RIFF PRIVACY POLICY


Last updated: [December 2025]


Riff Financial Ltd (“Riff”, “we”, “us” or “our”) is committed to protecting your privacy and handling your personal information responsibly and transparently.


This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website (www.riffagent.ai

), join our waitlist, or interact with us.


If you have any questions, you can contact us at: oliver.butcher@riff-fin.com


1. Who we are


Riff Financial Ltd

Registered in England & Wales

Trading name: Riff

Registered address: Flat 6, King Stable Street, Eton, Windsor, SL4 6SA

Email: oliver.butcher@riff-fin.com


For the purposes of UK GDPR, we are the data controller of your personal data.


2. What data we collect


We may collect the following categories of personal data when you use our website or join our waitlist:


Information you provide directly

Name

Email address

Any information you submit through forms (e.g., waitlist opt-in)

Information collected automatically

Through cookies and analytics tools (e.g., Google Analytics):

IP address and approximate location

Device type and browser

Pages visited and time spent

Clicks, scrolls, and website interactions

Referring website or URL

Information from communications


If you contact us directly, we collect:


Email contents

Attached documents

Metadata (time, date, sender)


3. How we use your data


We use your personal data for the following purposes:


To provide and improve our website

Analyse usage patterns

Improve functionality, design, and user experience

To manage our waitlist and communicate with you

Email updates about product development

Respond to enquiries

Send optional marketing updates (only if you consent)

For security and compliance

Detect and prevent fraud or misuse

Comply with legal/regulatory obligations


4. Lawful bases for processing


Under UK GDPR, our lawful bases are:


Consent

For sending marketing emails, newsletters, and waitlist updates.


Legitimate Interests

For:

Website analytics

Site security

Understanding user behaviour to improve the product

These interests are balanced against your privacy rights.


Legal Obligation

For complying with applicable UK laws.


5. Cookies and tracking technologies


We use cookies to make our website function properly and to understand how visitors use it.


Types of cookies we use


Strictly necessary cookies

Essential for site functionality. These do not require consent.


Analytics cookies (e.g., Google Analytics)

Used to understand how users interact with the website.


Google Analytics may collect:


IP address (anonymised by default)


Device & browser information


User interactions (clicks, scrolls, time on page)


You can withdraw consent at any time (see Section 11).


For more details about how Google uses your data, visit:

https://policies.google.com/technologies/partner-sites


6. Who we share your data with


We may share personal data with trusted third-party service providers, including:


Google Analytics (website analytics)


Framer (website hosting)


Email delivery platforms (if used for emailing updates)


All providers are required to keep your information secure and comply with UK GDPR.


We do not sell your personal data and do not share it with advertisers.


7. International data transfers


Some service providers (e.g., Google) may process data outside the UK.

When this occurs, we ensure appropriate safeguards are in place, such as:


UK-approved Standard Contractual Clauses (SCCs)


Adequacy decisions issued by the UK government


8. How long we keep your data


We keep your data only for as long as necessary:


Waitlist data: until you unsubscribe or ask us to delete it


Analytics data: typically 14–26 months (Google Analytics default retention)


Emails: retained as long as reasonably required for business or legal reasons


9. Your rights under UK GDPR


You have the right to:


Access your data


Correct inaccurate data


Delete your data (“right to be forgotten”)


Object to processing based on legitimate interest


Withdraw consent for marketing at any time


Request data portability


To exercise your rights, email oliver.butcher@riff-fin.com


10. Marketing preferences


If you join our waitlist, you may receive email updates about Riff.

You can opt out at any time using the unsubscribe link or by contacting us.


11. Withdrawing cookie consent


You can:


Adjust your browser settings to block cookies


Delete existing cookies


Use third-party cookie control tools


Withdraw consent through any cookie banner we deploy


Note: blocking cookies may affect site performance.


12. How we protect your data


We take appropriate technical and organisational measures to protect your data, including:


Encryption


Secure hosting


Access controls


Audit and monitoring procedures


13. Changes to this policy


We may update this Privacy Policy occasionally.

The “Last Updated” date will always indicate the current version.


14. How to complain


If you have concerns, please contact us first at:

oliver.butcher@riff-fin.com


If you are not satisfied, you can contact the UK Information Commissioner’s Office (ICO):

https://ico.org.uk/make-a-complaint/