Privacy Policy
Last updated: February 17, 2026
1. Introduction
RioAsk ("we", "us", "our") is operated by RiroTech LLC. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our prompt-engineering platform at rioask.ai (the "Service").
By using the Service you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.
2. Information We Collect
2.1 Account Information
When you register, we collect your email address, name (optional), and a hashed password. If you sign in via a third-party provider, we receive your name and email from that provider.
2.2 Usage Data
We record the questions you submit, the prompts we generate, your domain classifications, quality scores, ratings, and feature usage (e.g., compare, export). This data powers your dashboard, history, and helps us improve the Service.
2.3 Documents
If you upload documents for source grounding (RAG), we store the file, extract text, and generate vector embeddings. Documents are retained according to your subscription tier's retention policy and can be deleted at any time.
2.4 Payment Information
Payments are processed by Stripe. We do not store your credit card number, CVV, or full card details. We store only a Stripe customer ID and subscription metadata.
2.5 Technical Data
We automatically collect IP addresses and request timestamps for security monitoring, rate limiting, and abuse prevention. We do not collect browser fingerprints or device identifiers.
3. How We Use Your Information
- To provide, maintain, and improve the Service
- To authenticate your identity and manage your account
- To process payments and manage subscriptions
- To display your dashboard analytics and prompt history
- To detect and prevent fraud, abuse, and security threats
- To send transactional emails (verification, password reset, payment receipts)
- To enforce our Terms of Service and rate limits
- To generate aggregate, anonymized analytics for product improvement
4. Data Sharing & Subprocessors
We do not sell your personal data. We share data only with the subprocessors listed below:
| Subprocessor | Purpose | Data Shared | Location |
|---|---|---|---|
| Stripe | Payment processing | Email, billing details, subscription metadata | United States |
| AI Providers (configurable) | AI completions & embeddings (Pro+) | Question text, document content (no account details) | United States |
| Azure AI Content Safety | Content moderation screening | Question text only | United States |
| Cloudflare | CDN, DDoS protection, CAPTCHA | IP address, request metadata | Global (edge network) |
| Microsoft Graph API | Transactional email delivery | Email address, message content | United States |
| Azure Application Insights | Performance monitoring & error tracking | Request traces, metrics (no PII) | United States |
We rely on AI providers that contractually agree not to use submitted content for model training and to retain data only as necessary to provide the service. The specific AI provider depends on your organization's configuration.
We may disclose information if required by law, court order, or governmental regulation.
5. Data Retention
We retain your data for as long as your account is active. Retention periods for specific data types depend on your subscription tier:
- Prompt history — Free: not stored in user-visible history; Pro: 90 days; Teams/Enterprise: unlimited. Free-tier submissions may be temporarily logged for security and abuse monitoring.
- Documents — retained until you delete them or subject to automatic expiration per your tier's retention policy (default 90 days). Deleted documents are permanently removed after a 30-day grace period.
- Audit logs — retained per admin-configured retention policy (default 1 year)
After account deletion, we permanently remove your personal data within 30 days, except where retention is required by law.
6. Data Location
Data is processed and stored on Microsoft Azure cloud infrastructure in the United States. All data transfers are encrypted in transit using TLS. Enterprise customers may inquire about region-specific deployment options.
7. Your Rights
You have the right to:
- Access your personal data — available via your dashboard and history
- Rectify inaccurate data — update your profile in Settings
- Erase your data — request account deletion via Settings or contact us
- Export your data — available for Pro+ users via the export feature
- Object to processing — contact us at privacy@rirotech.com
To exercise these rights, email privacy@rirotech.com. We will respond within 30 days.
8. Security
We implement industry-standard security measures including: encrypted passwords (bcrypt), JWT-based authentication with token rotation, TLS encryption in transit, rate limiting, IP-based abuse detection, and content moderation. While no system is 100% secure, we take reasonable precautions to protect your data.
9. Cookies
RioAsk uses a secure, httpOnly cookie for authentication (refresh token). Access tokens are held in memory only and are not persisted to disk or local storage. We also use local storage for theme preferences and sidebar state. We do not use advertising cookies or third-party tracking cookies.
You can disable cookies in your browser settings, but authentication features may not function properly without them.
10. Children's Privacy
The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. Continued use of the Service after changes constitutes acceptance of the updated policy.
12. Governing Law
This Privacy Policy is governed by the laws of the State of Delaware, United States.
13. Contact Us
For privacy-related inquiries, contact us at:
RiroTech LLC
Email: privacy@rirotech.com