Privacy Policy
Last updated May 19, 2026
Riseo is an autonomous local marketing platform for health and wellness businesses. This policy explains what data we collect when you use Riseo, why we collect it, and what control you have over it.
By using Riseo, you agree to what's described here.
Who's covered
This policy applies to:
- People who visit our website at riseo.ai
- People who sign up for a Riseo account at app.riseo.ai
- People who contact us by email
It doesn't apply to:
- Data your customers leave on your Google Business Profile, your website, or other channels Riseo connects to. That data belongs to those services, governed by their privacy policies and the agreements you have with your end customers.
- Content Riseo generates for you once it's published. After you approve a draft and it goes live, what happens to that content on your channels is yours to manage under your own privacy practices.
What we collect
When you sign up
We collect what you tell us during onboarding:
- Your name and email address
- Your clinic or business name, address, and Google Business Profile details
- Specialty, services, ideal patient description, and other information you fill in across the onboarding flow
- Tone preferences and writing samples
This is the data Riseo uses to generate drafts that sound like your practice.
When you connect third-party services
If you connect Google Business Profile, Google Search Console, or Google Sign-In, we store the OAuth tokens that let Riseo act on your behalf with those services. Tokens are encrypted at rest using AES-256-GCM.
We don't store your Google account password. We only store the OAuth tokens Google issues us.
When you pay
We use Stripe to process payments. Stripe collects your card details directly — we never see them. We do receive and store:
- Your Stripe customer ID
- Your subscription plan, status, and billing dates
- Whether your most recent invoice succeeded or failed
When you use the product
We automatically log:
- Your IP address (used for fraud prevention and to estimate your general location)
- Your browser and device type
- The pages you visit inside Riseo and the actions you take (which drafts you approve, which features you use)
- Errors and crashes, so we can fix them
When you contact us
If you email us, we keep your messages so we can respond and so we have a record of what was discussed.
How we use it
We use your data to:
- Run the product. Generate drafts, publish them, sync with your Google Business Profile, calculate your local ranking, send you notifications.
- Bill you. Charge for your subscription, send invoices, handle refunds.
- Support you. Respond to questions, fix bugs you report.
- Make Riseo better. Look at aggregated usage to understand what features work and what don't.
- Protect Riseo and our customers. Detect fraud, abuse, or anything that threatens the platform's stability.
- Stay legal. Comply with tax law, respond to legitimate legal requests, enforce our Terms.
We don't sell your data. We don't share it with advertisers. We don't use your clinic data to train AI models for anyone else — your data trains Riseo's voice for you specifically.
Who else sees it
Riseo runs on services from other companies. They see only what they need to do their job:
| Service | What they do | What they see |
|---|---|---|
| Stripe | Billing and payment processing | Your name, email, card details (Stripe sees these directly; we don't), subscription state |
| Anthropic | AI content generation via Claude | Your onboarding answers and tone preferences when generating drafts |
| OAuth and API access for Business Profile, Search Console, and Sign-In | Whatever scopes you grant during the connection flow | |
| Clerk | Sign-in and account authentication | Your name, email, password (hashed by Clerk; we never see it) |
| Resend | Sending emails Riseo sends to you | Your email address and the content of those emails |
| Cloudflare R2 | Storing draft images | Image files generated for your drafts |
| Railway | Hosting Riseo's servers and database | All data Riseo stores, by virtue of being our infrastructure provider |
| DataForSEO | Competitor ranking data | Only public business information about competitors you're tracking; never your data |
| Pexels | Sourcing stock images | A search query (e.g., "modern dental office") when we look up images for your drafts |
Each of these has its own privacy policy. We pick vendors that take security seriously and publish their data protection commitments.
When the law requires it
We may share your data if we believe in good faith that it's required by:
- A court order or subpoena
- A government investigation we're legally compelled to cooperate with
- A request to protect Riseo, our customers, or the public from harm or fraud
We don't share data with law enforcement just because they ask. We require legal process.
