Before we jump into the legalese, let's discuss the info we collect and what we use it for:
The bot lets you collaborate on documents, so we use name/avatar to help you see who edited what.
Email is so we can contact you if we update privacy policy. We're not opt'ing you into our mailing list.
We want to know what servers/workspaces you're in case you create content in one place and then try to access it on the web. With this list, we can just log you in; otherwise we have to do the google docs thing where it says you don't have access, even though you do, but you're looking at it from the wrong account.
For Discord, we collect role info for permissions, so you can add an editor role and only let them modify content. Similarly for Slack, we use workspace roles and channel permissions to manage access control.
1. Introduction
Riff Raff ("we", "our", or "us") is an AI-powered workflow that leverages Slack and Discord, designed to help teams work faster together by replacing the need for separate Notion and ChatGPT applications. At Riff Raff, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, share, and protect your data when you use our service.
2. Information We Collect
As an AI-powered workflow that integrates with Slack and Discord, Riff Raff may collect and process various types of information:
a) Personal Information:
- Slack user profile data (such as name, email address, and profile picture) as permitted by Slack's API
- Discord user profile data (such as username, discriminator, avatar, and email address) as permitted by Discord's API
- Any additional information you provide while interacting with Riff Raff
b) Workspace/Server Information:
- Slack workspace data, including channel names and member lists
- Discord server data, including channel names, member lists, and role information
- Necessary permissions and access controls for Riff Raff's functionality
c) Content and Communications:
- Messages, files, and other content shared within Slack or Discord that you choose to process through Riff Raff
- Your interactions and queries with the Riff Raff AI
d) Usage Data:
- Information about how you use Riff Raff, including frequency of use, features accessed, and performance data
e) Log Data:
- Automatically generated log files, which may include IP addresses, browser type, operating system, and other technical details
f) Cookies and Similar Technologies:
- Riff Raff may use cookies or similar tracking technologies to enhance user experience and collect usage information
Please note that while Riff Raff processes information from your Slack workspace and Discord servers, it does so in accordance with the permissions granted by your workspace/server administrators and individual user settings.
Important Note on Message Privacy: We do not read or store messages sent in your Slack workspace or Discord servers, with the following exceptions:
- The slash commands used to invoke Riff Raff
- Messages sent in the channels created by our service
- Direct messages (DMs) sent to our Riff Raff bot
[Previous sections 1-2 remain the same]
3. How We Use Your Information
At Riff Raff, we use the information we collect for the following purposes:
a) Service Provision and Improvement:
- To provide, maintain, and enhance our AI-powered workflow service across both Slack and Discord
- To process and respond to your queries, commands, and interactions with our bot
- To manage permissions and access controls based on Slack workspace roles and Discord server roles
b) Personalization:
- To tailor your experience within the Riff Raff workflow
- To improve the relevance and effectiveness of our AI-powered responses
- To maintain consistent user experiences across both Slack and Discord platforms
c) Analysis and Enhancement:
- To analyze usage patterns and trends to improve our service functionality and performance
- To identify and fix technical issues and improve user experience
- To optimize cross-platform integration and functionality
d) Security and Compliance:
- To ensure the security and integrity of our service
- To detect, prevent, and address technical issues or potential misuse of our service
- To verify proper authorization levels across both platforms
e) Communication:
- To send you important notifications about our service, including updates, changes to our terms or privacy policy, and security alerts
- To maintain service-related communications across both Slack and Discord
f) Legal Compliance:
- To comply with legal obligations and respond to lawful requests from public authorities
Important Note on AI Models: While we do not use your data for training our own AI models, Riff Raff utilizes commercial AI models provided by third parties such as OpenAI, Anthropic, and Google. These third-party providers may use data processed through their models for their own purposes, including model improvement. We encourage you to review the privacy policies of these providers for more information on their data practices.
Legal Bases for Processing (GDPR): Under the General Data Protection Regulation (GDPR), the legal bases for processing your information include:
- Performance of a contract when we provide you with our service
- Legitimate interests in operating and improving our service
- Compliance with legal obligations
- Consent, where you have explicitly provided it
California Consumer Privacy Act (CCPA) Compliance: If you are a California resident, you have specific rights regarding your personal information under the CCPA. Please refer to the "Your Rights and Choices" section for more details.
