Legal

Privacy Policy

Effective Date: May 1, 2026  ·  Rimplo, Inc.

This Privacy Policy describes how Rimplo, Inc. ("Rimplo," "we," "us," or "our") collects, uses, and shares information about you when you use our website, products, and services (collectively, the "Services").

We are committed to protecting your privacy and handling your data in an open and transparent manner. This policy is designed to be concise and easy to understand, and describes how we collect, use, and protect your information. We implement privacy-protective practices and provide you with control over your data, including the ability to request complete erasure of your information upon request.

1. Our Role: Data Controller vs. Data Processor

For a B2B SaaS company like Rimplo, it is important to distinguish between the data we control and the data we process on behalf of our customers.

(or "Business" under CCPA)

Data Type

Website & Account Data

Who the Data Belongs To

Website visitors, prospective customers, and direct users of our platform (e.g., billing contacts, account administrators).

Our Responsibility

We determine the purposes and means of processing this data. This entire policy primarily applies to this data.

Data Controller

(or "Service Provider" under CCPA)

Data Type

Customer Data

Who the Data Belongs To

Our customers' end-users, leads, and accounts (e.g., data from Salesforce, Stripe, Intercom).

Our Responsibility

We process this data strictly on behalf of and under the instructions of our customers, who are the Data Controllers.

Data Processor

If you are a customer of a Rimplo customer, please refer to that customer's privacy policy for information on how they handle your data.

2. Data We Collect (As Data Controller)

We collect information to provide and improve our Services, to communicate with you, and for marketing purposes.

A. Information You Provide to Us

This includes information you voluntarily provide when you sign up for an account, request a demo, or contact us.

Account & Contact Data

Examples

Name, email address, phone number, company name, job title, and password.

Purpose

To create and manage your account, provide access to the Services, and communicate with you.

Legal Basis (GDPR)

Performance of a contract with you.

Billing & Payment Data

Examples

Billing address, payment method details (handled by a third-party payment processor — we do not store full credit card numbers).

Purpose

To process payments and manage subscriptions.

Legal Basis (GDPR)

Performance of a contract with you.

Communication Data

Examples

Records of correspondence when you contact our support or sales teams.

Purpose

To respond to your inquiries and improve our customer service.

Legal Basis (GDPR)

Legitimate interest (improving service quality).

Invitation Data

Examples

Email addresses of invitees, invitation tokens, invitation timestamps, inviter identity.

Purpose

To enable account administrators to invite team members and manage access to the Services.

Legal Basis (GDPR)

Performance of a contract with you.

Uploaded Files

Examples

Files you upload to the platform, including file names and upload timestamps.

Purpose

To provide file storage and sharing functionality within the Services.

Legal Basis (GDPR)

Performance of a contract with you.

AI Chat Data

Examples

Messages you send to our AI assistant, conversation history, and selected AI model preferences.

Purpose

To provide AI-powered analytics, insights, and conversational assistance within the Services.

Legal Basis (GDPR)

Performance of a contract with you.

B. Information Collected Automatically

When you interact with our website or Services, we automatically collect certain information.

Usage Data

Examples

IP address, browser type, operating system, pages viewed, time spent on pages, and referring URLs.

Purpose

To monitor and analyze the performance and usage of our Services, and to ensure security.

Legal Basis (GDPR)

Legitimate interest (maintaining and improving the Services).

Cookies & Session Data

Examples

Session storage for authentication tokens and user preferences. We do not use tracking pixels, third-party analytics services (such as Google Analytics), or cross-site tracking technologies.

Purpose

To remember your preferences and maintain your authenticated session.

Legal Basis (GDPR)

Necessary for the service to function.

Authentication Tokens

Examples

JWT access tokens (15-minute expiration), refresh tokens stored in HTTP-only cookies (7-day expiration), with SameSite cookie policy.

Purpose

To securely authenticate your sessions and maintain login state across the Services.

Legal Basis (GDPR)

Performance of a contract with you.

3. Data We Process on Behalf of Our Customers (Customer Data)

Rimplo's core service involves processing data that our customers feed into the platform via integrations (e.g., Salesforce, HubSpot, Stripe, Google Ads, Notion).

Types of Customer Data:

This data is highly variable but typically includes customer relationship management

(CRM) data, product usage metrics, support ticket history, billing information, and

communication logs.

Supported Integrations:

We currently support data connections with Salesforce, HubSpot, Stripe, Google Ads

and Notion. Each integration uses OAuth 2.0 authentication (with PKCE where applicable)

to securely access your data without storing your login credentials.

Purpose of Processing:

We process this data solely to provide the AI-powered revenue intelligence services to

our customers, such as churn prediction, upsell opportunity identification

and deal acceleration.

Google Ads Data:

Google Ads data accessed through our integration is used solely to provide advertising

analytics and revenue intelligence within the Rimplo platform. This data is not shared with

third parties, used for advertising purposes, or used to train AI models.

AI Model Training Clause: Rimplo does not use, sell, or share Customer Data to train, retrain, or improve our general AI models or any third-party AI models. All processing is done to provide the contracted service to the specific customer.

AI Model Training Clause: Rimplo does not use, sell, or share Customer Data to train, retrain, or improve our general AI models or any third-party AI models. All processing is done to provide the contracted service to the specific customer.

