Terms of Service

By accessing or using Riposte ("Service"), operated by Kollektiv LLC ("we", "us"), you agree to these Terms. If you don't agree, don't use the Service.

Riposte is an open-source AI agent that helps you respond to Stripe payment disputes. It connects to your Stripe account, analyzes dispute data, assembles evidence, and submits responses on your behalf.

We do not guarantee any specific outcome. Dispute decisions are made by card networks and issuers, not by us.

You must be at least 18 years old and have a valid Stripe account. By using the Service, you represent that you have the authority to connect your Stripe account and authorize automated dispute responses.

You are responsible for maintaining the security of your account credentials and Stripe API keys. You are responsible for all activity under your account.

Riposte accesses your Stripe account via the Stripe API. By connecting your account, you authorize us to read dispute data, retrieve transaction and customer information, and submit dispute evidence on your behalf.

You can revoke access at any time through your Stripe dashboard.

This section constitutes a Data Processing Agreement ("DPA") under GDPR Article 28 between you (controller) and Kollektiv LLC (processor) for merchant customer personal data processed through the Service. Riposte acts as an independent controller for Riposte account, billing, security, website, and product analytics data as described in our Privacy Policy.

Subject Matter and Duration

The subject matter is Riposte's processing of merchant customer data to prepare, review, submit, and track Stripe dispute evidence on your behalf. Processing lasts for the period you use the Service and until the data is deleted or returned after dispute resolution or account termination, subject to legal retention obligations.

Nature and Purpose

Riposte processes merchant customer data to ingest Stripe dispute records, match the disputed customer to your product data, collect relevant source-backed evidence, generate evidence packets, submit or export dispute responses, track outcomes, and send related notifications. Processing is limited to active or recent disputes and the data relevant to each dispute.

Data Subjects and Data Categories

Data subjects are your customers or users involved in payment disputes. Depending on what you connect, Riposte may process customer identity data, Stripe payment and dispute data, session and access data, product usage and activity data, delivered outputs or proof of service, support and communication history, and cancellation, refund, or billing history.

Customer Instructions

We process merchant customer data only on your documented instructions, including these Terms, your Service configuration, your connected data sources, and dispute actions you approve or authorize. If we believe an instruction violates applicable data protection law, we will notify you unless legally prohibited.

Processor Obligations

• Process data only on your documented instructions and solely for dispute evidence
• Ensure personnel with access are bound by confidentiality
• Implement appropriate technical and organizational security measures
• Notify you without undue delay upon becoming aware of a personal data breach
• Make available information necessary to demonstrate compliance and allow for audits
• Assist with data subject requests, security obligations, and data protection assessments where required and technically feasible

Sub-processors

You authorize Riposte to engage sub-processors listed on our sub-processors page. We will notify you of changes to that list. Each sub-processor is bound by data protection obligations no less protective than this DPA.

Deletion and Return

We delete merchant customer dispute data within 90 days after dispute resolution or account termination unless continued retention is required by law, legal hold, fraud prevention, dispute defense, security, or backup integrity. Upon request, we will return or export merchant customer dispute data where technically feasible.

Data Subject Requests

If we receive a request from one of your customers regarding their personal data, we will direct them to you and assist you in fulfilling the request to the extent technically feasible.

Security, Audit, and Assistance

We maintain technical and organizational measures appropriate to the risk, including encrypted transport, encrypted credentials, access controls, and operational logging. We will make available information reasonably necessary to demonstrate compliance with this DPA and will support audits through documentation or another reasonable process that does not compromise the security of the Service or other customers.

International Transfers

Where data is transferred outside the EEA, we rely on adequacy decisions, Standard Contractual Clauses, or the EU-US Data Privacy Framework as applicable. Our sub-processors maintain appropriate transfer mechanisms.

You agree not to:

• Use the Service for fraudulent disputes or false evidence
• Submit fabricated or misleading documentation
• Attempt to circumvent Stripe's terms of service
• Reverse-engineer, attack, or abuse the Service

Riposte's source code is licensed under AGPLv3. These Terms govern your use of the hosted Service at riposte.sh, not self-hosted instances.

The Service is provided "as is" without warranties of any kind. We are not liable for lost disputes, revenue loss, or any indirect, incidental, or consequential damages arising from your use of the Service.

Our total liability is limited to the amount you paid us in the 12 months preceding the claim.

We may suspend or terminate your access at any time for violation of these Terms. You may stop using the Service at any time by disconnecting your Stripe account and deleting your account.

We may update these Terms. We'll notify you of material changes via email or in-app notice. Continued use after changes constitutes acceptance.

These Terms are governed by the laws of the State of Wyoming, United States, without regard to conflict of law principles. Any disputes shall be resolved in the courts of Wyoming.

If you have any questions about these Terms, please contact us at:

Email: legal@riposte.sh
Company: Kollektiv LLC
Address: 701 Tillery Street Unit 12, 2874, Austin, TX 78702