Privacy Policy

RIOT is a real-time product feedback tool. We help product teams collect structured feedback from users during live sessions, via an embeddable widget, or through video analysis. RIOT is operated by Cameron-Hann Digital Ltd.

When you use RIOT, we collect: • Feedback content — text you submit as issues, wishes, or notes during a session or via the widget. • Page URL — the URL of the page you were on when you submitted feedback. • User name — the name you choose when joining a session (never required, defaults to "Anonymous"). • Email address — only if you sign up for a dashboard account, used for authentication (magic link) and weekly digest emails. • Session metadata — session name, target URL, timestamps. We do not collect passwords, payment card data, or any financial information. Stripe handles all payments directly.

The RIOT Chrome extension: • Reads your current tab's URL to include it with feedback submissions. • Injects a feedback overlay UI only on pages where you've joined a session. • Does not track your browsing history. • Does not read page content beyond what you explicitly select and submit. • Does not run on browser internal pages (chrome://, about:). • Stores only your session ID and display name in local Chrome storage. • Sends data only to your configured RIOT server (default: runriot.io).

When you embed the RIOT widget on your site, it collects feedback submitted by your users — the text they type, the page they were on, and an anonymous session identifier. No cookies are set. No cross-site tracking occurs.

Feedback data is used solely to: • Display it to the session host in real time • Synthesise it into ranked priorities via AI (OpenRouter/Claude) • Send weekly digest emails to the dashboard owner We do not sell your data. We do not use it for advertising.

All data is stored in Supabase (PostgreSQL), hosted in EU data centres. Feedback entries are retained for as long as your account is active. You can delete your account and all associated data at any time by emailing privacy@runriot.io.

RIOT uses the following third-party services: • Supabase — database and authentication (supabase.com/privacy) • Vercel — hosting (vercel.com/legal/privacy-policy) • OpenRouter / Anthropic — AI synthesis (openrouter.ai/privacy) • Resend — transactional email (resend.com/privacy) • Stripe — payment processing (stripe.com/privacy)

You have the right to access, correct, or delete any personal data we hold about you. To exercise these rights, email privacy@runriot.io. We will respond within 30 days.

Questions about this policy: privacy@runriot.io