Privacy Policy

1. Introduction

Riffle Studio Private Limited, a company incorporated under the laws of India, and its affiliate Riffle, Inc., a corporation organized under the laws of the United States (collectively, "Riffle," "we," "us," or "our"), are committed to protecting and respecting your privacy.

This Privacy Policy ("Policy") describes how we collect, use, process, store, disclose, and protect your personal data and information when you access or use the Riffle music creation platform, including the website at https://www.riffle.studio, the application at https://app.riffle.studio, and all related services, features, and tools (collectively, the "Platform").

This Policy is published in compliance with the Digital Personal Data Protection Act, 2023 ("DPDP Act") (India), the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (India), the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 ("CCPA/CPRA"), and other applicable privacy and data protection laws in India and the United States. If you are a resident in the European Union, EEA, or UK, the General Data Protection Regulation (EU 2016/679) or the UK GDPR, will be applicable.

By accessing or using the Platform, you consent to the collection, use, and processing of your personal data as described in this Policy. If you do not agree with this Policy, please do not access or use the Platform.

2. Data Controller / Data Fiduciary

For the purposes of the DPDP Act, Riffle Studio Private Limited is the "Data Fiduciary" responsible for the processing of your personal data. For users in the United States, Riffle, Inc. acts as the entity responsible for the collection and processing of your personal information. For any questions about data processing, please contact us at support@riffle.studio.

3. Information We Collect

We collect and process the following categories of personal data and information. Some of the categories under this section may constitute sensitive personal data under applicable law. Where required, we will obtain your explicit, informed consent before collecting such data, and provide you the option to opt out or disable specific data collection features without losing access to core functionality of the Platform.

4. Purpose of Data Collection and Legal Basis

We use your personal data for the following purposes:

1. Platform Operation and Service Delivery: To provide, operate, maintain, and improve the Platform and its features, including AI Features, and to process your transactions.
2. Account Management: To create and manage your account, authenticate your identity, and provide customer support.
3. Communication: To send you Platform-related notices, updates, security alerts, and administrative messages, and to respond to your inquiries and support requests.
4. Personalization: To personalize your experience on the Platform, including by providing content recommendations and tailored features.
5. Analytics and Improvement: To analyze usage patterns, conduct research, and improve the Platform's functionality, user experience, and AI Features.
6. AI Model Training and Improvement: We may use anonymized and aggregated data derived from your use of the Platform to train, improve, and develop our AI Features. We will not use your identifiable User Content for AI training without your explicit consent.
7. Marketing: To send you promotional communications about Riffle's products and services, subject to your communication preferences and applicable law. You may opt out of marketing communications at any time.
8. Legal Compliance and Protection: To comply with applicable laws and regulations, respond to legal process, protect our rights and interests, and enforce our Terms of Service, T&C, and this Policy.
9. Safety and Security: To detect, investigate, and prevent fraud, security breaches, and other harmful activities.

Under the DPDP Act, the legal basis for processing your personal data is your consent, which is obtained when you create an account or use the Platform, and for certain purposes, legitimate uses as permitted under applicable law. Under the CCPA/CPRA, we process your personal information for business and commercial purposes as described above.

5. Data Sharing and Disclosure

Riffle does not sell your personal data. We may share your personal data in the following circumstances:

1. With Your Consent: When you explicitly agree to share content with collaborators or make it public through the Platform's collaboration features.
2. Service Providers: With trusted third-party vendors and service providers who assist us in operating the Platform, including cloud hosting providers, payment processors, analytics providers, email service providers, and customer support tools. These service providers are contractually obligated to use your personal data only for the purposes of providing services to us and in compliance with applicable law.
3. Affiliates: With Riffle's affiliates, including Riffle, Inc., for the purposes described in this Policy and to provide a seamless experience across jurisdictions.
4. Legal Requirements: When required by law, regulation, legal process, or governmental request, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a government request.
5. Business Transfers: In connection with, or during negotiations of, any merger, acquisition, sale of assets, financing, reorganization, bankruptcy, or similar transaction involving all or a portion of our assets, in which case your personal data may be transferred as part of such transaction.
6. Aggregated and Anonymized Data: We may share aggregated, de-identified, or anonymized data that cannot reasonably be used to identify you, for industry analysis, research, marketing, and other purposes.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with the Platform's services. We will also retain your personal data as necessary to comply with our legal obligations, resolve disputes, enforce our agreements, and for legitimate business purposes.

