Riffriff

Legal

Privacy Policy

Effective date: July 5, 2026  ·  Last updated: July 5, 2026

The short version

This summary is for convenience only. The full policy below is what legally applies.

Contents

  1. Who we are
  2. No account required
  3. Information we collect
  4. Voice recordings & voice cloning
  5. How we use information
  6. AI processing & third parties
  7. How information is shared
  8. Where your data lives & security
  9. Retention & deleting your data
  10. Your privacy rights
  11. International transfers
  12. Children's privacy
  13. Changes to this policy
  14. How to contact us

1Who we are

Riff is an AI music-generation application for iPhone ("Riff," the "App," "we," "us," or "our"). Riff is operated by OneClick Commerce LLC (the "Company"). This Privacy Policy explains what information Riff handles, how we use it, and the choices and rights you have.

This policy applies to the Riff iOS app and the pages under our website. By downloading or using Riff, you acknowledge the practices described here. If you do not agree, please do not use the App.

2No account required

Riff does not ask you to sign up. You do not create a username and password, and you do not give us your email, phone number, or real name to use the App. When you first open Riff, the App creates an anonymous identifier that is stored on your device and used to keep your credits and subscription attached to you across launches. This identifier is not linked to your real-world identity, and we do not attempt to re-identify you from it.

Any display name, @username, or profile photo you set is optional and, by default, is stored only on your device — we do not receive it on our servers.

3Information we collect

a. Content you create with, and provide to, the App

b. Information stored to keep your library durable

So your library isn't lost if you change or reinstall, we store a minimal copy of your song details (such as title, lyrics, style description, tags, duration, and a reference ID) and your generated cover art on our backend, associated with your anonymous identifier — never with your name or email.

c. Purchases and subscriptions

When you buy a subscription, the transaction is processed by Apple through in-app purchase. We do not receive or store your credit-card number. We receive from Apple a signed receipt confirming your purchase so we can activate your subscription and grant credits. We also store your current credit balance associated with your anonymous identifier.

d. Information collected automatically

To operate and secure the service, we and our infrastructure providers process a limited amount of technical information, such as your anonymous identifier, app version, general request logs, and error/diagnostic signals. We use the Apple-provided app-privacy manifest and do not track you across other apps or websites.

What we do not collect: We do not collect your contacts, precise location, browsing history on other apps, or advertising identifiers. Riff contains no third-party advertising SDKs and no analytics trackers that identify you, and we do not buy or sell personal information.

4Voice recordings & voice cloning

Riff offers optional features that let you create a synthetic voice from short microphone recordings, so songs can be sung in that voice. Because voice data is sensitive, we treat it with particular care:

If you are located in a jurisdiction with specific biometric-privacy laws, note that we do not use voiceprints for identification and do not sell, lease, or trade voice data. Where such laws apply, this section serves as our notice of collection, purpose, and retention schedule for that data.

5How we use information

We use the information described above to:

We rely on the following legal bases where required (e.g., under GDPR): performance of a contract (to provide the App you request), consent (e.g., microphone access and voice features), legitimate interests (to secure and improve the service and prevent abuse), and legal obligation.

6AI processing & the third parties who help run Riff

Riff itself does not build the underlying generative models. To create your content and run the service, we share the minimum necessary information with the service providers below, who act on our behalf and are bound to use it only to provide their services to us:

ProviderRoleWhat it processes
Kie (Kie.ai)AI generation of music, lyrics, cover images, and synthetic voiceYour prompts, lyrics, style inputs, uploaded images, and voice recordings — sent through our secure server-side proxy to produce your requested output
SupabaseBackend infrastructure: anonymous authentication, database, and file storageYour anonymous identifier, song details, generated cover art, credit balance, and content reports
AppleApp distribution and in-app purchasesPayment processing and subscription receipts (we never see your card details)

Each provider maintains its own privacy and security practices. We take reasonable steps to ensure these providers protect your information consistently with this policy. We do not permit them to use your information for their own independent purposes such as advertising.

7How your information is shared

We do not sell your personal information, and we do not share it for cross-context behavioral advertising. We disclose information only as follows:

8Where your data lives & security

Your primary library is stored locally on your device. The limited backup information described in Section 3 is stored with our backend provider. We protect information in transit using industry-standard encryption (HTTPS/TLS), route all AI requests through a secured server-side proxy so third-party keys never ship inside the App, and apply access controls scoped to your anonymous identifier.

No method of transmission or storage is 100% secure, and we cannot guarantee absolute security. You are responsible for protecting the device on which your Riff library is stored.

9Retention & deleting your data

We keep information only as long as needed for the purposes in this policy, to comply with legal obligations, resolve disputes, and enforce our agreements.

You are in control. Inside the App, go to Settings → Privacy & Data → Delete My Data to erase your local library and profile and start a fresh anonymous account. If you would like us to delete backup information associated with your anonymous identifier, or any voice data, email us at hey@theriff.app and we will act on your request as required by applicable law.

Note: deleting your data does not cancel a paid subscription. Subscriptions are managed through Apple (see the Terms of Use).

10Your privacy rights

Depending on where you live, you may have rights to access, correct, delete, or receive a copy of your personal information, to object to or restrict certain processing, and to withdraw consent. Because Riff is designed to operate anonymously, we often hold no information that identifies you personally; where that is the case, we may be unable to associate a request with a specific person, and we may ask you to exercise your controls directly in the App.

United States (including California)

We do not sell or share personal information as those terms are defined under the California Consumer Privacy Act (CCPA/CPRA) or similar state laws, and we do not use sensitive personal information (such as voice data) for purposes requiring a right to limit. California residents and residents of other U.S. states with privacy laws may request access or deletion and will not be discriminated against for exercising these rights.

EEA / UK

If you are in the European Economic Area or the United Kingdom, you may exercise the GDPR rights described above and have the right to lodge a complaint with your local supervisory authority.

To exercise any right, contact us at hey@theriff.app. We may need to verify your request to the extent possible given the App's anonymous design.

11International data transfers

We and our service providers may process information in the United States and other countries where our providers operate. These countries may have data-protection laws that differ from those in your country. Where required, we rely on appropriate safeguards (such as Standard Contractual Clauses) for international transfers.

12Children's privacy

Riff is not directed to children under 13 (or the minimum age of digital consent in your country), and we do not knowingly collect personal information from them. If you believe a child has provided us information, contact us and we will delete it. The App is rated and offered consistent with the App Store age rating shown on its product page.

13Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date above and, for material changes, provide a more prominent notice in the App or on this page. Your continued use of Riff after an update means you accept the revised policy.

14How to contact us

Questions, requests, or concerns about privacy? Contact us at:

Riff — OneClick Commerce LLC
Email: hey@theriff.app