Privacy Policy

Rifframe stores the minimum needed to run an account (your email, the projects you save, your billing status). We do not sell data, we do not run ad tracking, and we use a single optional analytics cookie that you can refuse. You can delete your account and all associated data at any time by emailing us.

Rifframe is operated by an individual based in France. For any data-related question or request, contact us at hello@rifframe.app.

• Account data: email address, hashed password (or OAuth provider identifier if you sign in with Google/GitHub), account creation date.
• Product data: the projects you create and save (section structure, copy text), and the briefs you type into the AI generator.
• Billing data: if you subscribe to Pro, Stripe stores your payment method and we store a Stripe customer ID + subscription status. We never see or store your full card number.
• Technical data: server logs (IP, user agent, URL) kept for up to 30 days for security and debugging. Rate limit counters tied to your user ID, kept up to 30 days.
• Analytics (optional): if you accept the cookie banner, Google Analytics 4 collects page views and aggregated usage events. IP is anonymized. If you refuse, no analytics cookie is set.

• To let you sign in and use the editor.
• To save and load your projects across sessions.
• To process subscriptions, send invoices, and manage your plan.
• To send transactional emails (welcome, payment receipts, cancellation confirmation). We do not send marketing emails.
• To prevent abuse via rate limits.
• To understand which features get used (only if you opted into analytics).

We rely on a small set of vetted third-party processors. All have standard GDPR DPAs and (where applicable) Standard Contractual Clauses for international transfers.

• Supabase (EU region): database hosting, authentication. Stores your account, projects, and billing flags.
• Vercel: application hosting (Edge + Serverless functions). Sees request logs.
• Stripe (Ireland, EU): payment processing and subscription management. Stores your payment method.
• Resend (EU region): delivers transactional emails. Sees your email address.
• Upstash Redis: rate limit counters keyed by user ID. No personal content stored.
• Third-party AI provider: receives your generation brief and the section structure to fill copy. Per their API terms, submitted data is not used to train models. Briefs are sent without your email or account ID.
• Google Analytics 4: optional, only if you accept the cookie banner. Aggregated usage with anonymized IP.

Rifframe uses session cookies set by Supabase Auth (necessary to keep you signed in) and, optionally, a single Google Analytics cookie if you click Accept on the banner. No third-party advertising or cross-site tracking. You can change your analytics choice anytime by clearing the rifframe:analytics-consentkey from your browser's local storage.

• Account & projects: kept as long as your account is active. Deleted when you delete your account.
• Billing records: retained for the legal accounting period (10 years in France) for tax compliance, even after account deletion.
• Server logs: up to 30 days.
• AI generation briefs: not stored long-term on our side. Our AI provider may retain inputs for a short window per their policy.

If you are in the EU/EEA, you have the right to access, rectify, delete, restrict, or port your personal data, and to object to processing. To exercise any of these, email hello@rifframe.app. We respond within 30 days. You can also file a complaint with the CNIL (the French data protection authority).

Connections are HTTPS-only. Passwords are hashed by Supabase Auth. Database access uses Row Level Security so your data is isolated. We don't store payment card numbers. That said, no system is perfectly secure. If you suspect an issue, email us.

If we update this policy, we'll change the date at the top and notify active subscribers by email if the change is material. Continued use after the update means you accept the new version.

For any privacy question or request, email hello@rifframe.app.