Privacy Policy
Last updated: July 13, 2026
This policy explains what information RiparianAi Inc. ("Riparian," "we," "us") collects, how we use it, and the choices you have. It covers the riparian.ai website and the Riparian application at app.riparian.ai (together, the "Service").
1. Information we collect
Information you provide
- Account information: name, email address, password (stored hashed), organization details, and notification preferences.
- Workspace content: what your team uploads and creates in the app — PCB design files, documents, wiki pages, tasks, comments, BOM and sourcing data, review feedback, and manufacturing documentation ("Customer Content").
- Billing information: payments are processed by Stripe; we do not store full card numbers. We keep billing contact details, plan, seat counts, and invoice history.
- Contact form submissions: if you use the contact form on riparian.ai, the name, email, company, and message you submit are stored in our customer-relationship system (HubSpot) so we can reply.
Information collected automatically
- Usage and log data: IP address, browser type, pages visited, and actions taken in the app (which also powers the in-app activity feed and sign-in history your org admins can see).
- Analytics and cookies: described in the Cookies section below. Analytics cookies are set only with your consent.
2. How we use information
- To provide, secure, and support the Service — including hosting Customer Content, enforcing per-organization and per-project permissions, and operating AI features over your workspace.
- To process billing and manage subscriptions.
- To send transactional email (mentions, task assignments, review requests, verification, billing) per your notification settings, and to respond when you contact us.
- To understand aggregate usage of our website and product so we can improve them.
- To comply with law and enforce our Terms of Service.
We do not sell your personal information, and Customer Content is never used to train AI models.
3. Cookies and analytics
On riparian.ai, analytics run only after you accept them in the cookie banner. If you decline (or ignore the banner), no analytics cookies are set by Google or HubSpot. Cloudflare Web Analytics, which we also use, is cookieless — it sets no cookies and does not track you across sites.
| Category | Provider | Purpose | Consent |
|---|---|---|---|
| Essential | Riparian | Remembers your cookie choice (browser local storage); session and security state in the app | Not required — strictly necessary |
| Analytics | Google Analytics (GA4) | Aggregate website traffic measurement (_ga and related cookies) | Opt-in via banner |
| Analytics / CRM | HubSpot | Website analytics and associating your visits with your contact record if you submit the contact form (hubspotutk, __hstc and related cookies) | Opt-in via banner |
| Analytics | Cloudflare Web Analytics | Aggregate, cookieless traffic measurement | No cookies set |
You can change your mind at any time by clearing the site's data in your browser, which will bring the banner back on your next visit.
4. AI processing
Riparian's AI features send relevant workspace data to our AI model provider (currently Anthropic) to generate responses. Every AI request runs under the asking user's own permissions — the AI cannot access anything the user could not open themselves. Our provider processes this data as a subprocessor to serve the request and does not use it to train models.
5. When we share information
We share personal information only with service providers ("subprocessors") that help us run the Service, under contracts limiting their use of it:
| Provider | Purpose |
|---|---|
| Cloudflare | Website hosting, security, and cookieless web analytics |
| Cloud infrastructure providers | Application hosting, database, and private file storage for Customer Content |
| Stripe | Payment processing |
| Anthropic | AI model inference for Riparian AI features |
| HubSpot | Contact-form handling and customer relationship management |
| Website analytics (with consent) | |
| Email delivery provider | Transactional email notifications |
We may also disclose information if required by law, to protect the rights and safety of Riparian or others, or as part of a merger, acquisition, or sale of assets (in which case this policy continues to apply to information collected under it).
Within your organization: your name, activity, and content are visible to teammates according to the organization and project permissions your admins configure. Org admins can also see members' recent sign-in history.
6. Data retention
- Customer Content is retained while your organization's account is active. After account closure, we make content available for export on request for a reasonable period, then delete it from active systems; residual copies in backups age out on our backup schedule.
- Account and billing records are kept as long as needed for legal, tax, and accounting purposes.
- Contact-form submissions are retained in HubSpot until no longer needed for the correspondence or until you ask us to delete them.
7. Security
Customer Content is stored in private, per-organization cloud storage; multi-tenant isolation is enforced at the database level with row-level security on every table. Data is encrypted in transit. Accounts support strong-password enforcement and two-factor authentication, which organizations can require for all members. No system is perfectly secure — please use a strong, unique password and enable 2FA.
8. Your rights and choices
- You can access and update account information in-app, and export workspace data using in-app tools (CSV export, release packages).
- You may request access to, correction of, or deletion of your personal information by emailing [email protected]. Depending on where you live (for example, the EEA/UK under GDPR or certain U.S. states), you may have statutory rights to access, correct, delete, or port your data, and to object to or restrict certain processing. We honor such requests as required by applicable law and do not discriminate for exercising them.
- If you are a team member of a Riparian customer, your workspace data is controlled by that organization — we may direct your request to its administrators, acting as a processor on the organization's behalf.
- Transactional email preferences are tunable per-category in-app. Any marketing email we send includes an unsubscribe link.
9. International visitors
Riparian is operated from the United States, and information is processed and stored in the U.S. (and in the regions our subprocessors operate). If you use the Service from outside the U.S., you understand your information will be transferred to and processed in the U.S.
10. Children
The Service is for business use and is not directed at children under 16. We do not knowingly collect personal information from children; if you believe a child has provided us information, contact [email protected] and we will delete it.
11. Changes to this policy
We may update this policy from time to time. For material changes we will give notice (for example, by email or in-app) before they take effect. The "Last updated" date above reflects the current version.
12. Contact
Privacy questions or requests: [email protected]
Legal notices: [email protected]