Privacy Policy
Last updated: January 2026
1. Introduction
RivalHound ("we," "our," "us," or the "Company") is committed to protecting your privacy and ensuring you understand how your personal data is collected, used, and protected. This Privacy Policy explains our data practices when you use our AI search visibility monitoring platform and related services (collectively, the "Service").
RivalHound provides a Software-as-a-Service (SaaS) platform that helps businesses monitor how their brands are mentioned and represented across AI-powered search and conversational platforms, including ChatGPT, Google AI, Perplexity, and other emerging AI services. Our platform collects data from these AI platforms on your behalf and analyzes it to provide insights about your brand's AI visibility.
By using our Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our Service. This Privacy Policy should be read alongside our Terms of Service and Cookie Policy.
2. Information We Collect
2.1 Information You Provide Directly
We collect information that you voluntarily provide when using our Service:
- Account Information: When you create an account, we collect your name, email address, and company information. If you use social login (such as Google), we receive basic profile information from that provider.
- Brand and Monitoring Data: Information about brands you wish to monitor, including brand names, company descriptions, domains, keywords, competitor names, and custom monitoring queries you create.
- Payment Information: When you subscribe to a paid plan, payment details are collected and processed directly by our payment processor, Stripe. We receive only limited payment information such as the last four digits of your card, card type, and billing address for our records.
- Communications: When you contact us through our contact form, email, or support channels, we collect the content of your messages along with your contact information.
- Survey and Feedback Data: If you participate in surveys, provide testimonials, or submit feedback, we collect the information you provide.
2.2 Information We Collect Automatically
When you use our Service, we automatically collect certain information:
- Usage Data: Information about how you interact with our platform, including pages visited, features used, buttons clicked, time spent on pages, and navigation patterns.
- Device and Browser Information: Your IP address, browser type and version, operating system, device type, screen resolution, and language preferences.
- Log Data: Server logs that include access times, referring URLs, error logs, and other diagnostic information.
- Performance Data: Information about platform performance, including page load times, errors, and technical issues you may encounter.
- Cookie Data: Information collected through cookies and similar technologies as described in our Cookie Policy.
2.3 Information From Third Parties
We may receive information from third-party sources:
- Authentication Providers: If you sign in using Google or another OAuth provider, we receive your name, email, and profile picture from that service.
- AI Platforms: In the course of providing our monitoring service, we collect data from AI platforms (ChatGPT, Google AI, Perplexity, etc.) about how they respond to queries related to your brand. This data includes AI-generated responses, timestamps, and citation information.
- Payment Processor: Stripe may provide us with transaction information, payment status, and fraud detection signals.
3. How We Use Your Information
We use the information we collect for the following purposes:
3.1 Service Delivery
- Provide, maintain, and improve our AI search monitoring services
- Execute monitoring queries against AI platforms on your behalf
- Analyze AI responses for brand mentions, sentiment, and competitive positioning
- Generate reports, analytics, and insights about your brand's AI visibility
- Send alerts and notifications about significant changes in your brand's AI representation
3.2 Account Management
- Create and manage your user account
- Process payments and manage subscriptions
- Authenticate users and maintain session security
- Provide customer support and respond to inquiries
3.3 Communication
- Send transactional emails (account confirmations, password resets, billing receipts)
- Deliver service-related notifications and updates
- Send marketing communications (with your consent where required)
- Respond to your questions, comments, and support requests
3.4 Improvement and Development
- Analyze usage patterns to improve our platform's functionality and user experience
- Develop new features and services based on user needs
- Conduct research and analytics on aggregate, anonymized data
- Debug and fix technical issues
3.5 Security and Compliance
- Detect, prevent, and address fraud, abuse, and security vulnerabilities
- Enforce our Terms of Service and other policies
- Comply with legal obligations and respond to lawful requests from authorities
- Protect the rights, property, and safety of RivalHound, our users, and the public
4. Legal Basis for Processing (GDPR)
For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process personal data based on the following legal grounds under the General Data Protection Regulation (GDPR):
4.1 Performance of Contract
We process data necessary to fulfill our contractual obligations to you, including providing the monitoring service, managing your account, processing payments, and delivering the features you have subscribed to.
