Last updated: December 1, 2024

Privacy Policy

Riptides, Inc. ("Riptides," "we," "us," or "our") operates the website located at riptidesio.com and provides the Riptides runtime identity and security platform (collectively, the "Services"). This Privacy Policy explains how we collect, use, disclose, and protect information about you when you use our Services or interact with us.

By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with any part of this Privacy Policy, please do not use our Services.

1. Information We Collect

1.1 Information You Provide

We collect information you provide directly to us, including:

  • Account registration information: Name, email address, company name, job title, and password when you create an account.
  • Contact form submissions: Name, email address, company name, and any message content you submit through our website contact forms.
  • Payment information: Billing address and payment card details (processed through our third-party payment processors; we do not store raw card numbers).
  • Communications: The content of emails, support tickets, and other communications you send to us.
  • Feedback and surveys: Responses to product surveys, feature requests, and user research sessions.

1.2 Information Collected Automatically

When you use our website or Services, we automatically collect certain information, including:

  • Log data: IP address, browser type, browser version, pages visited, time and date of visits, time spent on pages, and referring URLs.
  • Usage data: Feature usage patterns, API call volumes, error rates, and other aggregate platform performance metrics.
  • Device information: Device type, operating system, and hardware identifiers.
  • Cookies and tracking technologies: See Section 6 (Cookies) for details.

1.3 Customer Platform Data

When you use the Riptides platform, we process data related to your AI workloads as a data processor on your behalf. This includes:

  • Agent identity metadata (agent class, task context identifiers, timestamp)
  • Policy enforcement logs (which policies were evaluated, pass/fail outcomes)
  • Audit events (API calls made by agents, tool invocations, outcome codes)

We do not access or process the content of your AI agents' inputs or outputs. We process control-plane metadata only. Your data processing agreement (DPA) governs the handling of customer platform data.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing and improving the Services: Operating the platform, processing transactions, and developing new features based on usage patterns.
  • Customer support: Responding to inquiries, resolving technical issues, and providing onboarding assistance.
  • Security and fraud prevention: Monitoring for unauthorized access, detecting abuse, and enforcing our Terms of Service.
  • Communications: Sending transactional emails (account notifications, billing), product updates, and, where you have opted in, marketing communications.
  • Legal compliance: Complying with applicable laws, regulations, and legal processes.
  • Analytics: Understanding how our Services are used to make product improvements.

3. How We Share Your Information

We do not sell your personal information. We share information with third parties only in the following circumstances:

  • Service providers: We share information with vendors who provide services on our behalf, such as cloud hosting (AWS), payment processing (Stripe), email delivery, and analytics. These providers are contractually required to use your data only to provide services to us.
  • Legal requirements: We may disclose information if required by law, court order, or other governmental authority, or when we believe disclosure is necessary to protect rights, property, or safety.
  • Business transfers: If Riptides is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your personal information is transferred and becomes subject to a different privacy policy.
  • With your consent: We may share information for other purposes with your explicit consent.

4. Data Retention

We retain personal information for as long as necessary to provide the Services and fulfill the purposes described in this Privacy Policy, unless a longer retention period is required by law.

  • Account data: Retained for the duration of your account and for up to 90 days after account deletion to enable account recovery and resolve disputes.
  • Platform audit logs: Retained according to your plan's retention policy (30, 90, or 365 days), after which logs are permanently deleted.
  • Communications: Retained for up to 3 years for support and compliance purposes.
  • Billing records: Retained for 7 years as required by applicable financial regulations.

5. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request that we correct inaccurate or incomplete information.
  • Deletion: Request deletion of your personal information, subject to certain legal exceptions.
  • Portability: Request a machine-readable export of your personal information.
  • Objection and restriction: Object to or request restriction of certain processing activities.
  • Marketing opt-out: Unsubscribe from marketing communications at any time using the unsubscribe link in any marketing email or by contacting us.

To exercise any of these rights, contact us at privacy@riptidesio.com. We will respond to verified requests within 30 days.

6. Cookies

We use cookies and similar tracking technologies to operate our website and Services. See our Cookie Policy for detailed information about the cookies we use and how to control them.

7. Data Security

We implement technical and organizational security measures appropriate to the sensitivity of the information we process. These include:

  • Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
  • Role-based access controls limiting employee access to customer data
  • Regular penetration testing and vulnerability assessments
  • SOC 2 Type II compliance (report available to enterprise customers under NDA)
  • Incident response procedures with customer notification within 72 hours of confirmed breach

No method of transmission over the internet or electronic storage is completely secure. While we strive to use commercially reasonable means to protect your information, we cannot guarantee absolute security.

8. International Data Transfers

Riptides is headquartered in the United States. If you access our Services from outside the United States, your information may be transferred to, stored, and processed in the United States. By using our Services, you consent to the transfer of your information to the United States.

For customers in the European Economic Area (EEA) or United Kingdom, we rely on Standard Contractual Clauses (SCCs) as our lawful transfer mechanism. Contact us at privacy@riptidesio.com for a copy of our SCCs.

9. Children's Privacy

Our Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete that information promptly.

10. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of third-party sites. We encourage you to review the privacy policies of any third-party sites you visit.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated policy on our website and, where required, by emailing you. The updated policy will indicate the date it was last revised. Your continued use of the Services after the effective date of the updated policy constitutes your acceptance of the changes.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy, contact our privacy team:

  • Email: privacy@riptidesio.com
  • Mail: Riptides, Inc., Attn: Privacy Team, 2000 1st Avenue, Suite 800, Seattle, WA 98121

Back to Home  |  Terms of Service  |  Cookie Policy