Legal
Privacy Policy
Last updated: 2026-05-20
This Privacy Policy describes how Rimp Labs ("we", "us") collects, uses, and protects your information when you use Rimp. We try to keep this short and readable.
1. What we collect
- Account data: email address, name (if provided by OAuth provider), profile image (if provided).
- Usage data: prompts you submit, models you call, generation metadata (status, timing, credits charged). Generated outputs are stored in object storage for the retention period of your plan.
- Billing data: handled by Stripe. We store the Stripe customer ID and subscription state — never your card number.
- Technical data: IP address, user agent, and timestamps on audit log entries (privileged actions like creating API keys).
2. How we use it
- To operate Rimp (route requests to providers, bill credits, deliver outputs).
- To improve the product (aggregate analytics, never reading individual prompts).
- To prevent abuse (rate limit, fraud signals).
- To send transactional email (magic links, billing notifications). No marketing email without explicit opt-in.
3. Sharing with providers
When you generate content, your prompt and inputs are sent to the third-party provider you selected (OpenAI, Replicate, Anthropic, etc.). Each provider has its own privacy policy. We don't share data with providers beyond what's needed to fulfill your request.
4. Retention
- Outputs: 30 days on Free / Pro, 90 days on Studio, configurable on Team.
- Generation metadata (prompts, status): retained while your account is active.
- Audit logs: 13 months (compliance default), configurable on Team.
- Account deletion: hard delete within 30 days of request to hello@rimp.io.
5. Security
Data in transit is TLS-encrypted. Data at rest is encrypted on Neon Postgres and Cloudflare R2. API keys are stored as SHA-256 hashes. BYOK provider credentials are encrypted with AES-256-GCM using a separate key.
6. Your rights
You can export your data (generations, billing history) or delete your account at any time from settings. EU users: GDPR Article 15 (access) and 17 (erasure) apply. California users: CCPA "Do Not Sell" applies — we don't sell data anyway.
7. Cookies
We use first-party cookies for session management only. No third-party tracking, no advertising cookies.
8. Changes to this policy
We will email account holders 30 days before any material change. Minor wording updates ship with the date stamp above.
9. Contact
Privacy questions or data requests: hello@rimp.io.
Questions? hello@rimp.io