PRIVACY POLICY
Last Updated: August 2025 | Effective Date: July 7, 2025
INTRODUCTION
Rivet ("we," "our," or "us") operates the Profile App at https://me.rivetconnect.com (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.
INFORMATION WE COLLECT
Account Information:
- Name and email address
- Organization affiliation
- Authentication credentials (managed by AWS Cognito)
Profile Information:
- Personality assessment responses and results (HEXACO scores)
- Professional background (education, workplace)
- Personal preferences (interests, location)
- Optional profile details you provide
Usage Information:
- Connection interactions and viewing history
- Feature usage patterns
- Session information
Technical Information:
- Browser type and version
- Device information
- IP address (for security purposes)
GOOGLE CALENDAR INTEGRATION
Our Service offers an optional integration with Google Calendar to enable specific workplace scheduling features. If you choose to connect your account, our use of your calendar data is strictly limited and adheres to the policies outlined below.
The "Quick Connect" Feature:
The primary purpose of our Google Calendar integration is to power our Quick Connect feature—structured, 5-30 minute workplace activities designed to strengthen team relationships. Our use of the calendar.events scope is exclusively for this feature.
How We Use Calendar Data for Quick Connect:
- Availability Matching (READ): To find mutual free time between you and a matched colleague for a Quick Connect session. We only identify open time slots and do not read, store, or use the details (like titles or descriptions) of your existing personal events.
- Session Scheduling (CREATE): To generate a calendar invitation for the scheduled Quick Connect session. This event includes a structured activity guide and conversation prompts in the description to facilitate a meaningful workplace connection.
- Session Management (UPDATE): To allow for the seamless rescheduling or confirmation of Quick Connect sessions, ensuring a professional enterprise experience.
Data Handling and Security:
- Calendar data is accessed when you use Quick Connect scheduling features.
- We do not permanently store your calendar data (event titles, attendees, or descriptions) in our database. We only store session metadata (e.g., date, participants, activity type) for your dashboard.
- We may temporarily cache availability data to improve performance.
- You can disconnect your Google Calendar at any time through your account settings, which immediately revokes all access.
GOOGLE API SERVICES USER DATA POLICY COMPLIANCE
Limited Use Declaration:
Rivet's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy (https://developers.google.com/terms/api-services-user-data-policy), including the Limited Use requirements.
Strict Data Limitations:
- No Personal Event Access: We never read, monitor, or access personal calendar events
- Quick Connect Only: Calendar integration used exclusively for workplace Quick Connect scheduling
- No Advertising Use: Calendar data is never used for advertising, profiling, or commercial purposes
- No Data Transfer: Calendar information is never sold, shared, or transferred to third parties
- Real-time Processing: Calendar data accessed only during active user scheduling sessions
Enterprise Privacy Commitment: Our access to and use of Google Calendar data is strictly limited to providing and improving the Quick Connect scheduling feature as described above. We do not use this data for any other purpose beyond facilitating workplace team connections.
HOW WE USE YOUR INFORMATION
We use the information we collect to:
- Provide and maintain the Service
- Authenticate your access and manage your account
- Display your profile to you and authorized connections
- Calculate personality-based matches within your organization
- Enable colleague discovery and connection features
- Send service-related communications
- Respond to support requests
- Detect, prevent, and address technical issues
- Comply with legal obligations
DATA STORAGE AND SECURITY
We implement appropriate technical and organizational measures to protect your data:
- Data encrypted in transit using TLS 1.3
- Data encrypted at rest using AWS-managed encryption
- Secure authentication through AWS Cognito
- Access controls and authentication requirements
- Regular security assessments
Cookies and Local Storage:
We use cookies and similar technologies (including browser local storage) to:
- Maintain your authentication session
- Remember your preferences (theme, avatar, settings)
- Store temporary data to improve performance
- Analyze Service usage and improve functionality
These are essential for the Service to function properly. You can manage cookie preferences through your browser settings.
INFORMATION SHARING
We may share your information in the following situations:
- With your organization for team collaboration features
- With service providers who assist in our operations
- To comply with legal obligations
- To protect our rights and safety
- With your consent for specific purposes
Third-Party Disclosure: We do not sell, trade, or transfer your calendar data to third parties.
YOUR RIGHTS AND CHOICES
You have the right to:
- Access your personal information
- Request correction of inaccurate data
- Request deletion of your account and data
- Disconnect third-party integrations (Google Calendar)
- Opt-out of non-essential communications
To exercise these rights, contact us at tyler@codedidit.com. We are continuously improving our self-service features. For immediate assistance with profile updates or data requests, please contact tyler@codedidit.com.
DATA RETENTION
We retain your personal information for as long as necessary to provide our Service and fulfill the purposes outlined in this Privacy Policy. Quick Connect session metadata is retained for workplace analytics but can be deleted upon request. When you delete your account, we will delete or anonymize your personal information within 30 days, except where retention is required for legal obligations or organizational reporting requirements.
CHILDREN'S PRIVACY
Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you become aware that a child has provided us with personal information, please contact us.
CHANGES TO THIS PRIVACY POLICY
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.
CONTACT US
If you have questions about this Privacy Policy, please contact us:
Email: tyler@codedidit.com
Website: https://me.rivetconnect.com
Company: Rivet
GDPR INFORMATION
While our Service is primarily intended for US-based organizations, we recognize that employees may access the Service from various locations. For any users accessing the Service from the European Economic Area, we process data in accordance with applicable privacy principles including lawful basis for processing, data minimization, and respect for user rights. For questions about data processing, contact tyler@codedidit.com.
CALIFORNIA PRIVACY RIGHTS
For California residents using our Service in a business capacity, certain rights may apply under the California Consumer Privacy Act (CCPA). These include the right to know what personal information is collected, the right to request deletion, and the right to opt-out of the sale of personal information (we do not sell personal information). To exercise these rights, contact tyler@codedidit.com.