Logo

Rivveo Privacy Policy

Last Updated: April 26, 2025

1. Introduction

Axamattic Limited ("we", "us", "our", or "Axamattic") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Rivveo design and prototyping service, including any related websites, applications, or services (collectively, the "Services").

Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access the Services. By accessing or using our Services, you consent to the collection, use, and disclosure of information in accordance with this Privacy Policy.

We are a data controller for the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Our registered office is at 4th Floor, Silverstream House, 45 Fitzroy Street, Fitzrovia, London, England, W1T 6EB. Our company registration number is 15570389.

2. Information We Collect

2.1 Personal Information

We may collect personally identifiable information, such as:

  • Name
  • Email address
  • Billing address
  • Payment information (processed securely through our payment processors)
  • Company information (for business accounts)
  • IP address and other device identifiers
  • Usage data

2.2 Non-Personal Information

We may also collect non-personal information that does not directly identify you, including:

  • Browser type
  • Operating system
  • Device information
  • Usage patterns
  • Time spent on pages
  • Links clicked
  • Preferences

2.3 User Content

We collect and store the content you create, upload, or receive from others when using our Services. This includes designs, prototypes, code, and any other materials you create or upload when using our Services.

2.4 AI-Related Data

When you use features powered by AWS Bedrock and Claude Sonnet 3.5, we may collect:

  • Queries or prompts you submit to the AI service
  • Results generated by the AI service
  • Feedback you provide about AI-generated results

3. How We Collect Information

3.1 Direct Collection

We collect information directly from you when you:

  • Register for an account
  • Use our Services
  • Make a purchase
  • Contact customer support
  • Complete forms or surveys
  • Participate in promotions

3.2 Automated Collection

We also collect certain information automatically through:

  • Cookies and similar technologies
  • Server logs
  • Analytics tools
  • Application usage tracking

3.3 Third-Party Sources

We may receive information from third-party sources, such as:

  • Business partners
  • Payment processors
  • Analytics providers
  • Authentication services

4. How We Use Your Information

We use the collected information for various purposes, including to:

  • Provide, maintain, and improve our Services
  • Process and complete transactions
  • Send transactional messages, including confirmations, invoices, technical notices, updates, security alerts, and support messages
  • Respond to comments, questions, and requests and provide customer service
  • Communicate with you about products, services, offers, promotions, and events, and provide news and information we think will be of interest to you
  • Monitor and analyze trends, usage, and activities in connection with our Services
  • Detect, investigate, and prevent security incidents and other malicious, deceptive, fraudulent, or illegal activity
  • Debug to identify and repair errors in our Services
  • Personalize and improve the Services, including providing or recommending features, content, and advertisements
  • Facilitate AI-powered features through our integration with AWS
  • Carry out any other purpose described to you at the time the information was collected

5. Legal Basis for Processing

Under the UK GDPR, we process your personal information based on one or more of the following legal bases:

5.1 Performance of a Contract

Processing is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into a contract (e.g., when we provide our Services to you).

5.2 Legitimate Interests

Processing is necessary for our legitimate interests or the legitimate interests of a third party, provided these interests are not outweighed by your rights and interests (e.g., improving and ensuring the security of our Services).

5.3 Compliance with Legal Obligations

Processing is necessary for compliance with a legal obligation to which we are subject (e.g., responding to legal requests from authorities).

5.4 Consent

You have given consent to the processing of your personal information for one or more specific purposes (e.g., marketing communications). Where we rely on consent, you have the right to withdraw it at any time.

6. Information Sharing and Disclosure

6.1 With Your Consent

We may share your information with third parties when you have consented to such disclosure.

6.2 Service Providers

We may share your information with third-party vendors, consultants, and other service providers who perform services on our behalf, such as:

  • Payment processing
  • Data analysis
  • Email delivery
  • Hosting services
  • Customer service

6.3 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of company assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

6.4 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).

