Trust & policies
Privacy Policy
This page covers
Have a question?
[email protected]
Questions about privacy, billing, or your account? Email our support team and we will do our best to help.
Overview
We believe people should not have to guess how their information is handled. This Privacy Policy explains, in clear terms, what Rivya collects, why we need it, how we use it, and the choices you have when you visit the website, create an account, contact us, or use Rivya for chat, image, video, and audio generation.
Information We Collect
Account, profile, and contact information
When you create an account, update your profile, or reach out to us, we may collect information such as:
- name
- email address
- account identifiers and authentication records
- third-party sign-in provider identifiers if you choose Google, GitHub, or Discord sign-in
- email verification, password reset, or similar authentication workflow records
- profile image or avatar URL if you upload one
- messages you send to the Rivya team
Billing and transaction information
If you choose to purchase a subscription or credit pack, we may collect or receive:
- customer, checkout, subscription, and invoice identifiers
- plan, package, price, and billing period information
- payment and subscription status
- credit balance, credit transaction history, and related billing metadata
Payment card details are handled by Stripe and are not stored directly by Rivya.
Workspace, prompt, and history data
When you use Rivya, we may store information needed to run the product and keep your workspace connected, including:
- prompts, instructions, and chat messages you submit
- uploaded reference media, related file URLs, and upload metadata
- generation parameters and workflow settings
- model, tool, and workspace selections
- output URLs, result metadata, and task status records
- chat session history, message history, attachment URLs, and usage metadata
- credit settlement and refund records connected to AI runs
Browser extension data
If you use Rivya Prompt Clipper, the extension may read the current page title, page URL, selected text, and meta description after you actively click the extension or its context-menu action.
Version 1 of the extension builds prompts locally in your browser. It does not upload selected text, page content, browsing history, or clipboard contents to Rivya servers by default. If you click Open in Rivya, your browser opens the matching Rivya page with visible UTM attribution so we can understand that the visit came from the extension.
Rivya receives prompt or page content from the extension only if you choose to copy it, paste it into Rivya, and submit it inside the Rivya product.
Technical and security information
We may automatically collect:
- session records and related security metadata
- IP address
- browser, device, and user agent information
- locale or language preference information, including cookie-based locale settings
- log data used for security, fraud prevention, abuse detection, debugging, and service reliability
How We Use Information
We use information to:
- create and manage your account
- authenticate sign-in, verify email addresses, reset passwords, and protect account access
- provide billing, credits, subscriptions, payment support, and customer portal access
- process generation requests, chat requests, reference uploads, and requested outputs
- maintain generation history, chat history, and workspace continuity
- send service, authentication, billing, support, and newsletter-related communications
- investigate abuse, fraud, platform misuse, suspicious activity, or technical failures
- improve product quality, reliability, support operations, and user experience
- respond to support, onboarding, partnership, and privacy requests
Service Providers and Processing
Like most modern software products, Rivya works with third-party providers to operate parts of the service, including:
- Stripe for billing, checkout, subscriptions, and payment-related records
- third-party AI infrastructure for AI generation, chat routing, media uploads, and related task processing
- Resend for account emails, contact emails, and newsletter-related email delivery
- S3-compatible storage providers for assets such as uploaded avatars and stored files
- Google, GitHub, or Discord if you choose those sign-in methods
- infrastructure, hosting, monitoring, or security vendors used to operate the service
- optional analytics, captcha, affiliate, or support-widget providers if those features are enabled in a given deployment
Those providers may process relevant account data, prompts, uploads, outputs, metadata, or transaction information as needed to operate the service you ask us to provide. AI requests routed through third-party AI infrastructure may also involve upstream model or infrastructure providers selected for the workflow you use, but only as part of completing that workflow.
Prompts, Uploads, Chats, and Outputs
When you submit prompts, chat messages, or upload files, Rivya may process that content to provide the requested response or generation and to keep the related task, history, and billing records connected to your account.
Reference files used for AI generation are currently uploaded through Rivya endpoints to third-party AI infrastructure used for generation uploads. Avatar uploads are currently sent to S3-compatible storage configured for the service.
If you can avoid it, please do not submit sensitive personal data, confidential material, or protected information unless you have reviewed your own internal requirements and are comfortable with the operational risks of third-party processing.
Data Retention and Deletion
We try not to keep information longer than we need it. In practice, we retain information for as long as it serves a real operational, legal, or support purpose, including to:
- operate your account
- maintain billing, payment, and credit records
- provide generation history, chat history, and customer support
- meet legal, tax, accounting, security, and dispute-handling obligations
If you delete your account from Settings > Security, account-linked records in Rivya's primary database are generally removed on a cascading basis. In some cases, we may still retain limited records where necessary for billing, fraud prevention, abuse handling, legal obligations, provider-side processing, backups, or security logs.
We may also remove or anonymize information when it is no longer needed for these purposes.
Your Choices
Depending on your location and applicable law, you may have the ability to:
- access or update account information
- delete your account from the product settings
- unsubscribe from marketing or newsletter communication
- manage browser cookies and similar technologies
If you need help with a privacy-related request that is not available directly in the product, please contact us.
Security
We take security seriously and use reasonable administrative, technical, and organizational safeguards to protect information and reduce unauthorized access, misuse, disclosure, or loss. At the same time, no online system can guarantee absolute security.
Children
Rivya is not intended for children under the age required by applicable law to use the service independently. If you believe a child has provided personal information to Rivya without appropriate authorization, please contact us.
Changes to This Policy
We may update this Privacy Policy as Rivya evolves. When we make material changes, we will update the effective date on this page and may provide additional notice when appropriate.
Contact
If anything in this Privacy Policy feels unclear, please contact us. We will do our best to point you in the right direction.