Skip to main content

Privacy policy

Your privacy is critically important to us. At riok, we have a few fundamental principles:

  • We try to collect as little personal information as possible.
  • We aim for full transparency on how we gather, use, and share your personal information.
  • We are thoughtful about the personal information we ask you to provide and the personal information that we collect about you through the operation of our services.
  • We store personal information for only as long as we have a reason to keep it.

Below is our Privacy Policy, which incorporates and clarifies these principles.

Who We Are and What This Policy Covers

This Privacy Policy applies to information that we collect about you when you use:

  • Our websites;
  • Our applications (for example the Kreya app);
  • Our other products, services, and features that are available on or through our websites.

Throughout this Privacy Policy we’ll refer to our websites, applications, and other products and services collectively as “Services.”

This Privacy Policy is based on the Automattic Privacy Policy and available under a Creative Commons Sharealike license. You’re more than welcome to copy it, adapt it, and repurpose it for your own use. Just make sure to revise the language so that your policy reflects your actual practices. If you do use it, we’d appreciate a credit and link to us somewhere on your site.

Information We Collect

We only collect information about you if we have a reason to do so — for example, to provide our Services, to communicate with you, or to make our Services better.

We collect this information from three sources: if and when you provide information to us, automatically through operating our Services, and from outside sources. Let’s go over the information that we collect.

Information You Provide to Us

It’s probably no surprise that we collect information that you provide to us directly. Here are some examples:

  • Basic account information: We ask for basic information from you in order to set up your account. For example, we require individuals who sign up for a Kreya account to provide an email address and password (if no third-party login is used), along with a username or name — and that’s it.
  • Payment and information: Payments are handled via Stripe, expect for customers who subscribed before April 2023, in which case Paddle is used. We do not store payment data ourselves (eg. credit card information). Only data such as the next payment date, the amount and currency of the next payment and similar, non-personal information is stored on our side.
  • Business Profile: Some of our products collect additional information from you as part of creating a user/customer profile. For example, when signing up for an enterprise plan, you may enter more information about your company.
  • Communications with us: You may also provide us with information when you respond to surveys, communicate with us about a support question or post a question in our public forums. When you communicate with us via email, public forum comment, or otherwise, we may store a copy of our communications.

Information We Collect Automatically

We also collect some information automatically:

  • Log information: Like most online service providers, we collect information that web browsers typically make available, including the browser type, language preference, the date and time of access. We collect log information when you use our Services — for example, when you create or make changes to your Kreya account.
  • Transactional information: When you make a purchase through our Services, we collect information about the transaction, such as product details, purchase price, and the date and location of the transaction.
  • Telemetry data: We collect anonymized telemetry data in our Kreya app. For more details, read our telemetry documentation.

Information We Collect from Other Sources

We may also get information about you from other sources. For example:

  • Third Party Login: If you create or log in to your Kreya account through another service (like GitHub) we’ll receive associated login information (e.g. a connection token, your username, your email address)

The information we receive depends on which services you use or authorize and what options are available.

How and Why We Use Information

Purposes for Using Information

We use information about you for the purposes listed below:

  • To provide our Services. For example, to set up and maintain your account, provide customer service, process payments and orders, and verify user information.
  • To ensure quality, maintain safety, and improve our Services. For example, by providing automatic upgrades and new versions of our Services. Or, for example, by monitoring and analyzing how users interact with our Services so we can create new features that we think our users will enjoy and that will help them create and manage websites more efficiently or make our Services easier to use.
  • To protect our Services, our users, and the public. For example, by detecting security incidents; detecting and protecting against malicious, deceptive, fraudulent, or illegal activity; fighting spam; complying with our legal obligations; and protecting the rights and property of riok and others, which may result in us, for example, declining a transaction or terminating Services.
  • To fix problems with our Services. For example, by monitoring, debugging, repairing, and preventing issues.
  • To communicate with you. For example, by emailing you to ask for your feedback, share tips for getting the most out of our products, or keep you up to date on Kreya; texting you to verify your payment; or calling you to share offers and promotions that we think will be of interest to you. If you don’t want to hear from us, you can opt out of marketing communications at any time. (If you opt out, we’ll still send you important updates relating to your account.)

A note here for those in the European Union about our legal grounds for processing information about you under EU data protection laws, which is that our use of your information is based on the grounds that:

(1) The use is necessary in order to fulfill our commitments to you under the applicable terms of service or other agreements with you or is necessary to administer your account — for example, in order to enable access to our website on your device or charge you for a paid plan; or

(2) The use is necessary for compliance with a legal obligation; or

(3) The use is necessary in order to protect your vital interests or those of another person; or

(4) We have a legitimate interest in using your information — for example, to provide and update our Services; to improve our Services so that we can offer you an even better user experience; to safeguard our Services; to communicate with you; to measure, gauge, and improve the effectiveness of our advertising; and to understand our user retention and attrition; to monitor and prevent any problems with our Services; and to personalize your experience; or

(5) You have given us your consent

Sharing Information

Disclosure to third parties

We share specific information with third parties, which are listed here.

