Last updated: Jun 12, 2026.
This Privacy Policy explains how Riptides Labs, Inc. (“Riptides,” “we,” “us”) collects, uses, and discloses personal data in connection with our websites, the Console, and the Agent Software. It also explains the rights available to individuals under applicable data protection laws, including the EU/UK GDPR.
We handle personal data in two distinct capacities, and different rules apply to each.
(a) Where we act as a controller. For personal data we collect about visitors, prospects, account holders, and Users — for example, signup and contact details, billing information, website and product usage, and marketing communications — we are the controller, and this Privacy Policy governs that processing.
(b) Where we act as a processor. When a customer deploys the Agent Software and uses the Console, the Agent Software transmits Telemetry and operational data to the Console. To the extent that data contains personal data, we process it on behalf of and under the instructions of the customer (the controller), and that processing is governed by the Data Processing Addendum (DPA) between us and the customer — not by this Privacy Policy. If you are an individual whose data is processed because your employer or another organization uses Riptides, please direct privacy requests to that organization in the first instance.
The Agent Software transmits Telemetry to the Console, which may include operational, diagnostic, configuration, usage, and security-related data about the Agent Software and the environment in which it runs.
To the extent Telemetry includes personal data, the role analysis in Section 1 applies: data we use to operate, secure, and improve our own Service is processed as controller; data we process on the customer’s behalf is governed by the DPA.
We use personal data (as controller) to: provide, operate, secure, and maintain the Service; create and administer accounts; process payments; provide support; communicate about the Service, including security and operational notices; send marketing where permitted; analyze and improve the Service; detect, prevent, and investigate fraud, abuse, and security incidents; and comply with legal obligations.
Where the GDPR applies, our legal bases are: performance of a contract (providing the Service and managing accounts); legitimate interests (securing and improving the Service, B2B marketing, fraud prevention — balanced against your rights); consent (certain marketing and non-essential cookies, which you may withdraw); and legal obligation (tax, accounting, and compliance).
We use strictly necessary cookies to operate the website and Console (for example, authentication and security). Subject to consent where required, we may use functional and analytics cookies to understand and improve usage.
We share personal data with:
We do not sell personal data, and we do not share it for cross-context behavioral advertising.
We are based in the United States and operate through affiliates including in Hungary. Where we transfer personal data from the EEA, UK, or Switzerland to a country without an adequacy decision, we rely on appropriate safeguards, principally the European Commission’s Standard Contractual Clauses (and the UK Addendum / Swiss addendum as applicable), together with supplementary measures where needed.
We retain personal data only as long as necessary for the purposes described, then delete or anonymize it, except where longer retention is required for legal, accounting, security, or dispute-resolution purposes. Retention of customer-controlled Telemetry processed on a customer’s behalf is governed by the DPA and the customer’s instructions.
We maintain technical and organizational measures designed to protect personal data appropriate to the risk. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. Customers are responsible for security within their own infrastructure as described in the Terms of Service.
Depending on where you are, you may have rights to access, correct, delete, port, restrict, or object to processing of your personal data, and to withdraw consent at any time. You may also lodge a complaint with a supervisory authority — in the EU, your local data protection authority (in Hungary, the NAIH).
To exercise rights, contact privacy@riptides.io. Where we process your data on a customer’s behalf (processor role), we will refer your request to that customer.
The Service is a business product not directed to children and is not intended for anyone under 18. We do not knowingly collect personal data from children.
We may update this Policy. For material changes we will provide notice (for example, by email or a prominent notice) before they take effect and update the “Last updated” date.
Riptides Labs, Inc.
1111B S Governors Ave STE 28385
Dover, DE 19904