We collect only what's necessary to run the service. We don't sell your data. We don't share it with advertisers. We delete most of it automatically.
1. Information We Collect
Account Information
- Email address - For account creation, login, and service communications
- Password - Stored securely by AWS Cognito (we never see or store plaintext passwords)
Payment Information
- Billing details - Processed and stored by Stripe; we only receive confirmation of successful payments
- Transaction records - Amount, date, and credit balance changes (kept permanently for accounting)
Service Usage Data
- Job requests - URLs you submit, job status, execution metrics, timestamps
- API keys - Hashed with scrypt; plaintext shown once at creation, never stored or recoverable
- Artifacts - Screenshots, HAR files, and other outputs (automatically deleted after 24 hours)
Technical Data
- IP addresses - Logged for security and rate limiting
- Request logs - API calls, timestamps, response codes
- CloudFront access logs - Used for bandwidth billing, then archived
Sensitive Data You Provide
- Headers, cookies, localStorage - If you provide these for authenticated screenshots, they're stored temporarily (maximum 10 minutes) and deleted after the job runs
- Custom scripts - Playwright code you submit is executed and not retained after job completion
2. How We Use Your Information
We use your information to:
- Provide the service - Execute your screenshot and automation jobs
- Process payments - Charge for credits and track your balance
- Maintain security - Detect abuse, prevent fraud, enforce rate limits
- Send service communications - Account confirmations, billing receipts, security alerts
- Improve the service - Aggregate usage analytics (not tied to individual users)
- Comply with legal obligations - Respond to lawful requests, maintain required records
3. What We Don't Do
- We don't sell your data - Not to advertisers, data brokers, or anyone else
- We don't share data for marketing - No third-party marketing access
- We don't track you across the web - No cookies for advertising purposes
- We don't read your screenshots - Artifacts are yours; we don't analyze their content
- We don't store payment card details - Stripe handles all card processing
4. Data Retention
| Data Type | Retention Period |
|---|---|
| Artifacts (screenshots, files) | 24 hours (auto-deleted) |
| Sensitive data (headers, cookies) | 10 minutes maximum |
| Job records | Retained for billing/disputes |
| Billing ledger | Permanent (legal requirement) |
| Account information | Until account deletion |
| Server logs | 90 days |
5. Data Sharing
We share data only with:
Service Providers
- AWS - Cloud infrastructure (compute, storage, databases)
- Stripe - Payment processing
- Cognito - Authentication
These providers process data on our behalf under contractual obligations to protect it.
Legal Requirements
We may disclose information if required by law, court order, or government request. We'll notify you if legally permitted.
Business Transfers
If Riddle is acquired or merged, your data may transfer to the new owner under the same privacy protections.
6. Data Security
We protect your data with:
- Encryption in transit - All connections use HTTPS/TLS
- Encryption at rest - Data stored encrypted on AWS
- Access controls - Strict internal access policies
- API key hashing - Keys stored with scrypt, never in plaintext
- Automatic deletion - Sensitive data and artifacts purged on schedule
No system is 100% secure. If we discover a breach affecting your data, we'll notify you promptly.
7. Your Rights
Depending on your location, you may have rights to:
- Access your personal data
- Correct inaccurate data
- Delete your account and associated data
- Export your data in a portable format
- Object to certain processing
- Withdraw consent where processing is based on consent
To exercise these rights, email support@riddledc.com.
California Residents (CCPA)
You have the right to know what personal information we collect, request deletion, and opt out of sales (we don't sell data, so there's nothing to opt out of).
European Residents (GDPR)
Our lawful basis for processing is contract performance (providing the service you signed up for) and legitimate interests (security, fraud prevention). You may contact us about data protection concerns or lodge a complaint with your supervisory authority.
8. Cookies
We use minimal cookies:
- Authentication cookies - To keep you logged in (essential)
- Session cookies - To maintain your session state (essential)
We don't use advertising cookies, third-party tracking cookies, or analytics cookies that identify individuals.
9. Children's Privacy
Riddle is not intended for users under 18. We don't knowingly collect data from children. If you believe a child has provided us data, contact support@riddledc.com and we'll delete it.
10. International Data Transfers
Our servers are in the United States. By using the service, you consent to data transfer to the US. We rely on standard contractual clauses and AWS's compliance certifications for lawful transfers.
11. Changes to This Policy
We may update this policy. For significant changes, we'll notify you by email or prominent notice on the website. Continued use after changes constitutes acceptance.
12. Contact
Questions about this privacy policy?
Email: support@riddledc.com
Website: https://riddledc.com