Effective April 12, 2026 · Version 1.0
Ryze Labs, LLC ("we", "us", "our") operates Ryze, an AI-powered LinkedIn personal brand platform. This policy explains what personal data we collect, why we process it, how long we keep it, and your rights.
Ryze Labs, LLC is the data controller for personal data processed through Ryze. For questions, contact privacy@ryze.so.
Name, email address, and hashed password provided during registration.
Post content you interact with, comment text generated and selected, post author names, headlines, and company information visible on public LinkedIn posts.
Questionnaire responses, writing samples, and AI-generated voice/brand profiles used to personalize comment generation.
Professional contact information (names, LinkedIn URLs, headlines, companies) for people you engage with through the platform.
Interaction records, sentiment classifications, topic categories, and engagement metrics derived from your commenting activity.
Session tokens and IP addresses for authentication. We do not use analytics cookies, advertising trackers, or third-party tracking scripts.
| Purpose | Lawful Basis |
|---|---|
| Provide the Ryze service | Contract (Art. 6(1)(b)) |
| Personalize AI comment generation | Contract (Art. 6(1)(b)) |
| Per-user engagement analytics and CRM intelligence | Contract (Art. 6(1)(b)) |
| Improve voice models from engagement patterns | Legitimate Interest (Art. 6(1)(f)) |
| Platform analytics and AI model training | Legitimate Interest (Art. 6(1)(f)) |
| Aggregate insights and benchmarking (de-identified) | Legitimate Interest (Art. 6(1)(f)) |
| Account security and authentication | Contract (Art. 6(1)(b)) |
We use conversation data (comment threads, reply exchanges, engagement classifications) to train and improve our AI models and to generate aggregate, de-identified market intelligence such as topic trends, sentiment benchmarks, and buyer intent patterns.
Before data enters the aggregate intelligence layer, it is irreversibly anonymized: all user identifiers, contact names, company names, and personally identifiable details are stripped. The resulting aggregates cannot be traced back to any individual user, conversation, or contact (GDPR Recital 26).
You may opt out of contributing to cross-user aggregate analytics at any time from Settings → Privacy & Data. Opting out does not affect your access to the service or your personal engagement analytics.
We apply a tiered retention model:
| Data category | Retention period |
|---|---|
| Conversation threads (visible) | 7 days to 1 year (user-configured), then hidden from your feed |
| Conversation threads (platform archive) | Up to 3 years for analytics and AI model improvement, then permanently deleted |
| Engagement & contact records | 3 years from creation, then deleted |
| Anonymized aggregate analytics | Indefinite (contains no personal data) |
| Account information | Until account deletion |
When conversation threads expire from your feed, they are archived for platform analytics and AI model improvement. After the archive retention period, engagement statistics are aggregated into anonymized records that cannot be traced back to any individual (GDPR Recital 26), and the original thread data is permanently deleted.
We share personal data with the following processors, all under appropriate data processing agreements:
| Processor | Purpose | Location |
|---|---|---|
| Anthropic | AI comment and voice generation | US |
| OpenAI | AI classification and analysis | US |
| Resend | Transactional email delivery | US |
| Railway | Application and database hosting | US |
| AWS (S3) | File and image storage | US |
| Replicate | Image generation models | US |
Our processors are based in the United States. For transfers of EU personal data, we rely on Standard Contractual Clauses (SCCs) and the EU-US Data Privacy Framework where applicable.
Under GDPR, CCPA/CPRA, and applicable privacy laws you have the right to:
You can exercise your access, export, and deletion rights directly from Settings → Privacy & Data in the app. For other requests, contact privacy@ryze.so. We respond within 30 days.
Ryze uses only strictly necessary cookies: a session authentication token and a UI preference cookie. We do not use analytics, advertising, or third-party tracking cookies. Strictly necessary cookies are exempt from consent requirements under the ePrivacy Directive.
We protect your data with TLS encryption in transit, encrypted database connections, bcrypt-hashed passwords, and role-based access controls. Our infrastructure runs on managed cloud platforms with industry-standard security certifications.
You have the right to lodge a complaint with your local data protection supervisory authority. For EU residents, a list of authorities is available at edpb.europa.eu.
We may update this policy periodically. Material changes will be communicated via email or an in-app notification. The version number and effective date at the top of this page indicate the current version.