Privacy Policy

Important information to know about using Rivo
Legal
Legal Overview
Terms of Service
Privacy Policy
Data Processing Addendum (DPA)
Data Subject Access Request (DSAR)
GDPR Compliance
Last updated:
February 21, 2025

Last Updated and Effective: 2/21/2025

1. Who Is Collecting Your Personal Data?

Rivo Commerce, Inc. (“Rivo”, “Company,” “us,” “we,” or “our”) offers and maintains the website(s) located at www.rivo.io, including all subdomains and subparts, as well as our social media accounts on Facebook, LinkedIn, and other platforms (collectively, the “Site”). This Privacy Policy explains how we process and use your personal information (“Personal Data”) when you interact with the Site and interact with us offline. Please take time to read this Privacy Policy carefully. Please also review our Terms of Use.

BY SUBMITTING DATA TO US WHEN YOU INTERACT WITH OUR SITE, YOU EXPRESSLY AGREE TO THE COLLECTION, USE, DISCLOSURE, RETENTION, AND DESTRUCTION OF YOUR PERSONAL DATA SUBMITTED TO US IN ACCORDANCE WITH THIS PRIVACY POLICY AND OUR TERMS OF USE.  

2. Notice at Collection: What Personal Data Do We Collect?

We collect the following categories of Personal Data:

  • Personal identifiers: name, email address, job title and/or company name, company industry, mailing or billing address, telephone number(s), social media handle(s), Internet Protocol (“IP”) address, and the contents of your email communications, social media messages or posts, consultations, and live chats with us
  • Internet or other electronic activity information (or “Log Data”): your device or browser type and version; your browsing and search history on our Site; information on how you came to our Site; and information regarding your interactions with our Site and advertisements, including the dates and times of your visits, the pages you viewed, and the time spent on our Site; and communications metadata (e.g., the time/date an email message was sent or received)
  • Geolocation data: your IP address and approximate geolocation, such as your postal code or city/state
  • Inferences drawn from Personal Data we collect

3. Notice at Collection: How Do We Use Your Personal Data?

We collect the categories of Personal Data identified for the following purposes:

Categories of Personal Data Purposes for Collection
Personal identifiers: name, email address, job title, phone number, etc. To provide you with information about our business, products, and services.
Personal identifiers: name, email address, job title, phone number, etc. To advise you about products, services, offers, promotions, and events.
Personal identifiers: name, email address, job title, phone number, etc. To monitor or improve our Site’s content and functionality.
Personal identifiers: name, email address, mailing address, job title, phone number, etc. To detect unauthorized activities on our Site; to ensure security.
Personal identifiers: name, email address, job title, phone number, etc. To engage in business transactions with the entity you represent.

4. Notice at Collection: Sources From Which We Collect Personal Data

We collect Personal Data directly from our customers, website users, or representatives of entities with which we do business or may do business.

5. Notice at Collection: Categories of Personal Data We Sell or Share or Use for Targeted Advertising

We allow certain online advertising partners to collect information about you through cookies, trackers and other technologies which they use to deliver targeted advertisements and assist us with advertising-related analytics. While we do not “sell” Personal Data for money, our advertising activities may be considered as “selling” or “sharing” or “use for targeted advertising” under certain laws. Therefore, we may sell or share for cross-context behavioral advertising or targeted advertising the following categories of Personal Data:

  • Personal identifiers (including IP address);
  • Internet or other electronic activity information including use of our website and Log Data.

For more information about the use of our cookies and other tracking technologies, see the section “How Do We Use Cookies?” below.

We do not sell or share for cross-context behavioral advertising or targeted advertising purposes any of the other categories of Personal Data we collect.

No Profiling to Facilitate Decisions with Legal or Other Significant Risks

We do not engage in the automated processing of Personal Data to create profiles about individuals that are used in furtherance of decisions with legal or other similarly significant effects, such as the provision or denial of financial or lending services, housing, insurance, or access to essential goods or services.

