riivet is the all-in-one operating system for insurance restoration contractors. It replaces disconnected subscriptions (CRMs, scanning apps, estimating platforms, scheduling software, e-signature services, analytics dashboards, and more) with 20 integrated features on a single platform.

What software does riivet replace?

riivet replaces DASH, Albi, Xcelerate, PSA, and JobNimbus (CRM), DocuSketch and MatterPort (scanning), Encircle (contents), DocuSign (e-signatures), PowerBI and Forecastr (analytics), Zapier (automations), Slack (messaging), Trainual (training), NectarHR (employee rewards), and EOS/Traction (business operations), all in one platform.

How much does riivet cost compared to using separate tools?

Restoration companies typically spend $60,000 to $80,000+ per year on fragmented software subscriptions plus connector fees. riivet consolidates all of these into a single platform at a fraction of the cost, eliminating duplicate subscriptions, Zapier fees, and the hidden cost of manual data re-entry.

Is riivet available now?

riivet is currently in private alpha testing with 15 selected restoration companies. Public beta launch is expected between May and June 2026. You can request early access at riivet.ai/demo.

Can I import data from my current CRM into riivet?

Yes. riivet supports data import from any existing CRM. The onboarding process is designed to get your team up and running on Day 1 of launch with all your historical data intact.

Legal

Privacy Policy

Last updated: April 22, 2026

Automate HQ, Inc. ("Company," "we," "us," or "our"), a Delaware C-Corporation, operates the riivet platform and website at riivet.ai (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use the Service.

When a customer organization uses riivet to process information about its own end customers, employees, or contacts, riivet acts as a data processor on that organization's behalf. Please contact the organization directly for questions about their handling of your data. This policy describes our practices as a controller of information we collect directly (for example, through our website, demo requests, and marketing communications) and as a processor on behalf of our business customers.

1. Information We Collect

Personal Information

We may collect personally identifiable information you voluntarily provide when you register for the Service, book a demo, subscribe to communications, or contact us. This includes name, email address, phone number, company name, job title, billing information, and any other information you choose to provide.

Service Data

When you use the Service, we process the information your organization enters into it, including customer records, project details, photos, documents, and claim-related information. Your organization is the controller of this data; we process it as a service provider on your organization's instructions.

Usage Data

We automatically collect certain information when you visit, use, or navigate the Service, including device information, browser type, IP address, pages visited, time spent on pages, referring URLs, and other diagnostic data. Error telemetry is scrubbed of personally identifiable information before it leaves our infrastructure.

Cookies and Tracking

We use cookies, web beacons, and similar tracking technologies to collect information about your activity on our Service. For details, please see our Cookie Policy.

2. Categories of Personal Information Collected

For clarity (and to meet state privacy law disclosure requirements), the categories of personal information we may collect, and the sources from which we collect them, are:

Identifiers. Name, email address, phone number, account credentials, IP address, collected from you directly or from your device.
Commercial information. Company name, job title, subscription and billing records, collected from you or our payment processor.
Internet or network activity. Browsing data, pages viewed, feature usage, collected from your device via cookies and analytics.
Geolocation data. Approximate location derived from IP address; we do not collect precise GPS location from the marketing website. EXIF GPS metadata is stripped from images uploaded to the Service.
Professional or employment information. Role, company, team size, collected from you when you submit a demo request or sign up.
Inferences. Limited product-fit inferences drawn from the above to tailor marketing communications.

We do not knowingly collect sensitive personal information (such as government identifiers, precise health data, or biometric data) through the marketing website. Service Data uploaded by Customer's organization may contain sensitive information about the organization's own customers (for example, insurance claim numbers and property addresses); that information is governed by Customer's agreement with us.

3. How We Use Your Information

We use the information we collect to provide, operate, and maintain the Service; to improve, personalize, and expand the Service; to communicate with you (including customer service, updates, and marketing); to process transactions; to detect and prevent fraud; to comply with legal obligations; and to enforce our Terms of Service. We do not use Customer Data to train AI models.

4. Sharing of Information

We share information in the following situations:

With service providers who assist us in delivering the Service.
To comply with legal obligations, court orders, or valid government requests.
To protect and defend our rights, property, and the safety of our users.
With your explicit consent or at your direction.
In connection with a merger, acquisition, financing, or sale of assets (subject to this Privacy Policy's protections).

We do not sell personal information. We do not share personal information for cross-context behavioral advertising.

5. Data Security

We implement administrative, technical, and physical safeguards designed to protect your personal information. These include:

Tenant isolation via PostgreSQL Row Level Security on every customer-data table, with organization ownership derived server-side from the authenticated session.
Encryption of data in transit (TLS 1.2+) and at rest (AES-256).
Expiring signed URLs for file downloads.
Image EXIF and GPS metadata stripping on upload.
Multi-factor authentication enforced on all administrative platform access.
Daily encrypted backups with 7-day point-in-time recovery.
Peer review and automated safety gates on every production change.
Documented incident response procedures with 72-hour notification commitments where applicable under GDPR Article 33 and similar laws.

No method of transmission or storage is 100% secure. While we strive to use commercially reasonable means to protect your information, we cannot guarantee absolute security. A summary of our controls and compliance posture is available on our Security page. If we become aware of a security incident that affects your personal information, we will notify you in accordance with applicable law.

