Privacy Policy

1. Information We Collect

Account Information: When you create an account, we collect your name, email address, and authentication credentials. If you sign in via a third-party provider (Google, GitHub, Microsoft), we receive your name and email from that provider.

Prompts and Usage: When you use the Service, we process the text you submit to generate structured prompts. We store prompt history for your convenience. We do not sell or share your prompt content with third parties.

Browser Extension: The RioAsk browser extension stores your preferences and beta access credentials locally in your browser using chrome.storage.local. The extension sends your input text to our API for prompt compilation. It does not access your browsing history, bookmarks, or other browser data beyond the active tab where you invoke it.

Analytics: We use privacy-focused analytics to understand product usage and improve the Service. We collect anonymized usage data (e.g., feature usage counts, error rates, platform detection) to improve the Service. These events are associated with an anonymous session identifier, not your personal identity.

Device Information: During beta access validation, we generate a random device identifier stored locally. We also collect your IP address and user agent string for abuse prevention.

2. How We Use Your Information

• To provide, maintain, and improve the Service
• To authenticate your identity and manage your account
• To process your prompts and deliver results
• To enforce usage limits and prevent abuse
• To send essential service communications (e.g., security alerts, account verification)
• To analyze aggregate usage patterns and improve product quality

3. Data Storage and Security

Your data is stored on secure servers hosted on Microsoft Azure (West Europe region). We use encryption in transit (TLS 1.2+) and at rest. Access tokens are stored in memory only and expire after 15 minutes. Refresh tokens are stored in httpOnly cookies and rotated on every use.

We implement industry-standard security measures including rate limiting, content moderation, and abuse detection.

4. Data Sharing

We do not sell, rent, or trade your personal information. We may share data only in the following limited circumstances:

• AI Model Providers: We send prompt content to trusted AI model providers (e.g., OpenAI, Anthropic) to generate responses. No personal account information is shared with these providers.
• Legal Requirements: We may disclose information if required by law, regulation, or legal process.
• Safety: We may disclose information to protect the rights, safety, or property of our users or the public.

5. Your Rights

You have the right to:

• Access your personal data
• Request correction of inaccurate data
• Request deletion of your account and associated data
• Export your prompt history
• Withdraw consent for optional data processing

To exercise these rights, contact us at privacy@rioask.ai.

6. Cookies and Local Storage

The web application uses a single httpOnly cookie for session management (rioask_refresh). The browser extension uses chrome.storage.local for preferences and session data. We do not use third-party tracking cookies.

7. Data Retention

Account data is retained while your account is active. Prompt history is retained for up to 90 days unless deleted earlier by the user. Analytics data is aggregated and anonymized within 30 days. Upon account deletion, all personal data is removed within 30 days.

8. Children's Privacy

The Service is not intended for users under the age of 18. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the effective date. Continued use of the Service after changes constitutes acceptance.

10. Contact Us

If you have questions about this privacy policy or our data practices:

• Email: privacy@rioask.ai
• Company: RiroTech