Riffyn Privacy and Security Policy

Updated 25 May 2018

Riffyn is deeply committed to protecting the confidentiality, integrity and security of customer data and is engineered with that in mind. We don't share your data with anyone or any organization. We keep your data confidential. We don't use the data of customers and contacts for any purpose other than to deliver the best possible service, information and support to you. 

Riffyn enters into confidentiality agreement with its subscribers. Terms of confidentiality are fully described in the Master Subscription Agreement for your or your organization's subscription. Please contact the appropriate person at your organization, or contact support@riffyn.com for a copy of these terms. 

To maintain our use of Riffyn services, it is also necessary that you use data responsibly. As a user of Riffyn services you represent, warrant and covenant (i) that all information and data provided to Riffyn has been collected and provided by or on behalf of user in accordance with all applicable laws, rules and regulations; (ii) that you own all rights, title and interest in and to the information and data, or that you have otherwise secured all necessary rights in the information and data as may be necessary to permit the access, use and distribution thereof as contemplated by this Agreement; and (iii) that you will only use Riffyn services in accordance with all applicable laws, rules and regulations and the Master Subscription Agreement. We note that Riffyn is not HIPAA compliant. Therefore you may not provide any personally identifying information subject to specialized security regimes.

Information We Collect & How We Use It

The information we collect at Riffyn is used to make our products, services and educational materials the best they can be, to update you about upgrades, maintenance periods, and new features. We may also to provide you with educational content related to Riffyn's scientific mission.

Riffyn collects only the following required information about its users:

  • Name
  • Username
  • Password (encrypted)
  • Email address
  • Phone number
  • Organization
  • Organization mailing address

Riffyn may also retain other information that you choose to provide to Riffyn services.

Users of Riffyn may not remove the information listed above from Riffyn services and records, unless they delete their accounts and cancel their subscriptions to Riffyn services. This information is required to provide the Riffyn services. Riffyn may retain a copy of this information on executed subscription agreements or other legal contracts for record-keeping purposes.

For contacts of Riffyn that are not users (e.g., subscribers to the Riffyn News mailing list), we collect the same information listed above. If (as a non-user) you wish to have this data removed, you may contact us at support@riffyn.com.

Any email you receive from Riffyn provides an opt-out link for one-click unsubscribe from mailings, and options to modify your profile.

In order to give you the best possible experience using Riffyn, we also collect information from your interactions with our application, network and website. This may include pages you access, actions you perform on Riffyn services, your Internet Protocol address, information about your device (such as device or browser type), and referral information.

We use this information to:

  • provide, test, improve, promote Riffyn products and services
  • generate aggregate, non-identifying information about use of Riffyn products and services
  • retain logs of data operations to ensure compliance with statutory and voluntary regulations including CFR 21 Part 11 and ISO 270001

Information Disclosure

Riffyn won’t transfer information about you to third parties for the purpose of providing or facilitating third-party advertising to you. We won’t sell information about you.

We may share your account information with third parties in some circumstances, including: (1) with your consent; (2) to a service provider or partner who meets our data protection standards; (3) when it is required by law, such as pursuant to a subpoena or other legal process.

If we are going to share your information in response to legal process, we’ll give you notice so you can challenge it (for example by seeking court intervention), unless we’re prohibited by law or believe doing so may endanger others.

When you create or access your Riffyn Software-as-a-Service ("Riffyn SaaS") account, we transmit the information listed above above to a third-party authentication service (Okta) to verify your identity and obtain access credentials to use the application.

Riffyn uses third-party vendors and hosting partners, such as Amazon, for hardware, software, networking, storage, and related technology. 

Data Access and Use within the Riffyn Software-as-a-Service

All users control sharing of their data. (1) They may keep their data fully private, or (2) they may directly share their data with selected individuals, teams and organizations, or (3) they may make their data completely public for unrestricted view & download access to other users on the same instance of the Riffyn SaaS.

When a user creates or shares their data as a public entity in Riffyn SaaS, they grant an irrevocable right to other users to use, re-use, and redistribute that data. The organization that has purchased and authorized their account on the Riffyn SaaS (the "Subscriber"), may own and restrict the use of data to which a user has access, and it is the user's sole responsibility and liability to comply with any such restrictions on use. 

Prohibition of Malicious/Offensive Content

Riffyn prohibits the posting of malicious or offensive content and files to Riffyn. Riffyn may identify and remove any such content at any time at its sole discretion.

Despite this prohibition, Riffyn SaaS users may still encounter such malicious or offensive content in shared entities. In accessing shared content, users accept any and all risks associated with viewing it, using it or downloading it. Users may notify Riffyn of content they believe to be offensive or malicious via email to support@riffyn.com.

Security

Riffyn establishes and maintains an information security program that is designed to: (1) protect the security and confidentiality of the user's and Subscribers's data; (2) protect against anticipated threats or hazards to the security or integrity of the user's and Subscriber's data; and (3) protect against unauthorized access to or use of the user's and Subscriber's data. This includes encryption of all data stored on Riffyn SaaS and data backup operations.

Tracking & Cookies

Riffyn uses browser cookies and similar technologies to recognize you when you return to our services. Riffyn doesn’t track you across the Internet. We record only some of your interactions with the Riffyn SaaS or other services.

Some third-party services, such as Google Analytics, may place their own cookies in your browser. This Privacy and Security Policy covers use of cookies by Riffyn only and not the use of cookies by third parties.

Cross-border Transfers

By using Riffyn services, you authorize Riffyn to transfer, store, and use your information in the United States and any other country where we operate. Where your data is disclosed to our processors, it is subject by contract to at least the same level of data protection as that set out in this statement.

Changes to this Policy

Riffyn may periodically update this Privacy and Security Policy and notify you about significant changes to it.

Questions

We welcome feedback about this policy at support@riffyn.com.