6. Notice at Collection: How Long Will We Keep Your Personal Data

We will retain your Personal Data as long as necessary to carry out the function for which you provided it to us, including but not limited to comply with legal obligations or to protect our legal rights. You may close your account, unsubscribe from our emails, and otherwise limit our use of your Personal Data by contacting us. However, unless you also request deletion of your Personal Data, we may retain it for an additional period as is permitted or required under applicable laws. Even if we delete your Personal Data, it may persist on backup or archival media for an additional period

7. How Do We Disclose Your Personal Data?

The following chart describes the categories of Personal Data we disclose for business purposes:

Categories of Personal Data Categories of Entities for Business Purposes
Personal identifiers: name, email address, job title, phone number, etc. Service providers that verify possible and current interactions.
Internet or other electronic activity information: browsing history, interactions with our site. Service providers that provide security services.
Geolocation data: your IP address and approximate location. Service providers that provide store locator services.
Inferences drawn from Personal Data collected. Service providers that provide security services.

Business Purposes for Such Disclosures

We disclosed the aforementioned categories of Personal Data to the categories of third parties identified above for the following purposes: verify customer information, manage customer information; provide customer service (including through our call center and chat features); provide store locator services; facilitate email communications; provide security services and cloud-based data storage; host our website and assist with other IT-related functions; advertise and market our products; provide analytics information; prevent fraud and other illegal activities; and provide legal and accounting services.


Additional Information About We May Disclose Personal Data and Purposes for Disclosures

For purposes consistent with this Privacy Policy, we may also disclose your Personal Data with our parent companies, subsidiaries and/or affiliates for the purposes identified above or as required or permitted by law to comply with a subpoena or similar legal process or government request, or when we believe in good faith that disclosure is legally required or otherwise necessary to protect our rights and property or the rights, property or safety of others, including to law enforcement agencies, and judicial and regulatory authorities. We may also disclose your Personal Data to third parties to help detect and protect against fraud or data security vulnerabilities. And we may disclose or transfer your Personal Data to a third party in the event of an actual or potential sale, merger, reorganization of our entity or other restructuring.


8. Legal Basis for Processing Personal Data Under General Data Protection Regulation

If you are from the European Economic Area (“EEA”), or other jurisdictions in which substantially similar laws apply, such as the UK, Rivo’s legal basis for collecting and using the personal data as described in this Privacy Policy depends on the type of personal data Rivo collects and the context in which it collects it.

The categories of personal data Rivo collects and the legal basis for its processing are set out below:

Personal Data Legal Basis for Processing
Name, Contact Information, including email address, job title, phone number, etc. Pursuant to GDPR Article 6(1)(a) + (f), the data is processed based on legitimate interests and consent.

Contact Information such as emails and other forms of digital communication may also be processed to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. Pursuant to GDPR Article 6(1)(a), Rivo will acquire your consent prior to processing Contact Information.

We may also process your personal data for additional reasons as they become apparent to comply with the law, or if it is in Rivo’s legitimate interests so long as that interest is not overridden by your rights. This can include but is not limited to protecting the Services and you against illegal activity, inappropriate behavior and actions that violate Rivo’s Terms.

9. European Users and Residents of the European Economic Area and the United Kingdom

If you are a resident of the EEA, you have certain rights regarding your personal data. These rights include:

  • A Right of Access. You have the right to access personal data that we hold about you free of charge in most circumstances;
  • A Right to Rectification. If your personal data is inaccurate or incomplete, you can change the information you provided by changing the personal data yourself on the Service, through third-party services or by contacting Rivo using the e-mail contact listed herein;
  • A Right to Erasure. You have the right to obtain deletion of personal data under most circumstances. In most cases, you may simply request the deletion by using the contact information found below. Please be careful as deletion of data in this manner is permanent and the data cannot be recovered;
  • A Right to Object. If the processing of personal data is based on legitimate interests according to Article 6(1)(f) of the GDPR or by consent according to Article 6(1)(a) of the GDPR, you have the right to object to this processing. If you object, we will no longer process your personal data unless there are compelling and prevailing legitimate grounds for the processing as described in Article 21 of the GDPR; in particular, if the personal data is necessary for the establishment, exercise or defense of legal claims or if personal data is required for the provision of the Service and you still wish to use the Service;
  • A Right to file a Complaint. You have the right to file a complaint with the appropriate supervisory authority in your jurisdiction;
  • A Right to Restriction of Processing of your Personal Data. You have the right to obtain restrictions on the processing of your personal data as described in Article 18 of the GDPR;
  • A Right to Personal Data Portability. You have the right to receive your personal data in a structured, commonly used and machine-readable format and have the right to transmit such data to another controller under the conditions described in Article 20 of the GDPR;
  • A Right to Post-Mortem Control of Your Personal Data. Certain jurisdictions grant post-mortem controls of your personal data and if such rights are applicable in your jurisdiction, you may have the right to establish guidelines for the preservation, the deletion and the transmission of your personal data after your death through a will or through your estate; and
  • A Right to Opt-out of Marketing Communications. You have the right to opt-out of marketing communications we send you at any time. If you receive any marketing e-mails from us, you can exercise your right to stop such communications by clicking on the “unsubscribe” or “opt-out” link on any marketing e-mails Rivo sends you. To opt-out of other forms of marketing, please contact us using the contact details provided below;

