius
  • Rate limiting on all API endpoints to protect against abuse

While we strive to protect your data, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

9. International Data Transfers

Our infrastructure is hosted in the European Union. If you are accessing our service from outside this region, your data may be transferred to and processed in the European Union.

However, when you use the BRAID AI Prompt Builder, your chat messages and prompt content are processed by OpenAI, whose servers are located in the United States. This transfer is governed by OpenAI's data processing agreement and applicable Standard Contractual Clauses (SCCs).

For all other transfers outside the European Economic Area, we rely on Standard Contractual Clauses (SCCs) or other appropriate safeguards to ensure adequate protection of your personal data.

10. Children's Privacy

Our service is not intended for children under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at contact@raison.ist.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the updated policy on this page
  • Updating the "Last updated" date
  • Sending an email notification for significant changes

Your continued use of the service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

  • Email: contact@raison.ist
  • Address: Coyotiv GmbH, c/o Factory Works GmbH, Rheinsberger Straße 76/77, 10115 Berlin, Germany

For GDPR-related inquiries, you may also contact our Data Protection Officer at legal@raison.ist.

13. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

  • Right to Know — what personal information we collect and how we use it
  • Right to Delete — request deletion of your personal information
  • Right to Opt-Out — of the sale of personal information (we do not sell your data)
  • Right to Non-Discrimination — for exercising your privacy rights

To exercise these rights, contact us at contact@raison.ist.