6.5 Protection of Rights

We may disclose your information to protect the safety, rights, property, or security of Axamattic, the Services, any third party, or the general public; to detect, prevent, or otherwise address fraud, security, or technical issues; to prevent or stop any activity we consider illegal, unethical, or legally actionable; or to prevent or stop any activity that may cause harm or risk to Axamattic, our users, or others.

6.6 Aggregated or De-identified Data

We may share aggregated or de-identified information, which cannot reasonably be used to identify you, with third parties for research, marketing, analytics and other purposes.

7. Data Retention

We retain personal information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, or to resolve disputes.

When determining the appropriate retention period, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process the personal information, and whether we can achieve those purposes through other means, as well as applicable legal requirements.

In some circumstances, we may anonymize your personal information (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

After account termination, we will retain your data for a period of 90 days, after which it may be permanently deleted.

8. Data Security

We have implemented appropriate technical and organizational measures to protect the security of your personal information. However, please be aware that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

Your account information is protected by a password. It is important that you keep your password secure. Do not share your password with anyone. We will never ask for your password via email, phone, or text. If you believe your password has been compromised, please change it immediately and contact us.

9. Data Storage and International Transfers

Your information is stored on servers located in the United Kingdom. However, due to the global nature of our business, we may need to transfer your personal information to other countries, including countries outside the UK or the European Economic Area (EEA).

When we transfer personal information outside the UK or EEA, we ensure a similar degree of protection is afforded to it by implementing appropriate safeguards, such as:

  • Using specific contracts approved by the UK Information Commissioner that give personal data the same protection it has in the UK (known as the "International Data Transfer Agreement" or "IDTA")
  • Transferring data to countries that have been deemed to provide an adequate level of protection for personal data by the UK government
  • Where we use providers based in the US, we may transfer data to them if they are part of the UK Extension to the EU-U.S. Data Privacy Framework

10. Cookies and Tracking Technologies

We and our third-party partners use cookies and similar tracking technologies to track activity on our Services and to hold certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier.

We use the following types of cookies:

  • Essential Cookies: Necessary for the Services to function and cannot be switched off.
  • Performance/Analytics Cookies: Allow us to recognize and count visitors and see how they move around our website.
  • Functionality Cookies: Recognize you when you return to our Services and enable us to personalize content for you.
  • Targeting Cookies: Record your visit to our Services, the pages you visit, and the links you follow.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Services.

11. Your Rights

Depending on your location, you may have certain rights regarding your personal information. Under the UK GDPR, you have the following rights:

  • Right to Access: You have the right to request a copy of the personal information we hold about you.
  • Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal information we hold about you.
  • Right to Erasure: You have the right to request that we delete your personal information in certain circumstances.
  • Right to Restrict Processing: You have the right to request that we restrict the processing of your personal information in certain circumstances.
  • Right to Data Portability: You have the right to request that we provide you with a copy of your personal information in a structured, commonly used, machine-readable format.
  • Right to Object: You have the right to object to our processing of your personal information in certain circumstances.
  • Right to Not Be Subject to Automated Decision-making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

To exercise any of these rights, please contact us using the details provided in the "Contact Information" section below. We may need to request specific information from you to help us confirm your identity.

12. Children's Privacy

Our Services are not intended for use by children under the age of 18, and we do not knowingly collect personal information from children under 18. If we learn we have collected or received personal information from a child under 18 without verification of parental consent, we will delete that information.

13. AI Integration Specifics

Our Services integrate with AWS

  • Your prompts and inputs to these AI models may be processed by AWS and Anthropic
  • Your data may be used to improve the AI models in accordance with AWS Bedrock and Anthropic's terms of service

14. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top. If we make material changes to this Privacy Policy, we will notify you either through the email address you have provided us or by placing a prominent notice on our website.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

15. Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this Privacy Policy. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact our DPO using the details provided below.

16. Contact Information

Axamattic Limited
4th Floor, Silverstream House
45 Fitzroy Street, Fitzrovia
London, England
W1T 6EB

Email: privacy@rivveo.com

If you have any questions or concerns about our Privacy Policy or data practices, please contact us at the email above.