Privacy Policy

Last updated: December 14, 2024

Introduction

At Riff ("we," "us," or "our"), we respect your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, share, and protect information when you use our presentation platform at riff.im (the "Service").

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our practices, please do not use the Service.

1. Information We Collect

Information You Provide

We collect information you provide directly to us, including:

  • Account information: When you sign in with Google, we receive your name, email address, and profile picture
  • Content: Presentations, text, images, and other materials you create or upload
  • Communications: Any messages or feedback you send to us

Information Collected Automatically

When you use the Service, we automatically collect certain information:

  • Usage data: Pages visited, features used, and actions taken within the Service
  • Device information: Browser type, operating system, and device identifiers
  • Log data: IP address, access times, and referring URLs

Cookies and Similar Technologies

We use cookies and similar technologies to maintain your session, remember your preferences, and analyze how you use the Service. You can control cookies through your browser settings, but disabling them may affect functionality.

2. How We Use Your Information

We use the information we collect to:

  • Provide and maintain the Service
  • Store and display your presentations
  • Process your requests and respond to your inquiries
  • Improve and develop new features
  • Analyze usage patterns and optimize performance
  • Send you important updates about the Service
  • Protect against fraud and abuse
  • Comply with legal obligations

3. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

Service Providers

We work with third-party service providers who help us operate the Service:

  • Vercel: Hosting and infrastructure
  • Google: Authentication services
  • AI providers: Image and theme generation (prompts only, not personal data)
  • Analytics providers: Usage analysis (anonymized data)

Public Content

When you publish a presentation, it becomes accessible via a public URL. Anyone with the link can view published content. Unpublished presentations remain private to your account.

Legal Requirements

We may disclose your information if required by law, legal process, or government request, or to protect our rights and the safety of our users.

Business Transfers

If Riff is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

4. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. Specifically:

  • Account data: Retained until you delete your account
  • Presentations: Retained until you delete them or your account
  • Usage logs: Retained for up to 12 months
  • Published content: May be cached by third parties even after deletion

After account deletion, we may retain certain information as required by law or for legitimate business purposes (e.g., fraud prevention).

5. Your Rights and Choices

Access and Export

You can access your presentations and account information through the Service. Your content is stored in markdown format, making it easy to export and use elsewhere.

Correction

You can update your presentations at any time through the editor. Account information is synced from your Google account.

Deletion

You can delete individual presentations through the Service. To delete your account and all associated data, please contact us at hello@riff.im.

Opt-Out

You can opt out of non-essential communications by contacting us. Note that we may still send you important service-related messages.

6. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

  • Encryption: All data is encrypted in transit using HTTPS/TLS
  • Secure infrastructure: Hosted on Vercel with enterprise-grade security
  • Access controls: Limited employee access to personal data
  • Authentication: Secure OAuth 2.0 through Google

However, no method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Third-Party Services

The Service integrates with third-party services that have their own privacy policies:

  • Google (Authentication): https://policies.google.com/privacy
  • Vercel (Hosting): https://vercel.com/legal/privacy-policy

We encourage you to review the privacy policies of any third-party services you interact with through Riff.

8. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us so we can delete it.

9. International Data Transfers

The Service is hosted in the United States through Vercel's global infrastructure. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

By using the Service, you consent to the transfer of your information to countries that may have different data protection laws than your country of residence.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on this page and updating the "Last updated" date.

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes indicates your acceptance of the updated policy.

11. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

Email: hello@riff.im

12. Additional Rights for Specific Regions

European Economic Area (EEA)

If you are in the EEA, you may have additional rights under GDPR, including the right to access, rectify, port, and erase your data, as well as the right to restrict or object to certain processing. To exercise these rights, contact us at hello@riff.im.

California

California residents may have additional rights under CCPA, including the right to know what personal information we collect and how it's used, the right to delete personal information, and the right to opt-out of the sale of personal information (note: we do not sell personal information).