Note also that other people, including UK residents, have similar rights as EEA residents and the rights described in this section also apply to UK residents, and many other people located in other jurisdictions around the world, pursuant to substantially similar laws.

10. Obtaining, Rectifying and Controlling Personal Data for EEA Residents and the United Kingdom

You may contact Rivo to obtain a copy of any personal data we collect, the production of which may be subject to a fee as permitted by applicable law. In addition, you may contact Rivo to correct inaccurate personal data or to complete incomplete personal data.


You may be able to opt-out of some or all of the ways in which personal data is processed, or request the deletion of certain personal data, except where the personal data is necessary or vital for:

  • the performance of contractual obligations, such as our Terms or certain other legal obligations;
  • protecting your interests or those of another person; and
  • our legitimate interests or the legitimate interests of a third-party.

To request to review, update or delete personal data, please fill and submit a data subject access request or contact us using the contact information found below.

11. Notice of Financial Incentive

We may offer you financial incentives, including discounts, for providing Personal Data to us.

When we offer financial incentives to you, we believe that the value of the differing pricing or services you will receive exceeds the cost of providing your Personal Data. Your participation in these programs is completely optional and subject to the terms provided to you at the time you sign up. You can opt-out of such program at any time by unsubscribing from future promotional emails, contacting us via email at privacy@rivo.io

12. Opt-Out of Email Communications

We may use your Personal Data to send advertisements, marketing promotions, offers and marketing surveys via email.  To stop receiving future email communications from us, you can follow the instructions set forth at the bottom of our promotional emails to unsubscribe.

13. Third Party Websites

Our Site (or emails) may contain links to third-party websites, including social media buttons that link to social media platforms. This Privacy Policy does not govern how those third parties or social media platforms collect or use personal information and we do not endorse nor responsible for the policies and practices employed by, or the content of, third-party websites or social media platforms. We suggest contacting those sites directly for information about their privacy policies and practices.

14. How We Secure Your Personal Data

We secure your Personal Data by: keeping Personal Data up to date; storing and destroying it securely; not collecting or retaining excessive amounts of data; protecting Personal Data from loss, misuse, unauthorized access and disclosure, alteration, and destruction; and ensuring that appropriate technical measures are in place to protect Personal Data. However, no network, server, database, or Internet or e-mail transmission, is ever fully secure or error free. Therefore, you should take special care in deciding what Personal Data you send to us electronically. For more information on the security of your Personal Data, please reference our Terms of Use.

15. How Do We Use Cookies?

What Are Cookies?

We may use cookies, pixel tags, web beacons and other similar tracking technologies (“tracking technologies”) to automatically collect information through our Site. Tracking technologies are small data files placed on your computer, tablet, mobile phones or other devices that record certain pieces of information when you visit our Site. We may use these tracking technologies to help identify irregular behavior, prevent fraudulent activity, improve security, simplify your subsequent interactions with the Site, save your preferences for a better user experience, and help us understand how you interact with our Site.

We also allow third parties (including Google, Meta, and LinkedIn) to use third party cookies, web beacons, and other storage technologies to collect or receive information about how you interact with our Site and elsewhere on the Internet and use that information to provide analytics and other measurements services, and to deliver and target advertisements that are tailored to you. Third parties may also use some of these technologies to assist us in determining if you require assistance or are having problems navigating on our Site, and this may include technologies that record your interactions with the Site, including without limitation, your keystrokes, mouse clicks, screen touches, and information about when, how and from where you accessed our Site.

