Privacy Policy

1. Introduction

Welcome to Riten AI ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered blog generation platform and related services (collectively, the "Service").

By accessing or using our Service, you agree to this Privacy Policy. If you do not agree with the terms of this policy, please do not access or use our Service.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, password, and billing information when you create an account.
• Profile Information: Company name, website URL, and preferences you provide.
• Content Data: Product information, blog content, images, and other materials you upload or create using our Service.
• Payment Information: Credit card details and billing addresses processed securely through our payment provider (Stripe).
• Communications: Information you provide when contacting our support team.

2.2 Information Collected Automatically

• Usage Data: Pages visited, features used, time spent, and interaction patterns.
• Device Information: Browser type, operating system, device identifiers, and IP address.
• Cookies: We use cookies and similar technologies to enhance your experience. See our Cookie Policy for details on the types of cookies we use and how to manage your preferences.

2.3 Information from Third Parties

• Platform Integrations: When you connect Shopify, WordPress, or other platforms, we receive product data, store information, and publishing credentials.
• OAuth Providers: If you sign in with Google, we receive your name, email, and profile picture.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our Service
• Generate AI-powered blog content based on your products
• Process payments and manage subscriptions
• Send transactional emails (account verification, password resets)
• Provide customer support and respond to your inquiries
• Send marketing communications (with your consent). You can withdraw consent at any time by clicking "unsubscribe" in any marketing email, updating your preferences in Account Settings, or contacting us at privacy@riten.ai
• Analyze usage patterns to improve user experience and develop new features
• Detect, prevent, and address fraud and security issues
• Comply with legal obligations

3.1 Legal Basis for Processing

For users in the European Economic Area (EEA), United Kingdom, and similar jurisdictions, we process your personal data under the following legal bases:

• Contract Performance: Processing necessary to provide the Service you requested, including account creation, content generation, payment processing, and platform integrations.
• Legitimate Interests: Processing for our legitimate business interests, including service security, fraud prevention, product improvement, and analytics—where these interests are not overridden by your fundamental rights and freedoms.
• Consent: Processing based on your explicit consent, including marketing communications and optional analytics cookies. You may withdraw consent at any time.
• Legal Obligation: Processing required to comply with applicable laws, such as tax reporting, accounting requirements, and responses to lawful government requests.

4. Artificial Intelligence & Automated Processing

Our Service uses artificial intelligence to generate blog content. We believe in transparency about how AI processes your data:

What AI Does

• Analyzes your product information to generate relevant blog content
• Creates outlines, titles, and full articles based on your inputs
• Provides SEO and readability scoring recommendations

What AI Does NOT Do

• Your content is not used to train our proprietary AI models, and third-party AI service providers process your inputs solely to provide the requested functionality, in accordance with their contractual obligations.
• We do NOT make fully automated decisions that produce legal or similarly significant effects on you.
• We do NOT use AI to profile you for marketing purposes without your consent.

Your Control

• All AI-generated content is presented for your review before publishing.
• You maintain full editorial control to accept, edit, or reject any AI suggestions.
• AI-generated content may contain errors or inaccuracies. You are responsible for reviewing and verifying all generated content before publishing.
• You can request human review of any AI-assisted process by contacting us.

Third-Party AI Services

We use third-party AI API services and local models to power content generation. These tools process your inputs solely to generate responses and, per our agreements, do not use your data to train their models.

5. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

• Service Providers: With trusted third parties who assist us in operating our Service (e.g., Stripe for payments, OpenAI for content generation, cloud hosting providers).
• Platform Integrations: With platforms you connect (Shopify, WordPress) to enable publishing features.
• Legal Requirements: When required by law, legal process, or to protect our rights and safety.
• Business Transfers: In connection with a merger, acquisition, or sale of assets.
• With Your Consent: When you explicitly authorize us to share information.

Service Provider Categories

We work with trusted third-party service providers who process data on our behalf, including:

• Cloud infrastructure and hosting providers
• Payment processors
• AI and machine learning service providers
• Email delivery services
• Analytics providers
• Authentication and integration services
• Error tracking and monitoring services (Sentry)

All service providers are contractually bound to protect your data and process it only as instructed by us. A detailed list of sub-processors is available upon request by contacting privacy@riten.ai.

6. Data Security

We implement industry-standard security measures to protect your information, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Secure authentication with HttpOnly cookies and JWT tokens
• Regular security audits and vulnerability assessments
• Access controls and employee training
• Multi-tenant data isolation

While we strive to protect your information, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

7. Data Retention

We retain your information for as long as your account is active or as needed to provide you with our Service. Upon account deletion, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal, accounting, or audit purposes.

8. Your Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of your personal data
• Correction: Update inaccurate or incomplete information
• Deletion: Request deletion of your personal data
• Portability: Receive your data in a machine-readable format
• Restriction: Limit how we process your data
• Objection: Object to certain types of processing
• Withdraw Consent: Revoke consent where processing is based on consent

How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@riten.ai with your request. Please include sufficient information for us to verify your identity.

Response Timeframes

• EEA/UK residents: We will respond within 30 days. If we require additional time (up to 60 days for complex requests), we will notify you.
• California residents: We will respond within 45 days. If we require additional time (up to 90 days), we will notify you.
• All other users: We will respond within 30 days.

If we cannot fulfill your request, we will explain why.

Right to Lodge a Complaint

If you believe your privacy rights have been violated, you have the right to lodge a complaint with the appropriate authority:

• EEA Residents: Your local Data Protection Authority
• UK Residents: Information Commissioner's Office (ICO)
• California Residents: California Attorney General
• Other US Residents: Federal Trade Commission (FTC) or your state's Attorney General

We encourage you to contact us first at privacy@riten.ai so we can address your concerns directly.

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Your Rights

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you.
• Right to Delete: Request deletion of your personal information, subject to certain exceptions.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: We do not sell your personal information or share it for cross-context behavioral advertising.
• Right to Limit Use of Sensitive Personal Information: We only use sensitive personal information for purposes permitted by law.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

Categories of Personal Information Collected (Past 12 Months)

• Identifiers (name, email, IP address)
• Commercial information (purchase history, subscription details)
• Internet activity (browsing history, interactions with our Service)
• Professional information (company name, website URL)
• Inferences drawn from the above to create a profile for service personalization and improvement purposes

To Exercise Your Rights

Submit a request to privacy@riten.ai or use the account settings in your dashboard. We will verify your identity before processing your request.

Authorized Agents

You may designate an authorized agent to make requests on your behalf. We may require written authorization and verification of both your and your agent's identity.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including Standard Contractual Clauses and compliance with applicable data protection laws.

11. Children's Privacy

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.