RivvitRivvit← Back to site
Draft. This document has not yet been reviewed by a lawyer and does not constitute legal advice. It is a starting point — review and customize with counsel before relying on it.

Privacy Policy

Last updated: May 25, 2026

This Privacy Policy explains how Rivvit LLC, a Colorado limited liability company (“Rivvit,” “we,” or “us”) collects, uses, shares, and protects information when you use the Rivvit platform at rivvit.shop and our related services (the “Services”).

This policy covers two groups of people: (i) Providers — small businesses who sign up to use Rivvit; and (ii) Clients — the customers Providers serve through Rivvit. Some sections apply to both groups, some only to one. We highlight the difference where it matters.

1. Who controls the data

For information Providers upload about themselves and their business (account info, plan, profile, settings), Rivvit is the data controller.

For information about a Provider’s Clients (appointment history, contact details, notes), the Provider is the controller and Rivvit is the processor. Clients should contact their Provider directly with privacy requests about that data.

2. Information we collect

2.1 From Providers

  • Account information. Email address, password (stored as a salted hash), business name, contact phone, and any profile details you provide.
  • Payment information. Card details and billing address are collected and stored by Stripe, not by us. We receive limited tokens, subscription status, and the last four digits of your card.
  • Business content. Service menus, photos, gallery images, booking pages, website builder content, and any other information you upload.
  • Usage information. Pages viewed, features used, actions taken in the dashboard, device and browser info, IP address.
  • Communications. Messages you send us through email, contact form, or the Frog AI assistant.

2.2 About Clients (collected on the Provider’s behalf)

  • Name, email address, phone number, booking history, no-show/cancel history, payment status (paid/unpaid, not card details), and any notes the Provider attaches.
  • When a Client books an appointment, we record the date/time and the IP address used, for fraud prevention.

2.3 Automatic collection (cookies and similar)

We use a small set of cookies and similar technologies that are strictly necessary to provide the Services (for example, to keep you signed in and to remember dashboard preferences). We also collect first-party analytics (page views, feature usage) to understand how the Services are used and to fix bugs. We do not sell this data and we do not run third-party advertising trackers on the Services.

3. How we use information

  • Provide the Services. Run your booking page, deliver appointment reminders, process payments through Stripe, send emails on your behalf, and operate the dashboard.
  • Communicate with you. Send transactional messages (booking confirmations, password resets, billing notices) and occasional product updates. You can opt out of product updates at any time; transactional messages are required to operate the Services.
  • Improve the Services. Analyze aggregated, usually de-identified usage to understand what works and what doesn’t.
  • Protect the Services. Detect and prevent fraud, abuse, and security incidents.
  • Comply with law. Respond to legal process, subpoenas, and lawful government requests; enforce our Terms.

4. AI features

Rivvit’s AI-powered features (the “Frog” assistant, AI-generated website copy, AI-personalized outreach drafts) send the inputs you provide to our AI provider for processing. We use Anthropic (Claude). Anthropic does not train its models on data we send through the API.

We do not feed Client personal data into AI features unless that is directly part of the feature you’ve invoked (for example, the Frog assistant answering a question you typed). We never sell AI inputs or outputs.

5. How we share information

We share information only as described here. We do not sell personal information, and we do not share personal information for cross-context behavioral advertising.

5.1 Service providers (“sub-processors”)

We rely on the following companies to operate the Services. Each is bound to confidentiality and to use the data only to provide their service to us:

  • Supabase — primary database, file storage (provider photos and galleries), authentication. Hosted in the United States.
  • Vercel — application hosting, serverless functions, edge caching.
  • Stripe — subscription billing, payment processing, payouts to providers through Stripe Connect.
  • Resend — transactional and (where you’ve opted in) marketing email delivery.
  • Twilio — SMS delivery for booking confirmations and reminders.
  • Anthropic — AI inference for Frog assistant, website-builder copy generation, and outreach personalization.
  • Sentry — error and crash reporting (we scrub sensitive payloads where practical).
  • Cloudflare — DNS and edge network for the rivvit.shop domain.

5.2 Other sharing

  • With Providers’ Clients. When a Client books with a Provider, we share the booking with that Provider, and the Provider’s name/contact details with the Client. We do not share one Provider’s Clients with another Provider.
  • Legal and safety. We may share information to comply with law, enforce our Terms, or protect rights, property, or safety.
  • Business transfers. If Rivvit is involved in a merger, acquisition, financing, or sale of assets, information may transfer to the surviving or acquiring entity, subject to this policy.

6. International transfers

Rivvit and most of our sub-processors are based in the United States. If you access the Services from outside the U.S., your information will be transferred to and processed in the U.S., which may have different data protection laws than your country. Where required, we rely on standard contractual clauses or other lawful transfer mechanisms.

7. Your choices and rights

Depending on where you live, you may have the following rights with respect to your personal information:

  • Access — request a copy of the personal information we hold about you.
  • Correction — ask us to fix inaccurate or incomplete information.
  • Deletion — ask us to delete your information, subject to limited exceptions (e.g., where we’re required by law to retain it).
  • Portability — export your data in a common format. Providers can export their dashboard data at any time.
  • Opt out of marketing — every marketing email contains an unsubscribe link; SMS messages support the standard STOP keyword.
  • Do not sell / share — we don’t sell personal information; this right is already honored.

To exercise these rights, email rivvit.shop72@gmail.com from the address on your account. Clients should contact their Provider directly for requests about their Client data.

California residents have additional rights under the CCPA/CPRA; residents of the EEA, UK, and Switzerland have additional rights under the GDPR/UK GDPR. We will honor any rights granted to you under applicable law.

8. Data retention

We retain personal information for as long as needed to provide the Services and for legitimate business purposes such as fraud prevention, recordkeeping, and legal compliance. Specifically:

  • Active accounts. While your account is active, plus a reasonable period afterwards.
  • Cancelled accounts. Up to 90 days after cancellation to allow recovery; some records (billing, tax) are retained for up to 7 years as required by law.
  • Backups. Encrypted database backups are retained for up to 12 months and are overwritten on a rolling schedule.
  • Logs. Server logs are retained for up to 90 days, security logs up to 1 year.

9. Security

We use reasonable administrative, technical, and physical safeguards to protect personal information, including encryption in transit (TLS), encryption at rest at our database provider, role-based access, and least-privilege engineering practices. No security is perfect; if you believe your account has been compromised, contact us immediately.

10. Children

The Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If we learn we have collected such information, we will delete it. Parents or guardians who believe their child has provided us with personal information may contact us at rivvit.shop72@gmail.com.

11. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top will reflect any changes. For material changes we’ll send a notice (e.g., email or in-app) before the changes take effect.

12. Contact

Questions or requests about this policy? rivvit.shop72@gmail.com