Privacy policy

This Privacy Policy explains what information Riffy may process when you use the website, create an account, purchase Riffy Pro, or use supported product features.

Riffy is designed with a local-first approach. That means many core music-practice features work with data stored on your own device. At the same time, some parts of the product, such as accounts, payments, analytics, and license activation, involve data processing outside your device.

1. Who we are

Riffy is a software product and private project operated by Bogdan Malizhev, FOP. In this policy, “Riffy”, “we”, “us”, and “our” refer to that operator acting through the Riffy product.

If you have privacy questions, you can contact us at support@riffy.app.

2. Information we may process

Depending on how you use Riffy, we may process the following categories of information.

Account information

If you create an account or sign in to use Pro-related features, we may process information such as:

  • your email address,
  • account credentials or authentication data,
  • account identifiers,
  • and basic account status information.

Purchase and transaction information

If you buy Riffy Pro, our payment provider and merchant of record, Paddle, may process billing and payment information in order to complete the transaction.

Riffy itself is not a separate company entity. It is the product through which Bogdan Malizhev, FOP offers the service, while Paddle handles the checkout transaction as merchant of record.

We may receive transaction-related details such as:

  • order or transaction IDs,
  • product or license information,
  • purchase status,
  • currency and pricing metadata,
  • refund status,
  • and limited customer details needed to support your purchase or activation.

We do not need your full payment card number to activate your Pro access, and we do not describe ourselves as storing full card details in this policy.

Usage and analytics information

We use Plausible Analytics for privacy-friendly website analytics. In its standard setup on our site, Plausible is intended to provide aggregate usage reporting without analytical cookies.

Analytics information may include:

  • pages viewed,
  • referring websites,
  • general browser, device, and language information,
  • approximate usage timing,
  • and similar non-profile-based website traffic information.

Local app and device-stored information

Many Riffy features work with information stored locally on your device or browser profile, such as:

  • audio files you choose to use,
  • loops, settings, and playback preferences,
  • local library indexes or metadata,
  • and device-specific app state.

As part of the core local-first experience, this information is generally intended to stay on your device unless a feature clearly requires network communication.

Support and communications

If you contact us, we may process the information you include in your message, such as your email address, purchase details, and the content of your support request.

Security and technical records

We may process technical and security-related information needed to operate the service, protect accounts, investigate abuse, and maintain reliability. This may include IP addresses, session data, device or browser metadata, and service logs.

3. How we use information

We may use information described above to:

  • provide and operate the website and supported product features,
  • create and manage accounts,
  • process purchases, activation, refunds, and license-related actions,
  • authenticate users and secure accounts,
  • understand general website usage and improve the product,
  • respond to support requests,
  • prevent fraud, abuse, and security incidents,
  • comply with legal obligations,
  • and enforce our Terms of Use.

4. What stays local

Riffy is not built around cloud syncing as a core product promise.

For many core music-practice workflows, your audio files and related working data remain local to your own device or browser profile. That means:

  • your library may be different on different devices,
  • deleting local data on one device may not affect another device,
  • and local files are generally controlled by you, not hosted by us as part of ordinary app usage.

However, “local-first” does not mean that no data is ever processed externally. Accounts, payments, analytics, and some security or licensing operations may still involve remote systems.

5. Cookies and similar technologies

We use a separate Cookie policy to explain this in more detail.

In short:

  • we use Plausible for standard website analytics in a cookie-free configuration,
  • account login, security, or session features may rely on necessary cookies or similar technologies,
  • and third-party checkout or payment flows, including Paddle, may use their own cookies or similar technologies when you interact with them.

6. When we share information

We do not sell your personal information in the ordinary sense of selling user lists or profiles for advertising.

We may share relevant information with:

  • Paddle, to process purchases, refunds, taxes, and transaction administration,
  • Plausible, to provide privacy-friendly website analytics,
  • service providers who help us operate account, hosting, licensing, security, customer support, or technical infrastructure,
  • advisers or counterparties involved in a merger, acquisition, restructuring, or similar business transaction,
  • and authorities or other parties when required by law or when reasonably necessary to protect rights, safety, and the service.

7. Retention

We keep information for as long as reasonably necessary for the purposes described in this policy, including to:

  • maintain accounts and licenses,
  • complete transactions and refunds,
  • provide support,
  • comply with legal, tax, accounting, or fraud-prevention obligations,
  • and resolve disputes or enforce agreements.

Locally stored files and settings remain under your control on your device until you remove them, subject to how the relevant app or browser stores data.

8. Security

We use reasonable measures intended to protect information we process, but no method of storage, transmission, or online system is perfectly secure.

You are also responsible for helping protect your own data by:

  • securing your devices,
  • keeping passwords and login links private,
  • maintaining backups of important files,
  • and using up-to-date software where possible.

9. Your choices and rights

Depending on where you live, you may have legal rights to request access, correction, deletion, restriction, portability, or objection in relation to personal data we hold about you.

You may also be able to:

  • manage local app data directly on your device,
  • control browser cookies and storage settings,
  • choose whether to create or keep an account,
  • and contact us about account, purchase, or privacy questions.

To make a privacy request, contact us at support@riffy.app.

10. Children’s privacy

Riffy is designed for musicians and general users, and is not primarily directed to young children.

If you believe a child has provided personal information to us in a way that should not have happened, please contact us so we can review the situation.

11. International processing

Riffy and its service providers may process information in countries other than your own. Where required by law, we will rely on appropriate safeguards for cross-border data transfers.

12. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in the product, our practices, or legal requirements.

When we do, we will update the “Last updated” date on this page. Your continued use of Riffy after the updated policy takes effect means you accept the revised version, to the extent permitted by law.

Last updated: April 7, 2026