RiverStoke
⚠️ Draft — this policy is a starting point, not a final legal document. Have it reviewed by counsel (or run through a service like Termly / iubenda / Termageddon) before scaling to a broader audience or distributing via the App Store.

Privacy Policy

Last updated: May 19, 2026

RiverStoke ("we," "us," or "the app") respects your privacy. This policy explains what information we collect, how we use it, and the rights you have over your data.

1. Information we collect

Account information

Content you create

Automatically collected

2. How we use your information

We do not sell your data. We do not run ads. We have no investors who get access to your data.

3. Visibility of your content

You control the visibility of trips and other content via per-trip privacy settings:

Photos default to crew-only on upload. You can change per-photo visibility anytime.

4. Third-party services

The app uses these vendors under contract to operate:

5. Cookies

We use cookies for two purposes:

6. Your rights

If you're in the EU, UK, or California, you have additional rights under GDPR / CCPA respectively — same request channel.

7. Children

RiverStoke is not intended for users under 13. We do not knowingly collect data from anyone under 13. If we learn we have, we'll delete it.

8. Data retention

We retain your data for as long as your account is active. After account deletion, we purge personal data within 30 days, except where retention is required by law (e.g., financial records for tax compliance).

9. Security

Data is encrypted in transit (TLS 1.2+) and at rest (AES-256 for files in S3; PostgreSQL native encryption for the database). Passwords are hashed with bcrypt. We don't have access to your raw password.

10. Changes to this policy

We'll update the "Last updated" date at the top when the policy changes. Material changes are emailed to all active users before taking effect.

11. Contact

Questions or requests: privacy@riverstoke.com