4. AI and Large Language Model (LLM) Processing

Rimplo uses artificial intelligence to provide revenue intelligence features such as churn prediction, upsell opportunities, and conversational data analysis. Here's how your data interacts with AI systems:

A. How AI Processing Works

AI Assistant:

When you interact with our AI assistant, your messages, conversation history, and

any referenced file contents are processed by large language models to generate

responses.

Data Analysis:

Customer data from connected integrations may be analyzed by AI to generate insights,

predictions, and recommendations.

File Processing:

f you upload files (CSV, JSON, etc.) and reference them in AI conversations, the file

contents are sent to AI providers for analysis.

B. Third-Party AI Providers

We use OpenRouter as an intermediary service to route AI requests to various large language model providers. Depending on your model selection, your data may be processed by:

Anthropic

(Claude models)

OpenAI

(GPT models)

Google

(Gemini models)

These providers process your data according to their respective privacy policies and data processing agreements. We do not control how these providers handle data once transmitted.

C. What We Do NOT Do

We do not use your data to train, fine-tune, or improve any AI models (ours or third-party).

We do not sell or share your AI conversation data for advertising purposes.

We do not store AI conversation history on our servers beyond what is necessary for the current session (conversation history is maintained client-side).

5. How We Share Your Data

We do not sell your personal data (as Data Controller) to third parties. We only share your information in the following circumstances:

With Service Providers (Sub-processors)

We use third-party vendors to perform services on our behalf, such as hosting, payment processing, and analytics. These providers are contractually obligated to protect your data and use it only for the purposes we instruct.

Our primary sub-processors include:

Amazon Web Services (AWS):

Cloud hosting, file storage (S3), and serverless computing — United States

PostgreSQL Database (AWS RDS):

Primary user account and data storage — United States

ClickHouse Cloud:

Data warehouse for analytics and connector configurations — United States/Europe

Airbyte:

Data orchestration and ETL processing for third-party integrations

OpenRouter:

AI request routing to multiple LLM providers (Anthropic, OpenAI, Google)

Nango:

OAuth authentication management for third-party data integrations

For Legal Reasons

We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to comply with a legal obligation, protect and defend the rights or property of Rimplo, or protect the personal safety of users of the Services or the public.

Business Transfers

In connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company.

6. International Data Transfers

Rimplo is a global company. Your data may be stored and processed in any country where we have facilities or where we engage service providers, primarily in the United States and Europe.

Our primary infrastructure is hosted on Amazon Web Services (AWS) in the United States, with analytics data stored on ClickHouse Cloud. If you are accessing our Services from outside the United States, please be aware that your data will be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction.

7. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data. To exercise any of these rights, please contact us using the details in Section 10.

Right to Access

Description

The right to request copies of the personal data we hold about you.

Applicable Regulations

GDPR, CCPA/CPRA

Right to Rectification

Description

The right to request that we correct any information you believe is inaccurate or incomplete.

Applicable Regulations

GDPR, CCPA/CPRA

Right to Erasure ('Right to be Forgotten')

Description

The right to request that we erase your personal data, under certain conditions.

Applicable Regulations

GDPR, CCPA/CPRA

Right to Object/Opt-Out

Description

The right to object to our processing of your personal data (e.g., for direct marketing) or to opt-out of the sale or sharing of your personal information. Note: Rimplo does not sell your personal data.

Applicable Regulations

GDPR, CCPA/CPRA

Right to Data Portability

Description

The right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.

Applicable Regulations

GDPR

Right to Non-Discrimination

Description

The right not to be discriminated against for exercising any of your privacy rights.

Applicable Regulations

CCPA/CPRA

Data Erasure on Demand: You have the right to request complete deletion of all your personal data from our systems. Upon receiving a verified erasure request, we will permanently delete your account data, uploaded files, AI conversation references, and any other personal information we hold about you. To request data erasure, please contact us at privacy@rimplo.com with the subject line "Data Erasure Request." We will process your request and confirm deletion within 30 days.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.

Retention periods for specific data types:

Account Data:

Retained for the duration of your account plus 3 years after account closure for legal compliance.

Authentication Tokens:

Access tokens expire after 15 minutes; refresh tokens expire after 7 days.

OAuth Credentials:

Retained while the integration is active; deleted upon disconnection.

Invitation Data:

Pending invitations expire after 48 hours; accepted invitation records retained with account data.

Uploaded Files:

Retained until deleted by the user or account closure.

Usage Logs:

Retained for 12 months for security and analytics purposes.

Temporary Session Data:

OAuth session data (PKCE) automatically expires after 10 minutes.

9. Children's Privacy

Our Services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that a child under 16 has provided us with personal data, we will take steps to delete such information.

10. Contact Us

If you have any questions about this Privacy Policy, our data practices, or if you wish to exercise any of your rights, please contact us:

By Email

Contact

privacy@rimplo.com

By Mail

Address

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top. We encourage you to review this Privacy Policy periodically for any changes.

11. Changes to This Privacy Policy

11. Changes to This Privacy Policy

Revenue intelligence for B2B SaaS teams who can't afford to be surprised.

Product

Features

Integrations

Pricing

Legal

Privacy

Terms

© 2026 Rimplo Inc. All rights reserved.

Rimplo
Rimplo
Rimplo

Product

Integrations

Pricing

Sign In

Try for Free