← Riplet

Privacy Policy

Effective date: April 30, 2026

Riplet ("we", "our", "us") is a local-first document editor with spreadsheet formulas, operated by an individual ("Riplet") based in the Republic of Korea. This policy explains what data we handle, how we handle it, and your rights. We aim for the shortest honest version of this document.

The short version

  • Without signing in: nothing leaves your device. Your documents live in your browser's local storage. We do not see them.
  • If you sign in (planned cloud sync feature, in development): we receive your basic Google profile and store your documents on our servers so they sync across your devices.
  • We do not sell data and do not show ads. We use privacy-respecting analytics (Google Analytics, Microsoft Clarity) to understand how people use the site and the editor — never to identify you personally.

Who we are

Riplet is operated by an individual developer. Contact: michin1559@gmail.com.

What we collect

Local-only mode (default)

When you use the editor without signing in, your documents are stored in your browser using IndexedDB. They never leave your device. We do not have access to them and we do not run servers that hold them.

If you sign in with Google (cloud sync)

  • Google profile: name, email address, and profile picture URL — provided by Google when you authorize sign-in. We use them to identify your account and display your name in shared contexts.
  • Document content: the text, tables, formulas, and structure of documents you choose to sync. Stored in encrypted transit (HTTPS / WSS) and at rest within our database.
  • Workspace metadata: document titles, tags, links between documents, and similar bookkeeping needed to render your workspace.
  • Session data: when you sign in we create a session stored in our database with login time, IP address, and User-Agent. This is used to keep you signed in and to detect abuse.

Server logs

Our servers automatically log basic technical information for each request — IP address, request path, status code, and timestamp. This is standard operational logging used for debugging and abuse prevention. Logs are retained for a short period and not used for tracking.

Cookies / local storage

We use a minimal session cookie for authentication when you are signed in. We do not use third-party tracking cookies. The editor itself uses your browser's IndexedDB to store documents; this is not shared with us or any third party.

When you are signed in, your local cache is scoped to your account (per-account namespace). If two people sign in to Riplet on the same browser, neither can read the other's cached documents. The sign-out dialog offers an option to delete this device's cached data immediately — recommended on shared or public machines.

How we use your data

  • To run the editor and sync your documents across your devices.
  • To keep you signed in and protect your account.
  • To diagnose problems and prevent abuse.
  • To respond when you contact us.

We do not sell your data. We do not use it to train AI models.

Service providers

Riplet is built on third-party infrastructure. These providers process data on our behalf to operate the service. They are contractually or by their own terms restricted in how they may use it.

  • Railway — hosts our application server and PostgreSQL database (United States / European regions depending on provider routing).
  • Vercel — hosts the marketing site and the web editor (global edge network).
  • Cloudflare — DNS provider for our domains.
  • Google — sign-in provider (when you choose Google sign-in).

Analytics

We use two analytics tools to understand how people use Riplet so we can fix what is broken and improve what is useful:

  • Google Analytics 4 — aggregate page views, traffic sources, and high-level funnel metrics across the marketing site and the editor. We use a cross-domain linker so a single visit to riplet.io followed by app.riplet.io counts as one session, not two.
  • Microsoft Clarity — session recordings and heatmaps so we can see where the interface confuses people. Clarity masks form input values by default. We do not use Clarity recordings to read your document content, and we are working toward marking the editor surface so its text is masked at the recording level too.

We do not run advertising trackers and we do not sell analytics data. If you want to opt out, browser-level tools (private/incognito mode, tracker-blocking extensions) reliably disable both tools.

International data transfers

Because our service providers operate globally, your data may be processed in countries other than the one you live in, including the United States and the European Union. We rely on the providers' own standard data-protection arrangements.

Data retention

  • Account data: kept while your account is active. When you delete your account, we delete your account record and associated data without an extended grace period.
  • Document version history: we keep periodic snapshots of your synced documents (one per day, up to 90 days) so you can recover from accidental edits. After 90 days, older snapshots are removed.
  • Server logs: short-term, retained only as long as useful for operations and abuse prevention.
  • Backups: our database provider takes periodic backups for disaster recovery; these may persist beyond active data for a limited window before being rotated out.

Your rights

You can request the following at any time:

  • Access — a copy of the personal data we hold about you.
  • Correction — fix inaccurate or outdated information.
  • Deletion — delete your account and associated data.

Send requests to michin1559@gmail.com. We will respond within a reasonable time. Until self-service tools exist in the app, requests are handled manually.

Children

Riplet is not intended for children under 13. We do not knowingly collect data from anyone under 13. If you believe a child has provided us with data, contact us and we will delete it.

Security

We use HTTPS / WSS for all traffic and follow standard practices for credential storage and access control. No method of transmission or storage is 100% secure. If we learn of a data breach affecting your account, we will notify you.

Changes to this policy

We may update this policy as the product evolves. Material changes will be reflected in a new effective date at the top of this page. If a change is significant, we will notify signed-in users.

Governing law

This policy is governed by the laws of the Republic of Korea.

Contact

Questions, requests, or concerns: michin1559@gmail.com.