Privacy Policy | RiseLab

1. Introduction

RiseLab ("Company", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website (riselab.tech), API platform, dashboard, and related services (collectively, the "Service").

By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree, please discontinue use of the Service.

2. Information We Collect

2.1 Information You Provide

Data Type	Examples	Purpose
Account Information	Name, email, password hash	Authentication & account management
Billing Information	Payment details (processed by Paddle)	Subscription & billing
Agent Data	Agent configurations, memory entries, queries	Providing the core Service
Communications	Support emails, feedback	Customer support & improvement

2.2 Information Collected Automatically

Usage Data: API request logs, endpoint usage patterns, request timestamps, and response times
Device Information: Browser type, operating system, IP address, and device identifiers
Cookies & Tracking: We use essential cookies for authentication and session management. We do not use third-party advertising cookies.

3. How We Use Your Information

We use the collected information for the following purposes:

Service Delivery: To operate, maintain, and provide the features and functionality of the Service
Authentication: To verify your identity and manage account access via Firebase Authentication
Billing: To process payments, manage subscriptions, and issue invoices through Paddle
Analytics: To understand usage patterns and improve the Service (aggregate, anonymized data only)
Communication: To send you service-related notices, security alerts, and support responses
Legal Compliance: To comply with applicable laws, regulations, and legal requests

4. Data Sharing & Disclosure

We do not sell your personal data. We may share your information only in the following circumstances:

Service Providers: With trusted third-party providers who assist in operating the Service (e.g., Paddle for payments, Firebase for authentication, cloud hosting providers). These providers are bound by contractual obligations to protect your data.
Legal Requirements: When required by law, regulation, legal process, or governmental request
Business Transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity
With Your Consent: In any other circumstances where you have given explicit consent

5. Data Storage & Security

We implement industry-standard security measures to protect your data:

Encryption: All data in transit is encrypted via TLS/SSL. Sensitive data at rest is encrypted using AES-256
Access Controls: Strict internal access controls limit who can access user data
API Key Security: API keys are hashed and stored securely; they cannot be retrieved after initial generation
Infrastructure: Our services are hosted on secure, SOC 2-compliant cloud infrastructure

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Specifically:

Account Data: Retained until you delete your account, plus 30 days for backup recovery
Agent Memory Data: Retained until you delete the associated agent or account
API Logs: Retained for 90 days for debugging and analytics, then automatically purged
Billing Records: Retained for 7 years as required by financial regulations

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you
Correction: Request correction of inaccurate or incomplete data
Deletion: Request deletion of your personal data ("Right to be Forgotten")
Portability: Request a machine-readable export of your data
Objection: Object to certain processing activities
Restriction: Request restriction of processing under specific circumstances

To exercise any of these rights, contact us at privacy@riselab.tech. We will respond within 30 days.

8. Cookies

We use the following types of cookies:

Essential Cookies: Required for authentication, session management, and security. These cannot be disabled.
Analytics Cookies: Help us understand how users interact with the Service. These are anonymized and can be opted out of.

We do not use advertising or tracking cookies. You can manage cookie preferences through your browser settings.

9. Third-Party Services

Our Service integrates with the following third-party services, each governed by their own privacy policies:

Firebase (Google): Authentication and user management — Firebase Privacy
Paddle: Payment processing and subscription management — Paddle Privacy

10. Children's Privacy

The Service is not intended for use by children under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will take steps to delete that information promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date and, where appropriate, sending a notification to your registered email address. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

12. International Transfers & Regional Compliance

RiseLab may process and store data in multiple jurisdictions depending on infrastructure availability, redundancy needs, and performance requirements. Where personal data is transferred across borders, we apply appropriate safeguards such as contractual protections and security controls designed to maintain lawful handling standards.

For users in regions with specific privacy rights (including but not limited to GDPR, UK GDPR, and CCPA-style frameworks), we honor applicable rights requests and data handling obligations to the extent required by law. We may request verification before fulfilling rights requests to protect account security.

Lawful Basis: Contract performance, legitimate interests, legal obligations, and consent where required
Retention Controls: Time-limited operational logs and deletion workflows
Access Limitation: Role-based internal access and need-to-know review

13. Security Incident Response

We maintain internal procedures to detect, investigate, and respond to security incidents affecting our systems or customer data. Our response process includes triage, containment, remediation, and post-incident review.

If a confirmed incident materially affects your personal data, we will notify impacted users and relevant authorities where legally required. Notification timing may vary based on legal requirements, investigation scope, and law-enforcement guidance.

Monitoring: Infrastructure alerts, anomaly detection, and access auditing
Containment: Immediate credential rotation and scope isolation when needed
Recovery: Verified restoration from protected backups and hardening actions

14. Enterprise Customer Controls

Enterprise customers may request additional contractual and technical controls, including data processing terms, security questionnaires, and custom retention settings. Availability depends on plan tier and signed commercial terms.

For enterprise compliance requests, contact enterprise@riselab.tech with your organization name, legal entity details, and required compliance framework.

15. Transparency Commitment

We commit to presenting privacy terms in clear language and keeping significant obligations visible, not hidden. If any section appears ambiguous or incomplete, you may request clarification at any time and we will provide a direct response.

16. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Email: privacy@riselab.tech
General Support: support@riselab.tech
Website: riselab.tech