Privacy Policy

Last updated: February 17, 2026

1. Introduction

RioAsk ("we", "us", "our") is operated by RiroTech LLC. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our prompt-engineering platform at rioask.ai (the "Service").

By using the Service you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you register, we collect your email address, name (optional), and a hashed password. If you sign in via a third-party provider, we receive your name and email from that provider.

2.2 Usage Data

We record the questions you submit, the prompts we generate, your domain classifications, quality scores, ratings, and feature usage (e.g., compare, export). This data powers your dashboard, history, and helps us improve the Service.

2.3 Documents

If you upload documents for source grounding (RAG), we store the file, extract text, and generate vector embeddings. Documents are retained according to your subscription tier's retention policy and can be deleted at any time.

2.4 Payment Information

Payments are processed by Stripe. We do not store your credit card number, CVV, or full card details. We store only a Stripe customer ID and subscription metadata.

2.5 Technical Data

We automatically collect IP addresses and request timestamps for security monitoring, rate limiting, and abuse prevention. We do not collect browser fingerprints or device identifiers.

3. How We Use Your Information

To provide, maintain, and improve the Service
To authenticate your identity and manage your account
To process payments and manage subscriptions
To display your dashboard analytics and prompt history
To detect and prevent fraud, abuse, and security threats
To send transactional emails (verification, password reset, payment receipts)
To enforce our Terms of Service and rate limits
To generate aggregate, anonymized analytics for product improvement

4. Data Sharing & Subprocessors

We do not sell your personal data. We share data only with the subprocessors listed below:

Subprocessor	Purpose	Data Shared	Location
Stripe	Payment processing	Email, billing details, subscription metadata	United States
AI Providers (configurable)	AI completions & embeddings (Pro+)	Question text, document content (no account details)	United States
Azure AI Content Safety	Content moderation screening	Question text only	United States
Cloudflare	CDN, DDoS protection, CAPTCHA	IP address, request metadata	Global (edge network)
Microsoft Graph API	Transactional email delivery	Email address, message content	United States
Azure Application Insights	Performance monitoring & error tracking	Request traces, metrics (no PII)	United States

We rely on AI providers that contractually agree not to use submitted content for model training and to retain data only as necessary to provide the service. The specific AI provider depends on your organization's configuration.

We may disclose information if required by law, court order, or governmental regulation.

5. Data Retention

We retain your data for as long as your account is active. Retention periods for specific data types depend on your subscription tier:

Prompt history — Free: not stored in user-visible history; Pro: 90 days; Teams/Enterprise: unlimited. Free-tier submissions may be temporarily logged for security and abuse monitoring.
Documents — retained until you delete them or subject to automatic expiration per your tier's retention policy (default 90 days). Deleted documents are permanently removed after a 30-day grace period.
Audit logs — retained per admin-configured retention policy (default 1 year)

After account deletion, we permanently remove your personal data within 30 days, except where retention is required by law.

6. Data Location

Data is processed and stored on Microsoft Azure cloud infrastructure in the United States. All data transfers are encrypted in transit using TLS. Enterprise customers may inquire about region-specific deployment options.

7. Your Rights

You have the right to:

Access your personal data — available via your dashboard and history
Rectify inaccurate data — update your profile in Settings
Erase your data — request account deletion via Settings or contact us
Export your data — available for Pro+ users via the export feature
Object to processing — contact us at privacy@rioask.ai

To exercise these rights, email privacy@rioask.ai. We will respond within 30 days.

8. Security

We implement industry-standard security measures including: encrypted passwords (bcrypt), JWT-based authentication with token rotation, TLS encryption in transit, rate limiting, IP-based abuse detection, and content moderation. While no system is 100% secure, we take reasonable precautions to protect your data.

9. Cookies

RioAsk uses a secure, httpOnly cookie for authentication (refresh token). Access tokens are held in memory only and are not persisted to disk or local storage. We also use local storage for theme preferences and sidebar state. We do not use advertising cookies or third-party tracking cookies.

You can disable cookies in your browser settings, but authentication features may not function properly without them.

10. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Governing Law

This Privacy Policy is governed by the laws of the State of Delaware, United States.

13. Contact Us

For privacy-related inquiries, contact us at:

RiroTech LLC
Email: privacy@rioask.ai