Privacy Policy
Last updated: February 17, 2026
This Privacy Policy describes how Ricorda (“Company”, “we”, “us”, or “our”) collects, uses, and protects your personal information when you use the Ricorda platform, website, and related services (collectively, the “Service”).
By using the Service, you agree to the collection and use of information as described in this Privacy Policy.
1. Information We Collect
Information You Provide
When you sign up for or use the Service, we collect:
- Account information: Your name, email address, phone number, and business name
- Business information: Your Google Business Profile details (business name, Place ID, review link)
- Customer information: Names and phone numbers (and optionally email addresses) of your customers, provided by you for the purpose of sending review requests on your behalf
- Payment information: Billing details processed securely through Stripe. We do not store your full credit card number on our servers.
- Communications: Messages you send to us via email, SMS, or the contact form on our website
Information Collected Automatically
When you visit our website or use the Service, we automatically collect:
- Usage data: Pages visited, features used, actions taken within the Service
- Device information: Browser type, operating system, device type, IP address
- Analytics data: Aggregated website traffic and usage patterns, collected via Google Analytics and Vercel Analytics
- Cookies: We use essential cookies to maintain your session and preferences. See Section 6 for details.
Information from Third Parties
- Twilio: Delivery status of SMS and WhatsApp messages sent through the Service
- Google: Publicly available review data from your Google Business Profile
- Stripe: Payment confirmation and subscription status
2. How We Use Your Information
We use the information we collect to:
- Provide the Service: Send review requests, follow-ups, and thank-you messages to your customers on your behalf
- Process payments: Manage your subscription and billing through Stripe
- Improve the Service: Analyze usage patterns to fix bugs, improve features, and develop new functionality
- Communicate with you: Send account-related notifications, respond to support requests, and provide service updates
- Comply with legal obligations: Maintain records as required by applicable law
We do not use your information to:
- Sell or rent your personal data or your customers’ data to third parties
- Send marketing messages to your customers on our own behalf
- Build profiles of your customers for advertising purposes
3. How We Share Your Information
We share your information only in the following circumstances:
Service Providers
We use trusted third-party services to operate the Service:
| Provider | Purpose | Data Shared |
|---|---|---|
| Twilio | SMS and WhatsApp delivery | Customer phone numbers, message content |
| Stripe | Payment processing | Billing information |
| Supabase | Database hosting | Account and customer data (encrypted) |
| Vercel | Website and application hosting | Usage data, IP addresses |
| Analytics, Maps, Business Profile API | Usage data, Place IDs | |
| Anthropic | AI-assisted review writing | Customer feedback text (anonymized) |
These providers process data on our behalf and are contractually bound to protect it.
Legal Requirements
We may disclose your information if required to do so by law, court order, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
Business Transfers
If Ricorda is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.
4. Data Retention
We retain your information for as long as your account is active or as needed to provide the Service. Specifically:
- Account data: Retained while your account is active, and for up to 12 months after account closure
- Customer data (names, phone numbers): Retained while your account is active. Deleted within 90 days of account closure.
- Message logs: Retained for up to 12 months for support and compliance purposes
- Payment records: Retained as required by applicable tax and financial reporting laws
- Usage and analytics data: Retained in aggregated, anonymized form indefinitely
You may request deletion of your data at any time (see Section 7).
5. Data Security
We implement reasonable technical and organizational measures to protect your data, including:
- Encryption of data in transit (TLS/HTTPS) and at rest
- Access controls limiting who can view personal data
- Secure hosting infrastructure (Supabase, Vercel)
- Payment processing through PCI-compliant Stripe
No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
6. Cookies
We use a limited number of cookies:
- Essential cookies: Required for the Service to function (session management, authentication)
- Analytics cookies: Google Analytics and Vercel Analytics use cookies to collect aggregated usage data
We do not use advertising or tracking cookies. You can disable cookies in your browser settings, though this may affect the functionality of the Service.
7. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate or incomplete data
- Delete your personal data (subject to legal retention requirements)
- Export your data in a portable format
- Withdraw consent for data processing where consent is the legal basis
- Opt out of analytics tracking
To exercise any of these rights, contact us at support@ricorda.io. We will respond within 30 days.
Your Customers’ Rights
Your customers may contact us directly at support@ricorda.io to request that we stop sending them messages or delete their information. We honor all opt-out requests immediately.
Customers can also reply STOP to any SMS message to opt out of further communications.
8. Canadian Privacy Law (PIPEDA)
As a Canadian company, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA). This means:
- We collect personal information only for identified purposes
- We obtain consent before collecting, using, or disclosing personal information
- We limit collection to what is necessary for the identified purposes
- We protect personal information with appropriate security safeguards
- We make our privacy practices readily available
- We provide individuals with access to their personal information upon request
9. International Data Transfers
Your data may be processed in Canada, the United States, or other jurisdictions where our service providers operate. Where data is transferred outside of Canada, we ensure that appropriate safeguards are in place to protect your information in accordance with applicable privacy laws.
10. Children’s Privacy
The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 18, we will delete it promptly.
11. Third-Party Links
Our website may contain links to third-party websites. We are not responsible for the privacy practices of those websites. We encourage you to review their privacy policies.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice on the Service at least 30 days before the changes take effect. The “Last updated” date at the top of this page indicates when this policy was last revised.
13. Contact Us
If you have any questions about this Privacy Policy or our data practices, contact us at:
- Email: support@ricorda.io
- Company: Ricorda