4.2 Legitimate Interests
We process data when it is in our legitimate business interests and such interests are not overridden by your data protection rights. This includes:
- Improving and optimizing our Service
- Understanding how users interact with our platform
- Ensuring platform security and preventing fraud
- Sending service-related communications
- Conducting analytics on aggregated data
4.3 Consent
Where required by law, we obtain your consent before processing personal data. This applies to:
- Marketing communications and promotional emails
- Non-essential cookies and tracking technologies
- Any processing that goes beyond what is necessary for our service
You may withdraw consent at any time by updating your preferences in your account settings, clicking the unsubscribe link in marketing emails, or contacting us directly.
4.4 Legal Obligation
We process data when necessary to comply with legal obligations, such as:
- Tax and accounting requirements
- Responding to valid legal process (subpoenas, court orders)
- Mandatory breach notification requirements
- Regulatory compliance obligations
5. Information Sharing
We do not sell your personal information. We share information only in the following circumstances:
5.1 Service Providers
We share data with trusted third-party service providers who perform services on our behalf. These providers are contractually obligated to protect your information and use it only for the purposes we specify. See Section 6 for a complete list of sub-processors.
5.2 Legal Requirements
We may disclose information when we believe in good faith that disclosure is necessary to:
- Comply with applicable laws, regulations, or legal process
- Respond to valid requests from law enforcement or government agencies
- Protect the rights, property, or safety of RivalHound, our users, or others
- Enforce our Terms of Service and investigate potential violations
- Detect, prevent, or address fraud, security, or technical issues
5.3 Business Transfers
If RivalHound is involved in a merger, acquisition, bankruptcy, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your information.
5.4 With Your Consent
We may share information for other purposes with your explicit consent.
5.5 Aggregated or Anonymized Data
We may share aggregated or anonymized information that cannot reasonably be used to identify you. For example, we may publish statistics about AI platform coverage or industry benchmarks without identifying specific users or brands.
6. Sub-processors and Vendors
We use the following third-party sub-processors to deliver our Service. Each has been evaluated for their security and privacy practices:
| Provider | Purpose | Data Processed | Location |
|---|---|---|---|
| Better Auth | Authentication | Email, name, profile | United States |
| Stripe | Payment processing | Payment info, billing address | United States |
| AWS | Hosting & Cloud Infrastructure | All service data, IP address, logs | United States |
| OpenAI | AI monitoring queries | Brand names, queries | United States |
| AI monitoring queries | Brand names, queries | United States |
We maintain Data Processing Agreements (DPAs) with each sub-processor that include Standard Contractual Clauses where required for international transfers.
7. Data Security
We implement comprehensive security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction:
7.1 Technical Safeguards
- Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher.
- Encryption at Rest: Sensitive data stored in our databases is encrypted using AES-256 encryption.
- Secure Authentication: We use industry-standard authentication protocols, including secure password hashing and optional two-factor authentication.
- Access Controls: We implement role-based access controls to limit employee access to personal data on a need-to-know basis.
- Infrastructure Security: Our infrastructure is hosted on AWS with enterprise-grade security certifications (SOC 2, ISO 27001).
7.2 Organizational Safeguards
- Employee Training: Our team receives regular training on data protection and security best practices.
- Security Policies: We maintain comprehensive security policies and procedures.
- Vendor Assessment: We evaluate the security practices of all third-party vendors before engagement.
- Incident Response: We maintain an incident response plan for addressing potential security events.
7.3 Monitoring and Testing
- Security Monitoring: We continuously monitor our systems for potential security threats.
- Regular Audits: We conduct periodic security assessments and vulnerability testing.
- Logging: We maintain comprehensive logs for security analysis and incident investigation.
While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to implementing industry best practices.
