Legal
Privacy Policy
The short version
- Riff works without an account — no email, no password, no name required.
- Your song library lives on your device. We keep a minimal backup copy of song details and cover art so your library survives, tied to an anonymous ID — never to your identity.
- To create music, your prompts, lyrics, images, and voice recordings are sent to our AI generation provider to produce your song.
- We use no advertising, no tracking, and no data brokers. We do not sell your personal information.
- You can delete everything from inside the app at any time.
This summary is for convenience only. The full policy below is what legally applies.
Contents
- Who we are
- No account required
- Information we collect
- Voice recordings & voice cloning
- How we use information
- AI processing & third parties
- How information is shared
- Where your data lives & security
- Retention & deleting your data
- Your privacy rights
- International transfers
- Children's privacy
- Changes to this policy
- How to contact us
1Who we are
Riff is an AI music-generation application for iPhone ("Riff," the "App," "we," "us," or "our"). Riff is operated by OneClick Commerce LLC (the "Company"). This Privacy Policy explains what information Riff handles, how we use it, and the choices and rights you have.
This policy applies to the Riff iOS app and the pages under our website. By downloading or using Riff, you acknowledge the practices described here. If you do not agree, please do not use the App.
2No account required
Riff does not ask you to sign up. You do not create a username and password, and you do not give us your email, phone number, or real name to use the App. When you first open Riff, the App creates an anonymous identifier that is stored on your device and used to keep your credits and subscription attached to you across launches. This identifier is not linked to your real-world identity, and we do not attempt to re-identify you from it.
Any display name, @username, or profile photo you set is optional and, by default, is stored only on your device — we do not receive it on our servers.
3Information we collect
a. Content you create with, and provide to, the App
- Prompts and creative inputs — the text descriptions, moods, genres, style tags, and lyrics you type or generate to make a song.
- Voice recordings — if you use voice features, the microphone recordings you make so a song can be sung in a voice you create (see Section 4).
- Images you choose — if you pick a photo from your library to use as cover art or a profile picture, that image is processed to create your cover or avatar.
- Songs and cover art generated for you — the finished audio, lyrics, and artwork Riff produces from your inputs.
b. Information stored to keep your library durable
So your library isn't lost if you change or reinstall, we store a minimal copy of your song details (such as title, lyrics, style description, tags, duration, and a reference ID) and your generated cover art on our backend, associated with your anonymous identifier — never with your name or email.
c. Purchases and subscriptions
When you buy a subscription, the transaction is processed by Apple through in-app purchase. We do not receive or store your credit-card number. We receive from Apple a signed receipt confirming your purchase so we can activate your subscription and grant credits. We also store your current credit balance associated with your anonymous identifier.
d. Information collected automatically
To operate and secure the service, we and our infrastructure providers process a limited amount of technical information, such as your anonymous identifier, app version, general request logs, and error/diagnostic signals. We use the Apple-provided app-privacy manifest and do not track you across other apps or websites.
4Voice recordings & voice cloning
Riff offers optional features that let you create a synthetic voice from short microphone recordings, so songs can be sung in that voice. Because voice data is sensitive, we treat it with particular care:
- Consent. Voice recording only happens when you actively choose to record and grant microphone permission. You can withdraw permission at any time in iOS Settings.
- Purpose. Your recordings are used solely to validate and create a synthetic voice model and to generate songs you request. We do not use your voice to identify you, to build advertising profiles, or for any purpose unrelated to the feature you asked for.
- Processing. Recordings are transmitted to our AI generation provider (see Section 6) to produce the voice model. A reference to your resulting voice is stored on your device so you can reuse it.
- Retention. We retain your voice recording and the derived voice model only as long as needed to provide the feature. Creating a new voice replaces the previous one, and deleting your data in the App removes the voice reference from your device. You may also email us to request deletion of any associated server-side data.
- Your responsibility. You may only create a synthetic voice from your own voice, or from a voice you have explicit permission to use. Cloning another person's voice without consent, or using synthetic voice to impersonate or deceive, is prohibited by our Terms of Use.
If you are located in a jurisdiction with specific biometric-privacy laws, note that we do not use voiceprints for identification and do not sell, lease, or trade voice data. Where such laws apply, this section serves as our notice of collection, purpose, and retention schedule for that data.
