Privacy Policy

Last updated: 2026-05-11

This page explains what data Rizmo collects, why we collect it, who we share it with, how long we keep it, and the rights you have over it. Rizmo is operated by the Rizmo team from Spain. The data controller for the purposes of EU and UK data-protection law is reachable at hello@rizmo.app.

Short version

  • We collect what we need to run the service and nothing more.
  • Screenshots you upload are processed to generate replies and are not used to train public AI models or sold to anyone.
  • Payments are handled by Stripe; we never see your card number.
  • You can ask us to export or delete your data at any time.

1. What we collect

Account information

When you register, we collect your email address and a name (the name is optional in some flows). We store a hashed version of your password, never the plain text. We collect basic authentication metadata (account-creation timestamp, last login).

Screenshots and chat content

When you use the rizz generator, you upload a screenshot of a chat. The screenshot is sent to our AI provider for processing and a reply is returned. We retain the screenshot for the time needed to generate the reply and for a short period afterward to support troubleshooting if you report a bad output. Retention windows are listed in section 4.

Generated replies

The reply suggestions we produce for you are stored against your account so you can revisit them, save them (Pro), and so we can enforce free-tier limits. Pro users can delete their saved replies at any time from the saved library.

Payment information

If you upgrade to Pro or Lifetime, payment is processed by Stripe. We do not receive or store your card number, CVV, or bank details. We do receive from Stripe: a customer ID, the subscription status, the plan you are on, and the country of the card (for tax purposes). Stripe's own privacy notice applies to the parts of the transaction they handle.

Technical and usage data

We log standard server data: IP address, user-agent string, request paths, timestamps. We use this for security (rate-limiting, abuse detection) and for diagnosing errors. We do not run third-party analytics scripts that profile individual users across sites.

2. Why we collect it (legal bases)

Under GDPR, we rely on the following legal bases:

  • Performance of a contract: processing necessary to provide the service you signed up for (account, generations, billing).
  • Legitimate interest: security logging, rate-limiting, fraud prevention, and the minimum diagnostics needed to keep the service running.
  • Consent: any marketing emails you opted in to. You can withdraw consent at any time.
  • Legal obligation: tax records related to paid subscriptions.

3. Who we share it with

We share only what is necessary, only with providers who help us run Rizmo. Specifically:

  • Stripe for payment processing. Their privacy policy: stripe.com/privacy.
  • Anthropic for AI inference on uploaded screenshots. Their privacy policy: anthropic.com/legal/privacy.
  • Our hosting provider for server infrastructure (currently Hetzner, EU data centers).
  • Email delivery provider for transactional emails (account confirmations, password resets, billing receipts).

We do not sell or rent your data. We do not share screenshots, chat content, or generated replies with advertisers or data brokers.

4. How long we keep it

  • Screenshots: processed in memory, retained at most 30 days for support purposes, then deleted.
  • Generated replies: kept while your account is active. Pro saved replies are kept until you delete them.
  • Account data: kept while your account is active. After closure, your account record is anonymized within 30 days; billing records are kept for the legally required tax-retention period (typically 6 years in Spain).
  • Server logs: rotated and deleted after 90 days unless a security incident requires longer retention.

5. Your rights

Under GDPR (if you are in the EU, EEA, or UK) and CCPA/CPRA (if you are in California), you have the following rights:

  • Access: request a copy of the personal data we hold about you.
  • Correction: ask us to fix anything inaccurate.
  • Deletion: ask us to delete your account and associated data (subject to tax-retention obligations on billing records).
  • Portability: request your data in a machine-readable format.
  • Objection: object to processing based on legitimate interest.
  • Withdraw consent: for any processing based on consent (such as marketing emails).
  • Lodge a complaint: with the Spanish data-protection authority (AEPD) or your local supervisory authority. We would prefer you contact us first so we can resolve it.

To exercise any of these rights, email hello@rizmo.app. We respond within 30 days.

6. International transfers

Rizmo's infrastructure is hosted in the EU. Some of our processors (Stripe, Anthropic) are based in the United States and process data there under standard contractual clauses or equivalent safeguards approved by EU authorities.

7. Security

We protect your data with transport encryption (HTTPS everywhere), access control, hashed passwords, and the principle of least privilege for internal systems. No system is perfectly secure; if we ever learn of a breach that affects your data, we will notify you and the relevant authorities as required by law.

8. Children

Rizmo is for users 18 and older. We do not knowingly collect data from anyone under 18. If you believe we have, contact us and we will delete it.

9. Cookies

See the Cookies Policy for what cookies and similar technologies we use, why, and how to disable them.

10. Changes to this policy

We may update this policy. The "Last updated" date at the top reflects the most recent change. For material changes affecting how we process your personal data, we will notify you by email before the change takes effect.

11. Contact

Privacy questions or requests: hello@rizmo.app.