Privacy Policy

This Privacy Policy explains how Rivo Studio collects, uses, and shares information when you use the Service. It’s written to be thorough and readable, without repeating the same ideas in different words.

The Service is a product for generating and iterating on codebases. That means we store project content (like prompts and generated files) so you can continue where you left off, share previews, and export to GitHub.

This policy is a general template and not legal advice. If you operate in regulated markets or specific jurisdictions, consult counsel.

We collect information in a few categories:

• Account data (e.g., email, authentication identifiers, and basic profile details if provided).
• Project data (prompts, chat messages, generated files, and metadata like project titles and timestamps).
• Usage data (feature interactions, request timing, and diagnostics to keep the Service reliable).
• Integration data (when you connect GitHub, we receive tokens/scopes and repository identifiers necessary to perform actions you request).

We do not intentionally collect sensitive categories of personal data unless you choose to include them in prompts or projects. Please avoid submitting secrets (API keys, private keys, passwords) in prompts.

We use collected information to:

• Provide the Service (login, project creation, generation, preview, export).
• Store and sync your projects across sessions and devices.
• Prevent abuse, enforce policies, and protect users and infrastructure.
• Improve quality (debugging, performance, and feature iteration).
• Communicate with you about updates, support, and security notices.

When you send a prompt, we process it to produce Output (e.g., code and previews). That can involve sending the prompt and relevant project context to model providers.

We keep prompts, messages, and generated files so you can continue iterating. Because projects can include large amounts of code, we may store truncated context for model calls while retaining full files for export and preview.

If you include personal data in prompts, it may be processed as part of generation. You control what you submit; avoid including data you don’t want stored or processed.

We use cookies and similar technologies to keep you signed in, maintain session state, and secure requests. Some cookies are essential for core functionality.

If we add analytics in the future, we will describe what is collected, how to opt out where required, and how it relates to account/session behavior.

We may send transactional emails (such as login, verification, security notices, or product confirmations). If we send marketing emails, we’ll provide unsubscribe options.

Email delivery may be handled by third-party providers. Those providers process message content and delivery metadata to deliver email and reduce abuse.

We share information in limited situations:

• Vendors that provide hosting, storage, authentication, email delivery, and model inference—only as needed to run the Service.
• Integrations you enable (e.g., GitHub) when you request exports, repo creation, or file pushes.
• Legal when required by law or to protect rights, safety, and security.

We do not sell your personal information as that term is commonly used in privacy laws.

If you choose to publish or share projects externally (for example, by pushing to a public GitHub repository), your content becomes subject to the terms and visibility settings of those platforms.

Rivo Studio does not control how third parties index, cache, or re-share public repositories. Be thoughtful about what you publish, and avoid including secrets or personal data in generated code, configuration files, or documentation.

We use reasonable administrative, technical, and organizational measures to protect information. No system is perfectly secure; you are responsible for protecting your own credentials and for reviewing generated code before deployment.

If you discover a vulnerability, please report it responsibly. Do not attempt to access data that is not yours.

We retain account and project data as long as needed to provide the Service and comply with legal obligations. Retention periods can vary depending on data type and purpose.

Backups may persist for a limited time even after deletion requests. We aim to minimize retention where feasible while maintaining reliability and security.

To operate the Service, we may use vendors for hosting, storage, authentication, email delivery, logging/monitoring, and AI model inference. Vendors process data on our behalf under agreements designed to protect confidentiality and security.

Model vendors may receive prompts and selected project context necessary to produce Output. We aim to send only what is needed for generation and to avoid unnecessary data exposure.

Depending on where you live, you may have rights to access, correct, delete, or export your information. You may also have rights to object to or restrict certain processing.

You can typically manage your project data directly in the product. If you need help with a request, contact us and describe what you’d like to do.

If you are a California resident, you may have additional rights regarding personal information, including the right to know, delete, correct, and obtain a portable copy, and the right to opt out of certain “sharing” for cross‑context behavioral advertising.

The Service is not designed around advertising profiles. If we introduce advertising or “sharing” as defined by California law, we will provide an opt‑out mechanism and update this policy accordingly.

If you are in the EEA or UK, processing may rely on legal bases such as contract necessity (to provide the Service), legitimate interests (to secure and improve the Service), and consent (where required).

You may have rights to object, restrict processing, and lodge a complaint with a data protection authority. We will respond to requests as required by applicable law.

Generation features use automated processing to transform prompts into Output. This is intended to help you draft content and code. It is not intended to produce decisions about you that have legal or similarly significant effects.

If you build workflows that rely on generated Output for decisions affecting people (e.g., eligibility, employment, lending), you are responsible for adding human review, transparency, and compliance controls.

Some browsers and extensions provide signals like Global Privacy Control (GPC). If we operate in jurisdictions where such signals must be honored for certain processing, we will apply them as required.

Because the Service primarily uses data to provide core functionality (authentication, project storage, generation), many processing activities are “essential” and not based on advertising use cases.

The Service is not directed to children, and we do not knowingly collect personal information from children under the age of 13 (or the applicable age threshold in your jurisdiction). If you believe a child has provided information, contact us.

We may process and store information in countries other than where you live. Those countries may have different data protection laws.

Where required, we use appropriate safeguards for cross-border transfers.

We may update this Privacy Policy from time to time. If we make material changes, we will provide reasonable notice. Continued use of the Service after an update means you accept the updated policy.

Questions about privacy? Contact us through the product or via the repository contact information.