Upon termination or deletion of your account, we will delete or anonymize your personal data within a reasonable period, except to the extent that retention is required by applicable law or for legitimate business purposes. Backup copies may be retained for a limited additional period for disaster recovery purposes and will be deleted in accordance with our standard backup rotation schedules.

User Content that has been shared with other users through collaboration features may persist in those users' accounts and projects even after your account is deleted, to the extent necessary to preserve the integrity of collaborative works.

7. Data Security

We implement and maintain appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include, but are not limited to: (a) encryption of data in transit and at rest; (b) access controls and authentication mechanisms; (c) regular security assessments and vulnerability testing; (d) employee training on data protection and security; and (e) secure server infrastructure provided by reputable cloud service providers.

While we strive to protect your personal data, no method of electronic transmission or storage is completely secure. We cannot guarantee the absolute security of your personal data, and any transmission is at your own risk.

8. Cross-Border Data Transfers

As Riffle operates in both India and the United States, your personal data may be transferred to, processed, and stored in a jurisdiction other than the one in which you reside. Such transfers may be necessary for the provision of the Platform, for data processing by our affiliates, or by our service providers located in other jurisdictions.

For users in India, cross-border data transfers shall be conducted in compliance with the DPDP Act, including any restrictions notified by the Central Government regarding the transfer of personal data to specific countries or territories.

For users in the United States, data may be transferred to and processed in India or other jurisdictions where our service providers are located. We ensure that appropriate safeguards are in place to protect your personal data in accordance with applicable law.

For users residing in the European Union, EEA or UK, to the extent we transfer, store, or otherwise process your personal data outside your region, we will only transfer personal data to countries which have been found to have adequate level of protection for personal data for the purposes of the European or UK GDPR, or where such transfers are subject to appropriate safeguards.

9. Your Rights

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and track information about your use of the Platform. The types of cookies we use include:

1. Strictly Necessary Cookies: Essential for the operation of the Platform, including authentication, security, and session management.
2. Functional Cookies: Enable personalized features and remember your preferences.
3. Analytics Cookies: Help us understand how users interact with the Platform, enabling us to improve its functionality and user experience.
4. Marketing Cookies: Used to track your browsing activity to deliver relevant advertisements and measure the effectiveness of marketing campaigns.

You can manage your cookie preferences through your browser settings. Please note that disabling certain cookies may affect the functionality of the Platform. For users in India, cookie consent is obtained in compliance with the DPDP Act. For users in the United States, we comply with applicable state-level cookie and tracking laws.

11. Do Not Track Signals

Some browsers transmit "Do Not Track" (DNT) signals to websites. At this time, we do not respond to DNT signals. However, you can manage your privacy preferences through the cookie management and opt-out mechanisms described in Section 10 above.

12. Children's Privacy

The Platform is not intended for children under the age of thirteen (13). We do not knowingly collect personal data from children under thirteen (13). If we become aware that we have collected personal data from a child under thirteen (13) without verification of parental consent, we will take steps to delete that information promptly. If you believe that we may have collected personal data from a child under thirteen (13), please contact us at support@riffle.studio.

For users between the ages of thirteen (13) and eighteen (18), parental or guardian consent is required. The parent or guardian providing consent agrees to be bound by this Policy and assumes responsibility for the minor's use of the Platform.

13. Grievance Officer (India)

In accordance with the Information Technology Act, 2000 and the rules made thereunder, and the DPDP Act, the details of the Grievance Officer are as follows:

The Grievance Officer shall address your concerns and grievances regarding data processing within a period of thirty (30) days from the date of receipt of such grievance. If you are not satisfied with the resolution provided by our Grievance Officer, you may escalate your complaint to the Data Protection Board of India (under the DPDP Act).

14. Changes to This Policy

Riffle reserves the right to update or modify this Policy at any time. When we make material changes to this Policy, we will notify you by posting the updated Policy on the Platform and updating the Effective Date and Last Updated date at the top of this Policy. We may also notify you by email or through an in-Platform notification for significant changes. Your continued use of the Platform after the posting of any changes constitutes your acceptance of such changes.

We encourage you to review this Policy periodically to stay informed about how we are protecting your personal data.

15. Contact Information

For any questions, concerns, or requests regarding this Policy or our data processing practices, please contact us at:

© Riffle Studio Private Limited & Riffle Inc. All rights reserved.