4. Information Sharing and Disclosure
At Riff Raff, we are committed to protecting your privacy and only share your information in limited circumstances. Here's how and when we may share your information:
a) Anonymized Data Storage and Analysis:
- We store AI prompts and results in our database, with our analytics provider, and with our testing provider
- Important: This data is anonymized before storage, ensuring that it is not personally identifiable
- Platform-specific identifiers (such as Slack workspace IDs or Discord server IDs) are handled with particular care to maintain anonymity
b) Service Providers:
- We may share your information with third-party service providers who perform services on our behalf, such as hosting, data analysis, payment processing, and customer service
- These service providers are obligated to protect your information and may only use it for the specific purposes we've contracted them for
- This includes necessary integrations with Slack and Discord's APIs and services
c) Third-Party AI Model Providers:
- As mentioned earlier, we use commercial AI models from providers such as OpenAI, Anthropic, and Google
- While we do not share your personal information with these providers, the content of your interactions may be processed through their models
d) Legal Requirements:
- We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency)
e) Business Transfers:
- If Riff Raff is involved in a merger, acquisition, or sale of all or a portion of its assets, your information may be transferred as part of that transaction
- We will notify you via email and/or a prominent notice on our website of any change in ownership or uses of your personal information
f) With Your Consent:
- We may share your information with third parties when we have your consent to do so
g) Protection of Rights and Safety:
- We reserve the right to disclose your information when we believe that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request
We do not sell your personal information to third parties.
Data Retention: We retain anonymized AI prompts and results for analysis and service improvement purposes. Personal information is retained only for as long as necessary to fulfill the purposes outlined in this privacy policy, unless a longer retention period is required or permitted by law.
5. Data Security
At Riff Raff, we take the security of your data seriously and implement reasonable measures to protect your information from unauthorized access, alteration, disclosure, or destruction. Our approach to data security includes:
a) Standard Security Practices:
- We employ industry-standard security measures to protect your data
- This includes using secure protocols for data transmission and storage where appropriate
- We maintain secure integrations with both Slack and Discord's APIs following their security best practices
b) Access Controls:
- We limit access to your information to those employees and contractors who need it to perform their job functions
- We implement role-based access control for both Slack workspaces and Discord servers
- We respect and maintain the permission structures set up by workspace and server administrators
c) Platform-Specific Security:
- We adhere to Slack and Discord's security requirements and best practices
- We regularly update our integrations to maintain compliance with platform-specific security standards
- We implement additional security measures for cross-platform data handling
d) Ongoing Vigilance:
- We regularly review our data collection, storage, and processing practices to guard against unauthorized access
- We monitor for potential security issues across both platforms
- We maintain security protocols for cross-platform data synchronization
e) User Role:
- While we take reasonable steps to secure your data, the security of your account also depends on you keeping your login credentials confidential
- Please do not share your passwords or authentication tokens for either platform
- We recommend following security best practices for both Slack and Discord accounts
f) Third-Party Platforms:
- Remember that we operate on both the Slack and Discord platforms and use third-party AI services
- The security of these platforms is crucial to the overall security of your data
- We recommend reviewing the security practices of both platforms
g) No Guarantee:
- Despite our efforts, no method of electronic storage or transmission over the internet is 100% secure
- While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security
h) Notification of Breaches:
- In the event of a data breach that affects your personal information, we will notify you in compliance with applicable laws
- We maintain incident response plans for both platforms
We encourage users to contact us immediately if they become aware of any security issues or unauthorized access to their account on either platform.