  • Beam Analytics: Beam Analytics is a privacy-friendly web analytics tool. It collects anonymous website usage data.
  • Stripe: We use Stripe as our default payment processor. All personal payment information (for example, your credit card number) is only processed on the Stripe side. We do not receive or have access to your payment information.
  • Paddle: Customers who subscribed before April 2023 use Paddle as the payment processor. All personal payment information (for example, your credit card number) is only processed on the Paddle side. We do not receive or have access to your payment information.
  • Mixpanel: Mixpanel is used for storing and analysing the anonymous telemetry data.
  • Some of our infrastructure runs on receives information that web browsers typically make available, such as your IP address. Our services are deployed in Frankfurt, Germany.
  • Cloudflare: We use Cloudflare as our CDN. Cloudflare receives information that web browsers typically make available, such as your IP address.
  • Google Cloud: Some of our infrastructure runs on Google Cloud. Our services are deployed in Frankfurt, Germany.
  • Postmark: We use Postmark for sending emails. They receive all information necessary for sending an email, such as your email address.
  • Chatwoot: Chatwoot is used as our customer feedback tool. They collect basic non-personally-identifying information from Website visitors and all information you provide through their tools.

As for infrastructure services such as Google Cloud or Cloudflare, we do not voluntarily share information about you with them. Rather, they receive information about you when you access their services (which is the case because we rely on these infrastructure services).

How We Share Information

We share information about you in limited circumstances, and with appropriate safeguards on your privacy.

  • Third-party vendors: We may share information about you with third-party vendors who need the information in order to provide their services to us, or to provide their services to you or your site. This includes vendors that help us provide our Services to you (like Stripe, our payment provider, cloud storage services, email delivery services that help us stay in touch with you, customer chat and email support services that help us communicate with you); those that help us understand and enhance our Services (like Mixpanel, our analytics provider); those that make tools to help us run our operations (like programs that help us with task management, scheduling, word processing, email and other communications, and collaboration among our teams) and other third-party tools that help us manage operations.
  • Legal and regulatory requirements: We may disclose information about you in response to a subpoena, court order, or other governmental request.
  • To protect rights, property, and others: We may disclose information about you when we believe in good faith that disclosure is reasonably necessary to protect the property or rights of riok, third parties, or the public at large. For example, if we have a good faith belief that there is an imminent danger of death or serious physical injury, we may disclose information related to the emergency without delay.
  • Business transfers: In connection with any merger, sale of company assets, or acquisition of all or a portion of our business by another company, or in the event that riok goes out of business or enters bankruptcy, user information would likely be one of the assets that is transferred or acquired by a third party. If any of these events were to happen, this Privacy Policy would continue to apply to your information and the party receiving your information may continue to use your information, but only consistent with this Privacy Policy.
  • With your consent: We may share and disclose information with your consent or at your direction. For example, we may share your information with third parties when you authorize us to do so.
  • Aggregated or de-identified information: We may share information that has been aggregated or de-identified, so that it can no longer reasonably be used to identify you. For instance, we may publish aggregate statistics about the use of our Services.
  • Published support requests: If you send us a request for assistance (for example, via a GitHub, email or one of our other feedback mechanisms), we reserve the right to publish that request in order to clarify or respond to your request, or to help us support other users.

We have a policy that we do not and will never sell our users’ data. We aren’t a data broker, we don’t sell your personal information to data brokers, and we don’t sell your information to other companies that want to spam you with marketing emails.

How Long We Keep Information

We generally discard information about you when it’s no longer needed for the purposes for which we collect and use it — described in the section above on How and Why We Use Information — and we’re not legally required to keep it.


While no online service is 100% secure, we work very hard to protect information about you against unauthorized access, use, alteration, or destruction, and take reasonable measures to do so. We monitor our Services for potential vulnerabilities and attacks.

Responsible Companies

The responsible party for the data processing described in this privacy policy is riok GmbH in Switzerland. You can reach us at [email protected].

Privacy Policy Changes

Although most changes are likely to be minor, we may change our Privacy Policy from time to time. We encourage visitors to frequently check this page for any changes to its Privacy Policy. If we make changes, we will notify you by revising the change log below, and, in some cases, we may provide additional notice (like adding a statement to our blog or sending you a notification through email). Your further use of the Services after a change to our Privacy Policy will be subject to the updated policy.


Our Privacy Policy was originally written in English. We may translate it into other languages. In the event of a conflict between a translated version of our Privacy Policy and the English version, the English version will control.


May 03, 2024

  • Added Beam Analytics to third parties

April 13, 2023

  • Removed from third parties
  • Removed Plausible from third parties
  • Removed GitLab from third parties
  • Added Stripe as third party
  • Added as third party
  • Added location to Google Cloud

April 27, 2022

Original version