1. Introduction

Riposte Inc. (“Riposte,” “we,” “us,” or “our”) builds software that lets teams self-host email and calendar integrations. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you visit our websites, use our managed services, or interact with our team. It also describes choices you can make about your information. If you do not agree with this policy, please do not access or use the Services.

2. Scope and Roles

• This Privacy Policy covers personal information processed by Riposte in connection with our marketing websites, documentation, managed cloud offerings, and customer support.
• When you deploy Riposte in your own infrastructure, you act as the controller of the data you ingest into your environment. Riposte processes that data solely as your service provider according to your documented instructions.

3. Information We Collect

We collect information in the following categories:

3.1 Information You Provide Directly

• Contact details, such as name, email address, phone number, company, and job title.
• Account credentials and profile information when you register for an account, request a trial, or submit support tickets.
• Billing information, including payment method, billing address, and transaction history for paid subscriptions processed through our payment partners.
• Correspondence and content you send to us, including product feedback, survey responses, or other communications.

3.2 Information Collected Automatically

• Device and usage data, including IP address, browser type, operating system, pages viewed, referring URLs, and timestamps.
• Product telemetry from managed Riposte environments, such as API usage, performance metrics, and log data necessary to monitor service health and security.
• Cookies, pixels, and similar technologies that help us remember your preferences, measure campaign effectiveness, and understand how visitors interact with our websites. You can control cookie behavior through your browser settings.

3.3 Information from Third Parties

• Business contact information from partners or publicly available sources to help us market and deliver the Services.
• Data from integration partners or identity providers, subject to your configuration and their applicable privacy policies.

4. How We Use Information

We use personal information to:

• Provide, operate, and maintain the Services, including provisioning accounts and supporting self-hosted deployments.
• Process transactions, send invoices, and manage billing.
• Respond to inquiries, provide customer support, and communicate important updates.
• Develop, test, and improve the Services, including research and analytics that help us make informed product decisions.
• Detect, investigate, and prevent security incidents, fraud, abuse, or other harmful activity.
• Send marketing communications about Riposte features, events, and promotions where permitted by law. You may opt out at any time.
• Comply with legal obligations, enforce our agreements, and protect the rights and safety of Riposte, our customers, and the public.

5. Legal Bases for Processing

If you are located in the European Economic Area, United Kingdom, or Switzerland, our legal bases for processing personal information include: (a) performance of a contract, (b) legitimate interests in operating and improving the Services, (c) compliance with legal obligations, and (d) consent, where applicable.

6. Sharing of Information

We do not sell personal information. We may share information with:

• Service providers that help us operate the Services (e.g., hosting, payment processing, analytics, customer support). These providers are contractually obligated to safeguard your information and may only use it on our behalf.
• Integration partners that you authorize in connection with your Riposte deployment.
• Professional advisors, auditors, and insurers for legitimate business purposes.
• Law enforcement, regulators, or other parties when required by law or to protect our legal rights, users, or the public.
• Successors or affiliates in the event of a merger, acquisition, reorganization, or sale of assets, subject to this Privacy Policy.

7. International Transfers

Riposte is based in the United States. If you access the Services from outside the U.S., we may transfer personal information to the U.S. or other jurisdictions that may not provide the same level of data protection as your home country. Where required, we implement appropriate safeguards such as Standard Contractual Clauses to protect information transferred internationally.

8. Data Retention

We retain personal information for as long as necessary to fulfill the purposes described in this policy, comply with our legal obligations, resolve disputes, and enforce agreements. Criteria we use to determine retention periods include the nature of the data, the reason it was collected, and applicable regulatory requirements. You may request deletion of certain information as described below.

9. Your Rights and Choices

Depending on your jurisdiction, you may have the right to access, correct, update, export, or delete personal information we hold about you. You can exercise these rights by contacting [email protected]. We may need to verify your identity before fulfilling requests. You also have the right to:

• Object to or restrict processing in certain circumstances.
• Opt out of marketing communications by clicking the unsubscribe link in our emails or contacting us directly.
• Disable cookies through your browser or device settings.

If you are an end user of a Riposte customer, please direct your privacy requests to that customer; we will assist them as required by our agreements.

10. Security

We use administrative, technical, and physical safeguards designed to protect personal information. These measures include access controls, encryption in transit, network monitoring, regular security assessments, and employee training. No system is completely secure, and we cannot guarantee absolute security. You are responsible for securing credentials, configurations, and data within your own infrastructure.

11. Third-Party Links and Services

The Services may contain links to third-party websites or services that are not controlled by Riposte. We are not responsible for the privacy practices of third parties, and we encourage you to review their policies before providing personal information.

12. Children’s Privacy

The Services are not directed to children under 16, and we do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will take steps to delete it. If you believe a child has provided personal information to Riposte, contact us at [email protected].

13. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, technologies, or legal requirements. When we make material changes, we will notify you by posting the updated policy with a revised “Last updated” date or by other appropriate means. Your continued use of the Services after the effective date signifies your acceptance of the updated policy.

14. Contact Us

If you have questions or concerns about this Privacy Policy, contact us at [email protected] or by mail at Riposte Inc., 548 Market St PMB 16786, San Francisco, CA 94104, USA.