Riffle

Privacy Policy

Last updated: 22 April 2026

Who we are

Riffle (“we”, “us”) operates the website at riffle.cc and the daily song-guessing game accessible through it. For privacy questions, contact us at support@riffle.cc.

Information we collect

  • Account data (only if you sign up): your email address, optional display name, and a unique account identifier.
  • Anonymous play data: if you play without an account, we generate a temporary anonymous user identifier so we can save your progress, streak, and Riffs balance to your device session.
  • Gameplay data: daily puzzle results, streaks, friends-room participation, wager outcomes, hint use, pack purchases.
  • Usage analytics: page views, feature interactions, and error reports, used in aggregate to improve the product. We do not sell this data.
  • Device data: browser type, screen size, IP address (for rate limiting and abuse prevention only, not stored long-term).

How we use it

  • To provide the game (saving progress, syncing rooms, awarding Riffs).
  • To prevent abuse and enforce rate limits.
  • To measure feature adoption and improve gameplay (aggregated analytics).
  • To process Riffs purchases (via Stripe, see “Third parties” below).

Third parties

We share data only with the providers needed to run the service:

  • Supabase (database, auth, realtime), stores your account, gameplay data, and Riffs balance.
  • Vercel (hosting), serves the website and processes requests.
  • Stripe (payments), processes Riffs purchases. We never see or store your card details.
  • Apple iTunes, we link to public song preview clips. Apple may log these requests independently.
  • Cloudflare (DNS and email routing), routes traffic to riffle.cc and forwards email sent to addresses ending @riffle.cc to our private inbox. Cloudflare may log connection metadata as part of providing the service.
  • PostHog (analytics) and Sentry (error reporting), usage and crash data, anonymised where possible. Both are EU-hosted.

Cookies and local storage

We use a small number of cookies and browser-storage entries:

  • Strictly necessary: a sign-in cookie (Supabase), a host-fingerprint cookie for friends rooms, and local-storage entries for daily progress, onboarding state, and played-songs history. These are required for the game to work and are set without consent.
  • Analytics (optional): PostHog cookies + local storage for product analytics. These are only set if you choose “Accept all” on the consent banner shown on first visit. You can change your mind at any time by clearing site data and reloading.
  • Error monitoring: Sentry receives crash reports when something breaks. It does not set marketing cookies and runs as a strictly-necessary service-monitoring tool.

Your rights

Depending on your jurisdiction (e.g. UK GDPR, EU GDPR, CCPA), you have the right to access, correct, export, or delete your personal data. To exercise any of these rights, email support@riffle.cc and we’ll respond within 30 days.

Children

Riffle is not directed at children under 13 (or under 16 in the EU/UK). If you believe a child has created an account, contact us and we’ll delete it.

Changes

We’ll update this policy as the product evolves. The “Last updated” date at the top will reflect any change. Material changes will be announced in-app.

Operated by Riffle. Contact: support@riffle.cc