Privacy Policy

Riposte ("Service") is operated by Kollektiv LLC ("we", "us"). This policy explains what data we collect, why, and how we protect it.

We collect only what's necessary to run the Service. We don't sell your data.

Account Data

• Email address (for authentication and communication)
• Name (if provided)

Stripe Data

When you connect your Stripe account, we access:

• Dispute details (reason, amount, status, deadlines)
• Related transaction and charge data
• Customer information relevant to disputes
• Shipping and fulfillment data

We access this data through the Stripe API using OAuth tokens you authorize. We only read what's needed to build dispute evidence.

Merchant Customer Data

When merchants connect their data sources, Riposte may access data about customers involved in active disputes. This may include, but is not limited to:

• Customer identity (e.g. email, user ID, IP address)
• Session and access data (e.g. logins, devices, timestamps, geolocation)
• Product usage and activity
• Delivered outputs or proof of service
• Support and communication history
• Cancellation, refund, or billing history

Access is read-only, scoped to the dispute period, and used solely to compile dispute evidence. The specific data accessed depends on what the merchant connects and what is relevant to the dispute.

Usage Data

• Pages visited, features used
• Browser type, device info
• IP address

• Build dispute evidence from merchant customer data
• Submit dispute evidence to Stripe
• Process merchant customer data through AI models to generate evidence documents
• Track dispute outcomes and improve win rates
• Authenticate you and secure your account
• Send transactional emails (dispute updates, account alerts)
• Improve the Service

We share data only when necessary:

• Stripe — dispute evidence submitted via their API
• Infrastructure providers — Cloudflare (hosting, Workers AI, AI Gateway where used, storage, and edge networking) and PlanetScale (database)
• AI processing — merchant customer data may be processed through AI services hosted on Cloudflare to generate evidence documents. Cloudflare does not use Workers AI customer content to train AI models. Where AI Gateway is used for merchant customer content, we disable or avoid request and response payload logging
• Analytics — PostHog for product analytics, including account-user identifiers and product usage telemetry
• Error monitoring — Sentry for error tracking, diagnostics, and related account-user context
• Email delivery — Resend for transactional emails such as sign-in links, account notices, and dispute updates

We don't sell, rent, or trade your data to third parties.

• Account data: retained while your account is active
• Stripe and merchant customer data: retained for the duration of dispute processing, then deleted within 90 days of dispute resolution
• Usage data: aggregated and anonymized after 12 months

You can request deletion of your data at any time by contacting us.

When handling merchant customer data, Riposte acts as a data processor on behalf of the merchant (data controller). We process this data only as instructed by the merchant, only for active disputes, and under the terms of a Data Processing Agreement incorporated into our Terms of Service.

If you are a customer of a Riposte merchant and your data was used in a dispute response, you may contact the merchant directly to exercise your data rights. Riposte does not independently decide what merchant customer data to collect or how to use it.

We use industry-standard measures to protect your data: encrypted connections (TLS), encrypted secrets at rest, and access controls. Stripe API tokens are stored encrypted and never exposed in logs or client-side code.

You can:

• Access your data by contacting us
• Request correction of inaccurate data
• Request deletion of your data
• Revoke Stripe access at any time via your Stripe dashboard
• Export your data

If you're in the EU/EEA, you have additional rights under GDPR including the right to data portability and the right to lodge a complaint with a supervisory authority.

We use essential cookies for authentication and session management. We use PostHog for analytics. You can disable non-essential cookies in your browser settings.

We may update this policy. We'll notify you of material changes via email or in-app notice. Continued use after changes constitutes acceptance.

If you have any questions about this Privacy Policy, please contact us at:

Email: legal@riposte.sh
Company: Kollektiv LLC
Address: 701 Tillery Street Unit 12, 2874, Austin, TX 78702