8. Data Breach Notification
In the event of a data breach that affects your personal information, we are committed to transparent and timely notification:
8.1 Our Commitment
- Rapid Response: We will investigate any suspected breach immediately upon discovery.
- 72-Hour Notification: We will notify affected users and relevant supervisory authorities within 72 hours of confirming a breach, as required by GDPR.
- Comprehensive Disclosure: Our notification will include the nature of the breach, categories of data affected, potential consequences, and steps we are taking to address the breach.
- User Guidance: We will provide recommendations for steps you can take to protect yourself.
8.2 Notification Methods
We will notify affected users via email to the address associated with their account. If we cannot reach you by email, we will attempt notification through other available means, including prominent notices on our website.
9. Automated Decision-Making and AI
As an AI monitoring platform, we want to be transparent about how artificial intelligence is used in our Service:
9.1 How We Use AI
- Brand Mention Detection: We use AI algorithms to analyze AI platform responses and detect mentions of your brand and competitors.
- Sentiment Analysis: We employ automated sentiment analysis to categorize brand mentions as positive, negative, or neutral.
- Query Suggestions: We use AI to generate suggested monitoring queries based on your brand information.
- Content Categorization: We automatically categorize monitoring results by topic and query type.
9.2 No Solely Automated Decisions
We do not use automated processing, including profiling, to make decisions that produce legal effects or similarly significantly affect you without human involvement. Our AI features are designed to assist and inform your decision-making, not replace it.
9.3 Your Rights
You have the right to:
- Request human review of any automated analysis
- Understand the logic behind automated processing
- Contest decisions based on automated processing
- Opt out of certain automated features through your account settings
10. Your Rights (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation:
10.1 Right of Access
You have the right to request a copy of the personal data we hold about you. We will provide this information in a commonly used electronic format within 30 days of your request.
10.2 Right to Rectification
You have the right to request that we correct any inaccurate personal data or complete any incomplete data. You can update much of your information directly through your account settings.
10.3 Right to Erasure ("Right to Be Forgotten")
You have the right to request deletion of your personal data in certain circumstances, including when the data is no longer necessary for the purposes for which it was collected or when you withdraw consent.
10.4 Right to Restriction of Processing
You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.
10.5 Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller.
10.6 Right to Object
You have the right to object to processing of your personal data based on our legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.
10.7 Right to Withdraw Consent
Where we rely on your consent to process personal data, you have the right to withdraw that consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
10.8 Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority in the EU member state of your habitual residence, place of work, or place of the alleged infringement if you believe our processing of your personal data violates the GDPR.
To exercise any of these rights, please contact us at privacy@rivalhound.com. We will respond to your request within 30 days.
11. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):
11.1 Right to Know
You have the right to request that we disclose:
- The categories of personal information we have collected about you
- The categories of sources from which we collected personal information
- The business or commercial purpose for collecting personal information
- The categories of third parties with whom we share personal information
- The specific pieces of personal information we have collected about you
11.2 Right to Delete
You have the right to request that we delete personal information we have collected from you, subject to certain exceptions (such as completing a transaction, detecting security incidents, or complying with legal obligations).
11.3 Right to Correct
You have the right to request that we correct inaccurate personal information that we maintain about you.
11.4 Right to Opt-Out of Sale or Sharing
We do not sell your personal information as defined under the CCPA/CPRA. We also do not "share" your personal information for cross-context behavioral advertising purposes.
11.5 Right to Limit Use of Sensitive Personal Information
We do not collect sensitive personal information as defined under the CPRA (such as Social Security numbers, precise geolocation, or genetic data).
11.6 Right to Non-Discrimination
We will not discriminate against you for exercising your privacy rights. We will not deny you services, charge you different prices, or provide a different quality of service because you exercised your rights.
11.7 "Shine the Light" Law
California Civil Code Section 1798.83 permits California residents to request information regarding the disclosure of personal information to third parties for direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.