6. Data Retention

We retain personal information only for as long as necessary to provide the Service, meet legal obligations, resolve disputes, and enforce agreements. Our default retention schedule:

Active customer data: retained for the duration of the subscription.
Customer-authored content after account deletion: 30-day grace period, then permanent deletion.
Insurance claim and financial records: 7 years after account closure, to meet tax and insurance statute-of-limitations requirements.
Marketing and CRM activity records: 1 year after account closure.
Audit logs: 7 years, retained in an anonymized form after account closure.
AI task / usage records: 90 days on a rolling basis; deleted at account closure.
Authentication sessions: revoked immediately on account closure.

Active legal holds or pending insurance disputes may require retention beyond these defaults. We will inform affected individuals where legally permitted.

7. Your Privacy Rights

Depending on your location, you may have rights regarding your personal information, including the right to access, correct, or delete your data; the right to restrict or object to processing; the right to data portability; and the right to withdraw consent. To exercise these rights, contact us at privacy@riivet.ai. We will respond within 30 days (or as otherwise required by applicable law) and may need to verify your identity before acting on the request.

8. California Privacy Rights (CCPA / CPRA)

California residents have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

The right to know what personal information we collect, use, disclose, and retain. The categories are set out in Section 2.
The right to request deletion of your personal information.
The right to correct inaccurate personal information.
The right to opt out of the sale or sharing of personal information. We do not sell or share personal information for cross-context behavioral advertising.
The right to limit the use and disclosure of sensitive personal information.
The right to non-discrimination for exercising any of these rights.

We will respond within 45 days as required by the CCPA (extendable by another 45 days for complex requests with notice to you). To exercise these rights, contact privacy@riivet.ai. An authorized agent may submit a request on your behalf with appropriate written authorization.

9. Other U.S. State Privacy Rights

If you reside in Virginia, Colorado, Connecticut, Utah, Texas, Montana, Oregon, Delaware, Iowa, Tennessee, or another U.S. state that has enacted a consumer data privacy law, you may have rights similar to those described in Section 8, including rights to access, correct, delete, obtain a copy of, and opt out of the sale, sharing, or targeted-advertising use of your personal information. In some states, you may also have the right to appeal a denial of a request. To exercise any of these rights, email privacy@riivet.ai. We will respond within the timeframe required by your state's law. We do not engage in the "sale" of personal information or "targeted advertising" as those terms are defined by these laws.

10. European Economic Area, United Kingdom, and Swiss Rights (GDPR)

If you are in the European Economic Area, the United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR), UK GDPR, and the Swiss Federal Act on Data Protection grant you the following rights with respect to your personal data:

Access (Article 15): Obtain confirmation of whether we process your personal data and receive a copy.
Rectification (Article 16): Correct inaccurate or incomplete personal data.
Erasure (Article 17): Request deletion of personal data where applicable.
Restriction (Article 18): Restrict processing in certain circumstances.
Portability (Article 20): Receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.
Objection (Article 21): Object to processing based on our legitimate interests or for direct marketing.
Withdrawal of consent (Article 7(3)): Withdraw consent at any time where processing is based on consent.
Complaint (Article 77): Lodge a complaint with your local supervisory authority.

Lawful basis. We process personal data on the following bases: performance of a contract; our legitimate interests in operating and improving the Service; compliance with a legal obligation; and consent, where applicable.

GDPR response timeline. We will respond to requests within one month of receipt, extendable by up to two additional months for complex or numerous requests, with notice to you.

Data Protection Officer and EU Representative. We have not appointed a formal Data Protection Officer, as our processing activities do not currently meet the mandatory designation thresholds under GDPR Article 37. For EU-related inquiries, contact privacy@riivet.ai. If we are required under Article 27 to appoint an EU/UK representative in the future, we will identify that representative here.

To exercise any of these rights, contact privacy@riivet.ai. Business customers can review the processor obligations we have committed to in our Data Processing Agreement.

11. International Data Transfers

Our primary infrastructure is located in the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the U.S. When personal data of individuals in the European Economic Area, United Kingdom, or Switzerland is transferred to the United States or any jurisdiction not deemed adequate under applicable law, we rely on the European Commission's Standard Contractual Clauses (Module Two), the UK International Data Transfer Addendum, and equivalent safeguards. Our Data Processing Agreement documents these transfer mechanisms for business customers.

12. Automated Decision-Making and Profiling

The Service includes AI-assisted features (for example, AI-generated estimates, automated task routing, and AI-assisted drafting for carrier communications) that use data you or your organization enter to produce suggestions or draft outputs. These features are designed to support, not replace, human decision-making; a Riivet user always reviews and approves AI-generated output before it is relied on or sent externally. We do not make decisions that produce legal or similarly significant effects about Data Subjects solely through automated means, and we do not train AI models on Customer Data. If you believe an automated decision has been made about you and you wish to exercise rights under GDPR Article 22, contact privacy@riivet.ai.

13. Third-Party Links and Services

The Service may contain links to third-party websites, integrations, and services that we do not own or operate. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party service before providing them with your information. We are not responsible for the content, privacy policies, or practices of third-party websites or services.

14. Children's Privacy

Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have inadvertently collected personal information from a child under 18, we will take steps to delete that information. If you believe a child has provided us with personal information, please contact us at privacy@riivet.ai.

15. Do Not Track Signals

Some browsers support a "Do Not Track" (DNT) signal. We respect DNT signals on our marketing website for analytics cookies. No standard exists for how online services should respond to DNT signals in all contexts, so our handling of the signal may evolve as standards mature.

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated Policy on this page and updating the "Last updated" date. For material changes, we will provide additional notice where appropriate (for example, by email or in-app notification). We encourage you to review this Privacy Policy periodically.

17. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us at privacy@riivet.ai, or write to: Automate HQ, Inc. (a Delaware C-Corporation). For security-specific concerns, please contact security@riivet.ai.