5How we use information
We use the information described above to:
- Generate the songs, lyrics, cover art, and voices you request;
- Keep your library durable and restore it across app launches and reinstalls;
- Track and apply your credits and subscription entitlements;
- Provide customer support and respond to your requests;
- Detect, prevent, and respond to abuse, fraud, security incidents, and violations of our Terms — including reviewing content that is reported to us;
- Maintain, debug, and improve the App; and
- Comply with law and enforce our agreements.
We rely on the following legal bases where required (e.g., under GDPR): performance of a contract (to provide the App you request), consent (e.g., microphone access and voice features), legitimate interests (to secure and improve the service and prevent abuse), and legal obligation.
6AI processing & the third parties who help run Riff
Riff itself does not build the underlying generative models. To create your content and run the service, we share the minimum necessary information with the service providers below, who act on our behalf and are bound to use it only to provide their services to us:
| Provider | Role | What it processes |
|---|---|---|
| Kie (Kie.ai) | AI generation of music, lyrics, cover images, and synthetic voice | Your prompts, lyrics, style inputs, uploaded images, and voice recordings — sent through our secure server-side proxy to produce your requested output |
| Supabase | Backend infrastructure: anonymous authentication, database, and file storage | Your anonymous identifier, song details, generated cover art, credit balance, and content reports |
| Apple | App distribution and in-app purchases | Payment processing and subscription receipts (we never see your card details) |
Each provider maintains its own privacy and security practices. We take reasonable steps to ensure these providers protect your information consistently with this policy. We do not permit them to use your information for their own independent purposes such as advertising.
7How your information is shared
We do not sell your personal information, and we do not share it for cross-context behavioral advertising. We disclose information only as follows:
- Service providers — the vendors in Section 6, acting on our instructions.
- Legal and safety — when we believe in good faith that disclosure is required by law, legal process, or to protect the rights, safety, or property of Riff, our users, or the public.
- Business transfers — in connection with a merger, acquisition, financing, or sale of assets, subject to this policy.
- With your direction — when you choose to export or share a song you created (for example, saving to Files or sharing to another app), that action is under your control.
8Where your data lives & security
Your primary library is stored locally on your device. The limited backup information described in Section 3 is stored with our backend provider. We protect information in transit using industry-standard encryption (HTTPS/TLS), route all AI requests through a secured server-side proxy so third-party keys never ship inside the App, and apply access controls scoped to your anonymous identifier.
No method of transmission or storage is 100% secure, and we cannot guarantee absolute security. You are responsible for protecting the device on which your Riff library is stored.
9Retention & deleting your data
We keep information only as long as needed for the purposes in this policy, to comply with legal obligations, resolve disputes, and enforce our agreements.
You are in control. Inside the App, go to Settings → Privacy & Data → Delete My Data to erase your local library and profile and start a fresh anonymous account. If you would like us to delete backup information associated with your anonymous identifier, or any voice data, email us at hey@theriff.app and we will act on your request as required by applicable law.
Note: deleting your data does not cancel a paid subscription. Subscriptions are managed through Apple (see the Terms of Use).
10Your privacy rights
Depending on where you live, you may have rights to access, correct, delete, or receive a copy of your personal information, to object to or restrict certain processing, and to withdraw consent. Because Riff is designed to operate anonymously, we often hold no information that identifies you personally; where that is the case, we may be unable to associate a request with a specific person, and we may ask you to exercise your controls directly in the App.
United States (including California)
We do not sell or share personal information as those terms are defined under the California Consumer Privacy Act (CCPA/CPRA) or similar state laws, and we do not use sensitive personal information (such as voice data) for purposes requiring a right to limit. California residents and residents of other U.S. states with privacy laws may request access or deletion and will not be discriminated against for exercising these rights.
EEA / UK
If you are in the European Economic Area or the United Kingdom, you may exercise the GDPR rights described above and have the right to lodge a complaint with your local supervisory authority.
To exercise any right, contact us at hey@theriff.app. We may need to verify your request to the extent possible given the App's anonymous design.
11International data transfers
We and our service providers may process information in the United States and other countries where our providers operate. These countries may have data-protection laws that differ from those in your country. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses) for international transfers.
12Children's privacy
Riff is not directed to children under 13 (or the minimum age of digital consent in your country), and we do not knowingly collect personal information from them. If you believe a child has provided us information, contact us and we will delete it. The App is rated and offered consistent with the App Store age rating shown on its product page.
13Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date above and, for material changes, provide a more prominent notice in the App or on this page. Your continued use of Riff after an update means you accept the revised policy.
14How to contact us
Questions, requests, or concerns about privacy? Contact us at:
Riff — OneClick Commerce LLC
Email: hey@theriff.app
