Privacy Policy

riru (“we”, “us”, “our”) operates a Chrome side panel extension and accompanying web service that helps users automate tasks in their browser. This policy explains what information we collect, how we use it, and the choices you have.

By using riru you agree to the practices described here. If you do not agree, please discontinue use.

Account information. When you sign up, we collect your email address, name, and profile image. Authentication is handled by Clerk, our identity provider.

Usage data. We collect basic, aggregated information about how the service is used (pages loaded, actions performed, errors encountered) to operate and improve riru.

Content you provide. Prompts, tasks, and other content you submit to riru are processed to deliver the service. We store conversation history associated with your account so you can revisit it.

Browser context. When the extension is active on a page you have opened, it may read page content you direct it to act on. This data is processed in service of your request and is not stored beyond what is necessary to complete the task or maintain conversation history.

If you choose to sign in with Google, we receive your basic profile information (name, email address, profile image) through Google’s OAuth flow. We do not request access to additional Google services unless you explicitly grant it for a specific feature.

Use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not transfer, sell, or use Google user data for advertising, and we do not allow humans to read it except as necessary for support, with your consent, or as required by law.

• Provide, maintain, and improve the riru service.
• Authenticate you and secure your account.
• Respond to support requests and communicate about the service.
• Detect, investigate, and prevent fraud, abuse, or security incidents.
• Comply with legal obligations.

We use the following sub-processors to operate riru. Each is bound by their own privacy and security commitments:

• Clerk — authentication and user management.
• Supabase — managed Postgres database hosting.
• Vercel — application hosting.
• Anthropic / OpenAI — large language model providers used to power agent capabilities.

We do not sell your personal information to third parties.

We retain account and usage data for as long as your account is active. If you delete your account, we soft-delete your record and remove or anonymize associated content within a reasonable period, except where retention is required for legal or operational reasons (for example, fraud prevention or audit logs).

Depending on where you live, you may have rights to access, correct, export, or delete the personal information we hold about you, and to object to or restrict certain processing. To exercise these rights, contact us at hello@riru.app.

We use industry-standard safeguards (encryption in transit, scoped access controls, audit logging) to protect your information. No system is perfectly secure; please contact us promptly if you suspect unauthorized access to your account.

riru is not directed to children under 13, and we do not knowingly collect personal information from them. If you believe we have collected information from a child, please contact us so we can remove it.

We may update this policy from time to time. When we do, we will revise the “Last updated” date above. Material changes will be communicated to you through the service or by email.

Questions about this policy or our practices? Email us at hello@riru.app.