Last updated: 16 February 2026
Riffit ("we," "our," or "us") operates the website riffit.in and the Riffit WhatsApp bot (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our Service, in accordance with the Digital Personal Data Protection Act, 2023 (DPDP Act) and applicable Indian laws.
We collect information that you provide directly when using Riffit:
Account Information: Your phone number (via WhatsApp), business name, email address, PAN number, and GST number (if applicable). This information is required to create professional invoices with your business details on your behalf.
Invoice Data: Client names, email addresses, phone numbers, invoice amounts, line item descriptions, payment terms, and payment status. This data is necessary to generate and deliver invoices as requested by you.
Usage Data: WhatsApp message interactions with our bot, dashboard activity, and feature usage patterns. We use this to improve the Service.
Payment Information: Subscription payment details are processed by Razorpay. We do not store your credit card or bank account details directly.
We use your information to provide and operate the Service — including creating invoices, sending them to your clients, tracking payment status, and sending reminders. We also use your information to communicate with you about your account, process subscription payments, improve and develop new features, and comply with legal obligations including tax regulations.
We share invoice details with your clients when you send an invoice — this includes your business name, contact information, and invoice contents. We use third-party service providers to operate the Service, including Supabase (database hosting), Meta/WhatsApp (messaging), Brevo (email delivery), Razorpay (payment processing), and Vercel (web hosting). These providers only access data necessary to perform their services. We may disclose information if required by law, regulation, or legal process.
We do not sell your personal data to third parties.
Your data is stored on servers provided by Supabase and Vercel, which may be located outside India. We implement appropriate technical and organizational security measures to protect your data, including encryption in transit (HTTPS/TLS), secure authentication (JWT tokens), and access controls. However, no method of transmission or storage is 100% secure.
Under the DPDP Act, 2023, you have the right to access your personal data held by us, correct inaccurate data, request deletion of your data (subject to legal retention requirements), withdraw consent for data processing, and nominate another person to exercise your rights. To exercise any of these rights, contact us at support@riffit.in.
We retain your personal data for as long as your account is active or as needed to provide the Service. Invoice data may be retained as required by Indian tax laws and regulations. You may request account deletion at any time by contacting support@riffit.in.
Our web dashboard uses essential cookies for authentication and session management. We may use analytics tools to understand usage patterns and improve the Service. We do not use cookies for advertising purposes.
Riffit is designed for business use by adults. We do not knowingly collect data from individuals under 18 years of age. If we become aware that we have collected data from a minor, we will take steps to delete it.
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page with a revised "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.
If you have questions about this Privacy Policy or our data practices, contact us at: support@riffit.in
Riffit — Bengaluru, Karnataka, India