If Riseo is sold or merged
If Riseo is acquired or merged with another company, your data goes with the business. We'd notify you in advance and explain what changes.
Your data, your choices
See and change your data
You can see and edit most of your data from inside Riseo — Settings → Profile for clinic information, Settings → Billing for subscription details, Authors for content attribution, and so on. For anything you can't reach in the UI, email [email protected].
Delete your data
You can request deletion of your Riseo account anytime by emailing [email protected]. We'll confirm the request, then delete your data within 30 days. Some records (billing records, security logs) may be retained for as long as legally required — typically up to seven years for tax purposes.
We keep your data as long as your account is active. We don't auto-delete inactive accounts.
Unsubscribe from emails
Every email Riseo sends has an unsubscribe link, or you can email [email protected]. Note: even if you unsubscribe from marketing emails, you'll still receive account emails (billing receipts, security alerts), because those are required to operate the service.
If you're in California
California's privacy law (CCPA/CPRA) gives you specific rights:
- The right to know what personal information we collect and how we use it — this whole policy covers that
- The right to receive a copy of your data in a portable format
- The right to delete your data
- The right to correct inaccurate data
- The right to opt out of the sale or sharing of your data for cross-context behavioral advertising — we don't do this, but you have the right anyway
- The right to non-discrimination if you exercise any of these rights
To exercise any of these, email [email protected]. We'll verify your identity first (so we don't hand your data to someone pretending to be you), then process the request within the timeline California requires.
Cookies
Riseo uses minimal cookies. We don't use cookies for advertising or cross-site tracking.
| Cookie | What it does | How long |
|---|---|---|
__session, __client, __client_uat |
Set by Clerk to keep you logged in | Session |
__cf_bm |
Set by Cloudflare to distinguish humans from bots | 30 minutes |
You can block cookies in your browser settings. If you block authentication cookies, you won't be able to log in to Riseo.
We don't currently use analytics cookies, marketing cookies, or third-party tracking cookies. If we add any in the future, we'll update this policy and ask for your consent where required.
Security
We protect your data with:
- HTTPS encryption for all traffic between your browser and our servers
- AES-256-GCM encryption for OAuth tokens at rest
- Password hashing handled by Clerk (Riseo never sees or stores your password)
- Database access controls — only authorized Riseo systems can read your data
- Regular dependency updates and security patches
No system is perfectly secure. We treat your data the way we'd want ours treated, and we'll tell you promptly if we ever have reason to believe your data was exposed.
How long we keep your data
- Account data: As long as your account is active. We don't auto-delete inactive accounts.
- After deletion request: Removed from active systems within 30 days. Records required by law (billing for tax purposes) may be kept up to seven years.
- Application logs: Typically 90 days. Security or fraud-related logs may be retained longer.
- Backups: Deleted data may persist in encrypted backups for up to 90 days before being permanently overwritten.
Children's data
Riseo is for businesses, not individuals under 18. We don't knowingly collect data from children. If you believe a child has signed up for Riseo, email [email protected] and we'll delete the account.
International visitors
Riseo operates from Canada. Our servers and most of our vendors are based in the United States. If you access Riseo from outside Canada, your data is transferred to and processed in Canada and the United States.
We don't currently serve customers in the European Union or United Kingdom and have not made provisions for GDPR compliance. If you're in the EU or UK, please don't sign up for Riseo — we'll expand there with full GDPR coverage when we're ready.
Changes to this policy
We'll update this page when our practices change. Material changes — the kind that affect what data we collect or how we use it — will be communicated by email to active accounts at least 30 days before they take effect. Minor changes (typos, clarifications) take effect immediately on posting.
Check the "Last updated" date at the top to see when this policy last changed.
Contact us
Questions, complaints, or requests about your data:
Email: [email protected]
Riseo operates from London, Ontario, Canada. We'll provide additional contact information on request — email us and ask.