Privacy Policy
This Privacy Policy explains what information Rife Systems collects, how we use it, and your choices.
1. Information We Collect
Account information: email address, hashed password, account preferences (newsletter opt-in, time zone if provided).
Usage and security data: IP address, user agent (browser/device), accept-language header, session timestamps, and (for the Research Assistant) the questions you submit and the responses we return.
Audit trail: account events such as registration, sign-in, sign-out, password changes, newsletter subscription changes, and administrative actions.
Lead capture: if you submit your email on the /shop or /research-assistant pages, we record your email along with the page that submitted it, your IP, and user agent.
We do not use third-party analytics, advertising trackers, or session replay tools on this site.
2. How We Use Information
- To provide and operate the Service (authenticate you, return AI responses, deliver products).
- To send transactional emails (verification, password reset, account notices).
- To send marketing emails if you have opted in (and only until you opt out).
- To investigate abuse, fraud, account compromise, and violations of our Terms.
- To comply with legal obligations and respond to lawful requests.
- To improve the Service (in aggregate; we do not train AI models on individual chat content).
3. Sharing
We do not sell your personal information. We share information only with:
- Email delivery provider (Google Workspace) to send transactional and newsletter email.
- Network and hosting providers (Cloudflare for tunneling/DNS, our self-hosted infrastructure) as required to deliver the Service.
- Payment processors (e.g., Stripe) when you make a purchase. Your payment card details are handled directly by the processor and not stored by us.
- Legal compliance: if required by valid legal process or to protect rights, safety, or property.
4. Cookies and Local Storage
We use a single first-party cookie (rs_session) to keep you signed in. Admin sessions also use a short-lived TOTP marker cookie. We do not set advertising cookies or third-party trackers.
5. Data Retention
- Account data: retained for the life of your account. When you delete your account from settings, your account record, sessions, and chat history are removed within 24 hours.
- Audit log: retained for 24 months for security and abuse-investigation purposes.
- Backup snapshots: may persist for up to 90 days after deletion.
- Email opt-out records: retained indefinitely so we can honor the opt-out even if you re-register.
6. Your Choices
- Newsletter: toggle in your account settings, or use the unsubscribe link in any newsletter email.
- Account deletion: available in your account settings.
- Access / export: email [email protected] and we will provide a copy of the data we have associated with your account.
- Correction / rectification: you can change your email or password from your account; for other corrections, contact us.
7. EU/UK and Canadian Residents
If you are in the EU, UK, or Canada, you have additional rights under the GDPR / UK GDPR / PIPEDA, including the right to object to processing, request restriction, or lodge a complaint with your local supervisory authority. The legal basis for our processing is performance of our contract with you (account operation), our legitimate interest (security/fraud prevention), and your consent (marketing email).
8. Children
The Service is not directed to children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.
9. Security
We use industry-standard practices including encrypted connections (TLS), hashed passwords (argon2id), strict admin access (TOTP), rate limiting, IP/email blocklists, and continuous audit logging. No system is perfectly secure; you are responsible for keeping your account credentials confidential.
10. Changes
We may update this Policy. Material changes will be communicated by email and/or in-product notice.
11. Contact
Privacy questions or requests: [email protected].