Privacy Policy

Plain language on purpose. Last updated June 12, 2026.

The short version

We collect only what Riri needs to run your business workspace. Your business data belongs to you, your customers' and patients' data belongs to them, and we sell data to no one.

What we collect

Your account email and password (passwords are hashed — we never see them), the business information you enter, and the operational records your business creates: products, sales, bookings, customers, and — for clinics — patient records your staff enter.

Patient records are consent-first

Clinic patient records are designed around the Data Privacy Act of 2012 (RA 10173): consent is recorded before records are kept, edits are soft-deleted with a full audit trail, and access is limited to your clinic's own staff. Riri staff do not browse your records; access for support happens only with your permission.

Where your data lives

Your data is stored in a managed database in Singapore, isolated per business at the database level and encrypted in transit and at rest. The database is backed up before every system change.

Cookies

Riri uses only the cookies needed to keep you logged in. No advertising trackers, no third-party analytics cookies on the app.

Your rights

Export your data as CSV any time. Correct it inside the product. Leave and take it with you. If you want your workspace deleted, tell us and we will delete it, except where the law requires retention. For any privacy question, contact us and a real human will answer.

Changes

If this policy changes in a way that matters, we will tell you inside the product before it takes effect.