[Previous sections 1-5 remain the same]
6. Your Rights and Choices
At Riff Raff, we respect your rights regarding your personal information. We are committed to providing you with control over your data in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
Your Rights: Depending on your location, you may have the following rights regarding your personal information:
a) Right to Access:
- You can request information about the personal data we hold about you
- This includes data from both your Slack and Discord integrations
- We'll provide a comprehensive report of your cross-platform data
b) Right to Rectification:
- You can request that we correct any inaccurate or incomplete personal information
- This applies to profile information synced from both platforms
- We'll ensure corrections are properly synchronized across services
c) Right to Erasure:
- You can request that we delete your personal information under certain circumstances
- This includes removal from both Slack and Discord integrations
- We'll ensure complete removal across all platforms and services
d) Right to Restrict Processing:
- You can request that we limit the processing of your personal information
- This can be platform-specific or apply to all integrations
- We'll honor your preferences across all services
e) Right to Data Portability:
- You can request a copy of your personal information in a machine-readable format
- We'll provide data from both Slack and Discord integrations
- Data will be organized to clearly indicate its source platform
f) Right to Object:
- You can object to our processing of your personal information
- This can be specific to either platform or apply to all services
- We'll respect your preferences across all integrations
g) Rights Related to Automated Decision-making:
- You can request human intervention in automated decision-making processes
- This applies to AI-powered features across both platforms
- We'll ensure consistent handling of your preferences
Additional Rights for California Residents (CCPA):
- Right to Know: You can request information about your personal information across all platforms
- Right to Equal Services and Prices: We will not discriminate against you for exercising any of your CCPA rights
How to Exercise Your Rights:
- Contact us at privacy@riffraff.ai
- Specify which platform(s) your request relates to
- We will respond within the timeframe required by applicable law
Please note:
- We may need to verify your identity on both platforms before processing your request
- In some cases, we may not be able to fully comply with your request
- We will inform you of any limitations that apply
7. Children's Privacy
Riff Raff is designed for use by individuals who are at least 18 years old. We do not knowingly collect or solicit personal information from anyone under the age of 18. By using Riff Raff, you represent that you are at least 18 years old.
Our Policy:
a) Age Restriction:
- Riff Raff is available only to users who are 18 years of age or older
- This applies to both Slack and Discord integrations
b) No Targeting of Minors:
- Our service is not directed at children under 18
- We do not knowingly collect personal information from individuals under 18
- This policy applies across all platforms and integrations
c) User-Generated Content:
- As a collaborative editor, Riff Raff enables users to create and share content
- We are not responsible for user-generated content on either platform
- This includes any content that may be inappropriate for or directed at minors
d) Discovery of Underage Users:
- If we become aware of an underage user on either platform, we will:
- Remove their information from our servers
- Disable their access to our service
- Notify the relevant platform administrators
e) Parental Guidance:
- We encourage parents and guardians to monitor their children's Internet usage
- This includes supervision of both Slack and Discord activities
- Parents should ensure children do not provide personal information through our service
f) Reporting:
- If you believe we might have information from or about a child under 18:
- Contact us at privacy@riffraff.ai
- Specify the platform where you noticed the potential issue
- We will investigate and take appropriate action
8. Changes to This Privacy Policy
We reserve the right to update or modify this Privacy Policy at any time. When we make changes to this Privacy Policy, we will:
a) Notification Process:
- Notify all users via email about the changes
- Send notifications through both Slack and Discord where applicable
- Provide a summary of key changes
b) Update Documentation:
- Update the "Effective Date" at the bottom of this Privacy Policy
- Maintain a changelog of significant modifications
- Make the revised Privacy Policy available through our service
c) User Action Required:
- Your continued use of Riff Raff after we send a notice about our changes to the Privacy Policy means that you consent to the updated Privacy Policy
- This applies to your use of our service on both Slack and Discord
- We encourage you to review this Privacy Policy periodically
9. Contact Information
If you have any questions, concerns, or requests related to this Privacy Policy or our privacy practices, please contact us at:
Email: privacy@riffraff.ai
When contacting us, please:
- Specify which platform(s) your inquiry relates to (Slack, Discord, or both)
- Include relevant account information for faster assistance
- Provide details about any specific concerns or requests
We will make every effort to respond to your inquiry in a timely manner.
10. Effective Date
This Privacy Policy is effective as of 9/14/24.
Last Modified: 11/13/24