Effective: April 19, 2026
Riffie is a voice-first AI companion for iOS. This policy explains what data Riffie collects, how it is used, and your choices.
Riffie is operated by Zeb Dropkin ("we", "us", "our").
| Data | Collected? | Purpose |
|---|---|---|
| Voice recordings | Processed on-device only | Transcribed locally using Apple SpeechAnalyzer. Raw audio is never sent to our servers or any third party. |
| Conversation text | Sent to AI providers | Your transcribed messages and AI responses are sent to third-party AI services to generate replies. See Section 3. |
| AI-generated audio | Generated by TTS providers | AI response text is sent to text-to-speech services to produce audio playback. See Section 3. |
| Account information | When you sign in | Email address, display name, and provider (Apple, Google, or email) are collected via Firebase Authentication. See Section 5. |
| Subscription and purchase data | Via RevenueCat | Purchase history and subscription status managed by RevenueCat. Linked to your account once you sign in. See Section 3. |
| Usage metrics | Collected per request | Aggregated, non-identifying metrics used for cost tracking and service improvement. See Section 4. |
| App analytics and crash reports | Collected automatically | App interaction data (screens viewed, features used) and crash diagnostics are collected to improve app stability and understand usage patterns. See Section 4. |
| Feedback (optional) | Only if you submit it | Routed to our issue tracker for follow-up. Identified by a random device ID. |
| Tester name or handle (TestFlight only) | Only if you provide it | Optional handle shown to TestFlight testers on first launch. Used to associate feedback with a recognisable name. Skippable. Not shown to App Store users. |
What we do not collect: We do not collect your precise location, contacts, photos, health data, or financial information. We do not use advertising identifiers (IDFA) or any cross-app tracking.
Your conversations, projects, and custom dictionary are stored as JSON files on your device and synchronized across your own devices via Apple's iCloud Documents service. This sync uses your personal iCloud account and stays under your Apple ID. We never have access to your iCloud data.
Cached audio files stay local on each device and are not synced.
App preferences (voice, persona, appearance, and other settings) are synced across your devices via Apple's iCloud Key-Value Store when iCloud is available. This is also under your Apple ID and not accessible to us.
You can delete individual conversations or all data from within the app at any time. Deleting a conversation removes it on all your devices.
Riffie uses the following third-party services to provide its core functionality. Conversation text is sent through our API proxy (hosted on Cloudflare Workers), which forwards requests to these providers. We hold the API keys server-side so they are never stored on your device.
| Service | Provider | Data Sent | Privacy Policy |
|---|---|---|---|
| AI conversation | Anthropic (Claude) | Conversation text | anthropic.com/privacy |
| AI conversation | OpenAI (GPT) | Conversation text | openai.com/privacy |
| AI conversation | Google (Gemini) | Conversation text | policies.google.com/privacy |
| Text-to-speech | Inworld AI | AI response text | inworld.ai/privacy-policy |
| Authentication | Google (Firebase Authentication) | Email address, display name, provider identifier | firebase.google.com/privacy |
| Sign in with Apple | Apple | Identity token, name (if you choose to share it) | apple.com/privacy |
| Sign in with Google | Identity token, name, email | policies.google.com/privacy | |
| Subscriptions | RevenueCat | Anonymous or signed-in subscriber identifier, email, display name, purchase history, device information. See Section 6. | revenuecat.com/privacy |
| Analytics & crash reporting | Google (Firebase) | App interaction events, crash reports, device identifiers (IDFV) | firebase.google.com/privacy |
You choose which AI provider to use in Settings. Only the selected provider receives your conversation text for that request.
When web search is enabled, the AI provider may use its built-in search capability to look up information relevant to your query. Search results are processed by the AI provider according to their privacy policy.
Riffie never sells or shares your conversation content with advertisers or data brokers.
Riffie collects usage data in two ways:
Server-side (per API request): Each request through our API proxy records aggregated metrics for cost tracking. These include a subscriber identifier (assigned by RevenueCat), which AI model and voice were used, token counts and estimated cost, and behavioral context (selected persona, response length, conversation turn count, speech duration). Stored in Cloudflare Analytics Engine and retained for 90 days.
Client-side (in-app analytics): Riffie uses Firebase Analytics to understand how the app is used. This includes events like which features are accessed, screen views, and app opens. Firebase also collects crash reports through Crashlytics to help us identify and fix stability issues. This data is associated with a device identifier (IDFV) and, once you sign in, your Firebase user ID. No advertising identifiers (IDFA) are collected and no cross-app tracking occurs.
Riffie offers a free trial period during which no account is required. After the trial ends, an account is required to continue using the app. You can create an account using Sign in with Apple, Sign in with Google, or an email address and password.
When you sign in, Firebase Authentication collects your email address, display name (when provided by the authentication provider), and the provider you used. This information is associated with a Firebase user ID that identifies your account across devices.
Apple and Google operate their own authentication systems. When you sign in with one of those providers, the token exchange is governed by their privacy policies in addition to ours. Email addresses entered via email-and-password sign-in are verified via a verification email; password resets are handled by Firebase.
You can delete your account at any time from within the app (Settings → Account → Delete Account). Account deletion removes your Firebase user record, revokes Apple sign-in tokens where applicable, and unlinks your subscriber identifier from your account. Your local data and iCloud-synced conversations remain until you uninstall the app or delete them manually.
Riffie uses RevenueCat to manage subscriptions. RevenueCat assigns each installation an anonymous subscriber identifier. When you sign in, this identifier is linked to your Firebase user ID so your subscription follows your account across devices.
Once you sign in, we also send your email address and display name to RevenueCat so we can help you with support inquiries. This information is stored as subscriber attributes against your RevenueCat customer record and is not used for advertising.
On TestFlight builds only, we send an additional subscriber attribute marking the install as a beta build, plus any optional name or handle you provide through the in-app beta tester prompt. This helps us correlate beta feedback with individual testers. Production (App Store) installs are never tagged as TestFlight.
All AI and TTS requests are routed through our API proxy hosted on Cloudflare Workers. The proxy:
| Data | Retention |
|---|---|
| On-device conversations (and their iCloud copies) | Until you delete them or uninstall the app |
| Account information | Until you delete your account |
| Server-side usage metrics | 90 days (Cloudflare Analytics Engine) |
| Client-side analytics | Up to 14 months (Firebase Analytics) |
| Crash reports | 90 days (Firebase Crashlytics) |
| Subscription usage tracking | 14 days (Cloudflare KV, rolling weekly) |
| Subscription tier cache | 5 minutes (refreshed from RevenueCat) |
| Feedback submissions | Retained in our issue tracker until resolved |
We do not retain your conversation text on our servers. Conversations exist only on your device, in your iCloud account, and transiently in memory during API request processing.
Riffie is not intended for children under 17. We do not knowingly collect data from children. If you believe a child has used the app, please contact us and we will take appropriate steps.
All data in transit is encrypted via TLS. API keys are stored server-side on Cloudflare Workers and never exposed to the client app. Authentication tokens are managed by Firebase Authentication using standard iOS Keychain storage.
We may update this policy as the app evolves. Changes will be posted on this page with an updated effective date. Continued use of Riffie after changes constitutes acceptance of the revised policy.
Questions about this policy? Contact us at help@heyriffie.app.
© 2026 Zeb Dropkin. All rights reserved.