Privacy Policy

Last updated: February 13, 2026

Introduction

Rivek ("we", "our", "us") is a private, ephemeral social platform designed for business. This Privacy Policy explains how we collect, use, and protect your information when you use the Rivek mobile application and our website.

We believe privacy is a right, not a feature. Rivek is built from the ground up to minimise the data we collect and maximise your control over it.

Information We Collect

Account Information

When you create a Rivek account, we collect:

• Your Apple ID identifier (via Sign in with Apple)
• Display name and username you choose
• Optional tagline and profile information you provide

Work Verification

If you choose to verify your work identity, we process your company email address solely for domain verification. A one-time verification code is sent to confirm ownership. We do not retain your email address after verification is complete.

Messages and Stories

• Messages are end-to-end encrypted. We cannot access their content.
• Stories are encrypted server-side and stored temporarily.
• All content is ephemeral: messages expire 24 hours after being read (or 7 days if unread), and stories expire after 24 hours.

Device Information

We collect push notification tokens to deliver notifications. We do not collect device identifiers, location data, or usage analytics.

How We Use Your Information

We use the limited information we collect solely to:

• Provide and maintain the Rivek service
• Verify your work identity when requested
• Deliver push notifications
• Connect you with verified professionals in your industry

We do not:

• Sell your data to third parties
• Use your data for advertising
• Build profiles for targeted marketing
• Share data with data brokers
• Use your content to train AI models

End-to-End Encryption

Messages in Rivek are protected with end-to-end encryption using P-256 ECDH key agreement and AES-GCM authenticated encryption. Encryption keys are generated on your device and never leave it. We have no technical ability to decrypt your messages.

Data Retention

Rivek is built on the principle of ephemeral communication:

• Messages are automatically deleted 24 hours after the recipient reads them, or 7 days after sending if unread. Users may explicitly save individual messages.
• Stories are automatically deleted 24 hours after posting.
• Account data is retained while your account is active and deleted upon account deletion.
• Verification data such as email addresses are used only during the verification process and are not retained afterward.

Third-Party Services

Rivek uses the following third-party services:

• Apple CloudKit — Secure cloud storage for encrypted data
• Sign in with Apple — Authentication
• Cloudflare — Website hosting and email verification infrastructure

We do not use analytics services, advertising networks, or tracking pixels on our website or in our app.

Data Security

We employ multiple layers of security to protect your information:

• End-to-end encryption for all direct messages
• Server-side encryption for stories and media
• Secure authentication via Sign in with Apple
• All data transmitted over TLS/HTTPS
• Zero-knowledge architecture where possible

Your Rights

You have the right to:

• Delete your account and all associated data at any time from within the app
• Request a copy of your account data
• Opt out of work verification features

To exercise these rights, contact us at privacy@shutter-app.com.

Children's Privacy

Rivek is not intended for use by individuals under the age of 17. We do not knowingly collect personal information from children.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes through the app. Your continued use of Rivek after changes take effect constitutes your acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy, contact us at:

privacy@shutter-app.com