11.8 How to Submit a Request
California residents may submit a verifiable consumer request to exercise their rights by:
- Emailing us at privacy@rivalhound.com
- Using the contact form on our website
We will verify your identity before fulfilling your request. You may also designate an authorized agent to make a request on your behalf.
12. Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal obligations:
| Data Category | Retention Period | Reason |
|---|---|---|
| Account data | Duration of account + 30 days | Service provision |
| Monitoring data | Duration of account + 30 days | Service provision |
| Billing records | 7 years after transaction | Tax and accounting requirements |
| Analytics data | 26 months | Product improvement |
| Server logs | 90 days | Security and debugging |
| Support communications | 3 years after resolution | Customer support quality |
When you delete your account, we will delete or anonymize your personal data within 30 days, except for data we are required to retain for legal, tax, or regulatory purposes.
13. International Data Transfers
RivalHound is based in the United States, and we process and store data primarily in the United States. If you are located outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States.
13.1 Safeguards for International Transfers
When we transfer personal data from the EEA, UK, or Switzerland to the United States or other countries, we use the following safeguards:
- Standard Contractual Clauses: We enter into EU Standard Contractual Clauses (SCCs) with our sub-processors and data recipients to ensure adequate protection.
- Adequacy Decisions: Where available, we rely on adequacy decisions by the European Commission for countries determined to provide adequate data protection.
- Supplementary Measures: We implement additional technical and organizational measures where necessary to ensure the effectiveness of transfer mechanisms.
13.2 Your Consent
By using our Service, you acknowledge and consent to the transfer of your personal information to the United States and other jurisdictions where we operate. We will always handle your data in accordance with this Privacy Policy and applicable data protection laws.
14. Marketing Communications
14.1 Types of Communications
We may send you the following types of communications:
- Transactional Emails: Account confirmations, password resets, billing receipts, and important service notifications. These are necessary for providing the Service and cannot be opted out of while you maintain an account.
- Service Updates: Information about new features, changes to the Service, and maintenance notifications.
- Marketing Communications: Product announcements, newsletters, promotional offers, and educational content about AI search optimization (requires consent where required by law).
14.2 Your Choices
- Opt-Out: You can unsubscribe from marketing communications at any time by clicking the "unsubscribe" link in any marketing email or by updating your preferences in your account settings.
- Preferences: You can manage your communication preferences in your account dashboard.
- Contact Us: You can also email us at privacy@rivalhound.com to update your preferences.
14.3 Consent
Where required by applicable law (such as in the EEA and Canada), we will obtain your explicit consent before sending marketing communications. We will not send you marketing emails unless you have opted in or we have a legitimate interest to do so (such as with existing customers).
15. Children's Privacy
Our Service is not intended for children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children under these ages.
If we become aware that we have collected personal information from a child under the applicable minimum age without parental consent, we will take steps to delete that information as quickly as possible. If you believe that we may have collected information from a child, please contact us immediately at privacy@rivalhound.com.
16. Data Protection Contact
For all privacy-related inquiries, including questions about this policy or requests to exercise your rights, please contact our Data Protection team:
- Email: privacy@rivalhound.com
- Response Time: We aim to respond to all privacy inquiries within 30 days.
When contacting us about privacy matters, please provide sufficient information to help us identify you and understand your request. For security purposes, we may need to verify your identity before processing certain requests.
17. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
17.1 Notification of Changes
- Material Changes: For significant changes that materially affect how we handle your personal information, we will notify you by email (sent to the email address associated with your account) at least 30 days before the changes take effect.
- Website Notice: We will also post a prominent notice on our website indicating that the policy has been updated.
- Minor Changes: For non-material changes, we will update the "Last Updated" date at the top of this policy.
17.2 Review
We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes indicates your acceptance of the updated policy.
18. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:
- Privacy Inquiries: privacy@rivalhound.com
- General Contact: rivalhound.com/contact
For more information about our terms of service, please see our Terms of Service. For information about cookies and tracking technologies, please see our Cookie Policy.