Privacy Policy

This Privacy Policy explains how Rizumu collects, uses, stores, and protects personal data when you use rizumu.app, related APIs, and connected account features.

It applies to information we process as a data controller for core account and platform operations.

Account and identity data: provider identifiers, usernames, profile avatars, and linked connection metadata.

Session and security data: authentication tokens, session timestamps, CSRF/session integrity data, and device-level access logs.

Product interaction data: profile updates, preference choices, comments, likes, and service usage telemetry needed for reliability and abuse prevention.

To provide authentication, account management, profile features, and requested integrations.

To operate, secure, and improve platform reliability, including incident response and fraud detection.

To comply with legal obligations and enforce Terms of Service when necessary.

Performance of contract: operating the requested service and account features.

Legitimate interest: protecting infrastructure, preventing abuse, and maintaining service quality.

Legal obligation: where processing is required by applicable law or lawful authority requests.

We do not sell personal data. We share data only with service providers required to run the platform (for example hosting, storage, or infrastructure vendors).

We may disclose data if required by law, to protect rights and safety, or to investigate abuse and security incidents.

Third-party login/integration providers process data under their own privacy policies.

Data is retained only for as long as needed to provide services, meet legal obligations, and maintain security records.

Retention periods may vary by data category (for example active sessions vs. historical moderation records).

When data is no longer required, it is deleted or irreversibly anonymized according to operational policy.

We apply technical and organizational safeguards including scoped access controls, secure transport, and session protections.

No system is perfectly secure; users are responsible for securing their third-party accounts and credentials.

If a material incident affecting personal data occurs, we will respond according to internal incident procedures and legal requirements.

Depending on your jurisdiction, you may have rights to access, correct, delete, or restrict processing of your personal data.

You may also have rights to object to specific processing activities or request data portability.

Requests can be submitted through official support channels and will be handled within applicable legal timelines.

Infrastructure and subprocessors may operate in multiple regions. Where required, we apply safeguards for cross-border transfers.

By using the service, you acknowledge that data may be processed in jurisdictions where providers operate.

We may revise this policy to reflect legal, technical, or product changes.

Material updates are published with a revised effective date on this page.

Continued use after changes become effective indicates acceptance of the updated policy.