How You Can Manage Cookies

You may set your browser to notify you when you receive a cookie. Many web browsers also allow you to block cookies. You can disable cookies from your computer system by following the instructions on your browser or at www.youradchoices.com. Note that if you disable, delete, or refuse to accept cookies, you may not be able to use some features of the Site and/or some of our pages might not display properly.

We use Google Analytics to evaluate the use of our Site. Google Analytics uses cookies and other identifiers to collect information, such as how often users visit our Site, what pages they visit when they do so, and what other websites they visited prior to visiting our Site. We may also use Google Ads Remarketing, including the Google Display Network, to deliver focused online behavioral advertisements to you both on and off the Site. For information, about Google’s privacy practices, please refer to the Google Privacy Policy: https://policies.google.com/privacy?hl=en-US#infocollect.

Do Not Track (DNT) is an optional browser setting that allows you to express your preferences regarding tracking by advertisers and other third-parties. We do not currently respond to DNT signals.

16. What Data Is Not Covered By The Privacy Policy?

The Privacy Policy does not apply to the following categories of personal data:

  • Non-Personally Identifiable Data: Any non-personally identifiable data we collect, including, without limitation, Log Data, domain names of your Internet Service Provider, your approximate geographic location, a record of your usage of the Site, the time of your usage, and aggregated personally identifiable information, but only to the extent the foregoing cannot be used to specifically identify you.
  • Aggregated Personal Data: Any aggregated Personal Data that can no longer be used to identify you will be treated as non-personally identifiable data under this Privacy Policy.

17. Minors

We do not knowingly collect, sell or share for purposes of behavioral advertising any Personal Data from children under the age of 16, nor do we target our emails, products or services to them. Minors should not submit any Personal Data through the Site. If you believe a child under the age of eighteen (18) may have provided Personal Data to us through the Site, please contact us at privacy@rivo.io, and we will use reasonable efforts to delete it from the Site and our files.

18. Data Storage and Retention

While Rivo is a United States based company, the data provided through the Service may be stored and processed by third parties in countries around the world. You authorize Rivo and third parties acting on our behalf to process your data in any country of their choosing, which may cause your data, including personal data, to be subject to privacy protections and legal rights that may not be equivalent to those in your country.

We have implemented measures to protect your personal data, including by using the European Commission’s Standard Contractual Clauses for transfers of personal data between our group companies and between us and our third-party providers and partners. These clauses require all recipients to protect all personal data that they process originating from the EEA, UK or Switzerland in accordance with European data protection laws and regulations. Our Standard Contractual Clauses and further details can be provided upon request.

Rivo will only keep your personal data and/or business information for as long as it is necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required or permitted by law.

Upon your request to terminate your account, we will deactivate or delete your account and information from our databases. However, we may retain some information to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms and/or comply with applicable legal requirements.

When we have no ongoing legitimate business need to process your personal data, we will promptly delete or anonymize any other personal data and confidential information Rivo has on file, in line with our legal obligations. Where deleting or anonymizing your personal data is not possible, Rivo will securely store your personal data and isolate it from any further processing until deletion is possible. Any personal data that has been requested to be deleted or anonymized and is stored on a data backup will be held only temporarily and automatically purged after set expiration periods. Please email privacy@rivo.io to request deletion of any personal data of yours that Rivo holds.

19. Change of Ownership or Business Transition

In the event of, or in preparation for, a change of ownership or control of Rivo or a business transition such as the sale of some or all Rivo’s assets, we may disclose and/or transfer your personal data to third parties who will have the right to continue to collect and use such data in the manner set forth in this Privacy Policy.

20. Security of Site


We are committed to ensuring that your data is secure. To prevent unauthorized access, disclosure, or breach, we have put in place suitable physical, electronic, and administrative procedures to safeguard and secure the data we collect and process. Despite our safeguards and security, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal or modify your information. Transmission of personal data to and from Rivo is at your own risk. You should only access the Site within a secure environment.

21. What If We Change This Privacy Policy?

We may occasionally make changes to this Privacy Policy from time to time. If changes are made, we will update the Privacy Policy and reflect the date of such modification in the date noted above. If the changes are material (e.g., using your Personal Data for a new purpose not covered by this Privacy Policy), you will be notified via a notice on our Site.

22. How Can I Contact You?

If you have any questions about this Privacy Policy, our practices, or your dealings with us, or to exercise any and all of your rights or to request this Privacy Policy in another format, please contact us at privacy@rivo.io.