Privacy Policy

1. Overview

This Privacy Policy explains how Riskor (“Riskor,” “we,” “us,” or “our”) collects, uses, and shares personal information when you use our websites, APIs, software, dashboards, documentation, and related services (the “Services”). This Policy applies to business users only. By using the Services, you agree to this Policy and our Terms of Use.

2. Information We Collect

• Account & Contact Information. Business contact details you provide (e.g., name, email, company, role), authentication information, and communication preferences.
• Billing Information. Payment method, transaction records, and tax info processed by our payment processor (we do not store full card numbers).
• Customer Content. Data you submit to or process via the Services (e.g., text/messages) for analysis. You control what you send.
• Service Data. Technical and usage data (e.g., logs, request metadata, timestamps, IP address, user agent, performance metrics) generated to operate and secure the Services.
• Cookies & Similar Technologies. We use essential cookies and limited analytics to understand product usage and improve reliability. We do not use third-party advertising cookies.

We do not intentionally collect special categories of personal data (e.g., health, biometric, or precise geolocation data). Please do not submit such data unless we have agreed in writing.

3. How We Use Information

• Provide, maintain, troubleshoot, and improve the Services.
• Secure the Services, prevent misuse, and investigate abuse or fraud.
• Operate billing, account management, and customer support.
• Communicate with you about updates, security alerts, and service-related matters.
• Comply with applicable laws and enforce our Terms.

No training by default: We do not use your Customer Content to train generalized foundation models or to improve services for other customers, unless you expressly opt in in writing. We may use de-identified or aggregated information for analytics and reliability insights.

4. Legal Bases (where applicable)

Where required (e.g., EEA/UK), we process personal information based on: (a) performance of a contract; (b) our legitimate interests in operating, securing, and improving the Services; (c) compliance with legal obligations; or (d) your consent (which you can withdraw at any time).

5. How We Share Information

• Service Providers. We use third-party vendors (e.g., hosting, email, payments, logging) to operate the Services. They process information on our behalf under contractual safeguards, and we remain responsible for their performance.
• Compliance & Safety. We may disclose information if required by law or to protect rights, safety, and the integrity of the Services.
• Business Transfers. If we undergo a merger, acquisition, or asset transfer, information may be transferred as part of that transaction.

We do not sell personal information and we do not share it for cross-context behavioral advertising.

6. International Data Transfers

We may process information in countries other than yours. Where we transfer personal data from the EEA/UK, we rely on appropriate safeguards (such as the European Commission’s Standard Contractual Clauses) offered by our service providers, as applicable.

7. Security

We implement reasonable administrative, technical, and physical safeguards to protect personal information. No method of transmission or storage is completely secure.

If we become aware of a Security Incident involving unauthorized access to Customer Content, we will notify the account owner without undue delay and in any event within 72 hours, and share information reasonably available.

8. Retention

We retain personal information for as long as necessary to provide the Services and fulfill the purposes described in this Policy. Upon termination of Services or your written request, we will delete or return Customer Content within 30 days, except where retention is required by law. Backups are overwritten within 90 days.

9. Your Choices & Rights

• Access, Correction, Deletion. You can request access to, correction of, or deletion of your personal information.
• Portability & Objection (where applicable). You may request portability and object to processing based on legitimate interests.
• Marketing Preferences. You can opt out of marketing emails at any time by using the unsubscribe link or contacting us.
• Consent Withdrawal. Where we rely on consent, you may withdraw it at any time.

To exercise rights, contact privacy@riskorai.com. We may ask you to verify your identity.

10. Children

The Services are intended for business use and are not directed to children under 16. If you believe we have collected personal information from a child, contact us and we will take appropriate steps to delete it.

11. Roles

For Customer Content that you submit to the Services, you are the data controller and Riskor acts as your data processor. For Service Data and our own business operations, Riskor is the data controller. Where required by law, a Data Processing Addendum (DPA) can be executed.

12. Changes to This Policy

We may update this Policy. We will post updates with a new “Last Updated” date and, for material changes, provide reasonable advance notice by email or in-product notice. Continued use after the effective date constitutes acceptance.

13. Contact Us

Questions or requests about this Policy can be sent to contact@riskorai.com. For legal notices, contact contact@riskorai.com. Until a registered business address is published on our website, email is our primary contact method.