rizen
PRIVACY POLICY · EST. MMXXVI

Privacy policy.

EFFECTIVE — 10 MAY 2026

This policy describes what data Resonance Logic, LLC, which operates Rizen (“Rizen,” “we,” “us”), collects, why we collect it, the legal basis on which we process it, and the rights you have. It applies to rizenhq.com and the Rizen apps. If anything here is unclear or you’d like to exercise any of the rights below, write to press@rizenhq.com.

Data controller

The controller responsible for your personal data is Resonance Logic, LLC, a Delaware limited liability company (United States). All privacy enquiries — including data-subject requests under GDPR, UK GDPR, or CCPA/CPRA — should be addressed to press@rizenhq.com.

What we collect

  • Email address. When you join the waitlist or buy a Rizen Patronage, we store your email so we can write to you.
  • Product interests. The chips you select on the waitlist form, so we know which apps to tell you about first.
  • Payment metadata. For paid Patronages: the tier purchased, the amount, the date, and a Stripe-issued payment identifier. We never see card numbers — Stripe handles that and stores them under their own compliance.
  • Colophon name (Tier IV only). The public name you elect to set into the Patrons of the Press list.
  • Server logs. Anonymised request metadata (IP, user agent, timestamp) used for rate-limiting and operational triage. Retained no longer than 30 days.

Legal bases for processing (GDPR / UK GDPR)

  • Performance of a contract (Art. 6(1)(b)) — processing your email and payment metadata to fulfil a Patronage you have purchased.
  • Consent(Art. 6(1)(a)) — for the waitlist, so we can write to you about apps you said you wanted to hear about. You can withdraw consent at any time; see “Your rights” below.
  • Legitimate interests(Art. 6(1)(f)) — for keeping the service available and secure (rate-limiting, fraud detection); for cookieless, anonymous audience and performance measurement (see “Cookies and similar technologies” below; you may object at any time); and for retaining records needed for accounting and tax compliance.

How we use it

  • To operate the service (process a Patronage, send a receipt, respect a refund).
  • To write to you when a Rizen app reaches readiness, if you’ve indicated interest.
  • To keep the service available and prevent abuse (rate-limiting, fraud detection).

We do not sell or rent your personal data, and we do not share it with third parties for advertising or cross-context behavioural marketing as those terms are defined under CCPA/CPRA. We do not run advertising on the site.

Cookies and similar technologies

We try to keep the surface here small. We do not run advertising, we do not set marketing cookies, and we do not share data with third parties for behavioural targeting.

  • Strictly necessary. A small localStorageentry remembering your privacy preference; cookies set by Stripe’s embedded checkout when you proceed to payment, used for fraud prevention and to make the payment work. These do not require consent under ePrivacy / PECR.
  • Cookieless audience & performance measurement (no consent required; you may object). We load Vercel Analytics and Vercel Speed Insights on every page. Both products are cookielessand do not write to your device’s storage. They produce aggregate, per-site counts and Core Web Vitals; the only visitor identifier is a daily-rotating SHA-256 hash of your IP, user-agent, and the site’s hostname, which cannot be used to identify you, cannot be linked to other sites, and resets every 24 hours. There is no advertising, no cross-site tracking, no behavioural profile, and no sale of data. We rely on this under the audience-measurement guidance issued by the CNIL and the UK ICO and on our legitimate interests (Art. 6(1)(f) GDPR) in understanding and improving the service.

You can object at any time and we will stop loading these scripts on subsequent page views from your browser: . You can also send a Do Not Track or Sec-GPC signal from your browser, which we honour.

Processors and international transfers

We rely on the following sub-processors. Each operates under its own data-processing terms, and personal data may be transferred to and processed in the United States or other jurisdictions outside the EEA / UK. Where transfers occur, they are made under the European Commission’s Standard Contractual Clauses (SCCs) and, for transfers to the United States, the EU–US Data Privacy Framework where the recipient is certified, plus any supplementary measures the recipient publishes.

  • Stripe Payments Europe, Ltd. / Stripe, Inc. — payment processing. Card data, billing details, fraud signals. Stripe’s privacy policy: stripe.com/privacy.
  • Supabase, Inc. — database hosting (waitlist emails, patron records). Privacy policy: supabase.com/privacy.
  • Resend, Inc. — transactional email (receipts, refund confirmations). Privacy policy: resend.com/legal/privacy-policy.
  • Vercel, Inc. — site hosting and cookieless audience & performance measurement (Vercel Analytics, Speed Insights). Privacy policy: vercel.com/legal/privacy-policy.

Your rights

You can ask us, at any time, to (a) confirm what data we hold about you, (b) correct it, (c) export it in a machine-readable format, (d) delete it, (e) restrict or object to processing — including objecting to the cookieless audience measurement described above — or (f) withdraw a consent you previously gave (without affecting the lawfulness of processing before the withdrawal). We respond within 30 days. Write to press@rizenhq.com from the email associated with your record.

If you’re in the EU/EEA or UK, you also have the right to lodge a complaint with your local data-protection supervisory authority. If you’re a California resident, you have the rights described in CCPA/CPRA, including the right to know, delete, correct, and limit; we do not sell or share personal information as those terms are defined in CCPA/CPRA, so the “Do Not Sell or Share” right does not apply, but you may still exercise the others by writing to the address above.

Children

Rizen is intended for adults using it in a working-professional context. The service is not directed to children. We do not knowingly collect personal data from anyone under 16 (or, in the United States, under 13). If you believe a child has provided us with personal data, write to press@rizenhq.com and we will delete it.

Retention

Patron records are retained for the lifetime of the patronage and for seven years after refund or program close, as required for accounting and tax. Waitlist records are retained until you ask us to delete them or until 24 months of inactivity. Server logs are retained for up to 30 days.

Changes

If we change this policy materially, we’ll update the effective date above and write to existing patrons. The current version always lives at https://rizenhq.com/privacy.

Contact

Resonance Logic, LLC, Delaware, United States — press@rizenhq.com