Back to home

Privacy Policy

Last updated June 3, 2026

Riftr Effective Date: 6/3/2026 Last Updated: 6/3/2026

1. Introduction

Welcome to Riftr ("we," "us," or "our"). Riftr is a music collaboration platform that allows band members and collaborators to share works-in-progress, audio recordings, feedback, and notes. This Privacy Policy explains what personal information we collect, how we use it, and your rights regarding that information.

By creating an account or using Riftr (the "Service"), you agree to the practices described in this policy. If you do not agree, please do not use the Service.

2. Information We Collect

a. Account Information

When you register for Riftr, we collect:

  • Your name
  • Email address
  • Password (stored in hashed form — we never store your password in plain text)
  • Profile photo (optional)

b. Content You Upload

We collect and store audio files and any other content you choose to upload to the Service, including recordings, notes, and feedback you share with collaborators.

c. Usage and Device Data

We automatically collect certain technical information when you use the Service, including:

  • Device type, operating system, and app version
  • Features used and actions taken within the app (e.g., uploads, playback, comments)
  • Crash reports and performance diagnostics
  • IP address and general geographic region (country/state level)

This data is used solely to improve the performance, stability, and usability of Riftr. We do not use it to build advertising profiles or sell it to third parties.

d. Subscription and Billing Information

If you subscribe to a paid tier, payment is processed by a third-party payment processor (such as Stripe or Apple/Google in-app billing). We do not store your full credit card number or payment details. We may retain basic transaction records (e.g., subscription status, renewal dates) for account management purposes.

3. How We Use Your Information

We use the information we collect to:

  • Create and manage your account
  • Provide, maintain, and improve the Service
  • Enable collaboration features (sharing audio, notes, and feedback with your band members)
  • Respond to support requests
  • Send transactional communications (e.g., email verification, password reset, subscription confirmations)
  • Monitor for abuse, security incidents, and violations of our Terms of Use
  • Comply with applicable legal obligations

We do not use your audio content to train machine learning or AI models.

4. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties for marketing or advertising purposes.

We may share limited information only in the following circumstances:

Service Providers: We use trusted third-party services to operate Riftr. These providers process data on our behalf and only as necessary to deliver the Service:

  • Supabase — Authentication (account creation, login, email verification via Supabase Auth), database storage (user profiles, band membership, track metadata, comments, and other app data stored in Supabase Postgres with Row-Level Security), and file storage (audio files and band images stored in Supabase Storage). Data is processed on Supabase's infrastructure. For more information, see Supabase's Privacy Policy.
  • Resend — Transactional email delivery (e.g., email verification, password reset, and account notifications).
  • PostHog — Product analytics to help us understand how the Service is used and improve it.
  • Sentry — Error monitoring and performance diagnostics.

We do not sell your personal information to these or any other third parties.

Legal Requirements: We may disclose information if required by law, court order, or government request, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Riftr, our users, or the public.

Business Transfers: If Riftr is acquired, merged, or its assets are transferred, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a materially different privacy policy.

5. Audio Content and Intellectual Property

You retain full ownership of all audio files and content you upload to Riftr. By uploading content, you grant Riftr a limited, non-exclusive, royalty-free license to store, host, and transmit your content solely for the purpose of providing the Service to you and your designated collaborators. We claim no ownership rights over your music.

6. Data Retention and Deletion

You may delete your Riftr account at any time through the app's account settings. Upon deletion:

  • Your profile, account data, and privately stored audio files will be permanently deleted within 30 days.
  • Content you have shared with other users (e.g., audio shared within a band workspace) may persist in those collaborators' accounts until they also delete it. We may not be able to automatically remove content that has been shared with another user.
  • Anonymized or aggregated usage data that cannot identify you may be retained for analytical purposes.

To request deletion of specific data, contact us at hello@riftr.com.

7. Children's Privacy

Riftr is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13 without verifiable parental consent as required by the Children's Online Privacy Protection Act (COPPA). If you believe a child under 13 has provided us with personal information without consent, please contact us at hello@riftr.com and we will promptly delete it.

Users between the ages of 13 and 17 should review this policy with a parent or guardian before using the Service.

8. Security

We take reasonable technical and organizational measures to protect your information, including:

  • Encrypted data transmission (TLS/HTTPS)
  • Supabase Row-Level Security policies and authentication infrastructure
  • Hashed password storage

No method of transmission or storage is 100% secure. While we work hard to protect your data, we cannot guarantee absolute security. In the event of a data breach that affects your rights, we will notify you as required by applicable law.

9. Your Privacy Rights

Depending on where you live, you may have certain rights regarding your personal information:

All users:

  • Access the personal data we hold about you
  • Correct inaccurate information
  • Request deletion of your account and data (subject to Section 6)

California residents (CCPA/CPRA):

  • Know what personal information is collected and how it is used
  • Request deletion of your personal information
  • Opt out of the sale of personal information (note: we do not sell personal information)
  • Non-discrimination for exercising your privacy rights

EEA/UK residents (GDPR):

  • Data portability
  • Restriction of processing
  • The right to lodge a complaint with a supervisory authority

To exercise any of these rights, contact us at hello@riftr.com.

10. Third-Party Links and Services

The Service may contain links to third-party websites or services. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you use.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top and, for material changes, notify you via email or an in-app notification. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy, please contact us:

Riftr Email: hello@riftr.com. Address: Web & Flow LLC, 1301 York Rd, Ste 800-1135, Timonium, MD 21093, United States