Rigo

Privacy Policy

Last Updated: April 4, 2026

This privacy policy outlines how we collect, use, and protect your information. Please consult legal counsel for specific questions regarding your privacy rights.

1. Introduction

ARCHON LAB LLC, doing business as Rigo ("we," "us," or "our"), operates the rigo.bio platform (the "Platform"), a creator tipping and subscription service. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Platform, whether as a Creator receiving tips or a Supporter sending them.

ARCHON LAB LLC is the data controller responsible for your personal information. We process your data on the following legal bases:

  • Contract performance: Processing payments, operating your account, and delivering the services you request
  • Legitimate interest: Platform security, fraud prevention, service improvement, and aggregated analytics
  • Consent: Sharing Supporter names and emails with Creators (opt-in), and sending optional marketing communications
  • Legal obligation: Tax record retention, regulatory compliance, and responding to valid legal requests

By using the Platform, you consent to the collection and use of your information as described in this Privacy Policy. If you do not agree with this policy, please do not use the Platform.

2. Information We Collect

Account Information (Creators)

When you register as a Creator, we collect the following information:

  • Name and email address (via OAuth sign-in providers)
  • Profile information you provide (handle, bio, avatar image, country)
  • Social media links you choose to add to your profile
  • Tip page settings including template selection, monthly goal amount, and customization preferences
  • QR code images generated for your tip page (stored as URLs)
  • Stripe Connect account information (account ID, onboarding status, payout preferences) — financial details such as bank account numbers are collected and stored by Stripe, not by Rigo

Supporter Information

When you send a tip or subscribe to a Creator, we may collect:

  • With your consent: Your name and email address, if you choose to provide them. Sharing this information with the Creator requires your explicit opt-in consent — both name and email default to "do not share." You may also edit the display name and email shown to the Creator independently before submitting.
  • Anonymous tipping: You may tip without providing any personal information. Anonymous tips do not require an account or identifying details.
  • Tip amount, message (if provided), and payment method type — we do not store actual card numbers, bank account details, or cryptocurrency wallet addresses.

Payment Information

All payment processing is handled by Stripe. Rigo does not store, process, or have access to your full credit card numbers, bank account details, or sensitive financial information. Stripe collects and processes payment information in accordance with its own Privacy Policy.

Data from Authentication Providers

When you sign in using Google or GitHub, we receive the following from the provider:

  • Your name and email address
  • Your profile image (if available)
  • Your provider account identifier

We also store OAuth tokens (access and refresh tokens) server-side to maintain your authenticated session. We do not post to, read from, or otherwise access your Google or GitHub accounts beyond authentication.

File Upload Data

When Creators upload content (avatars, tip page images, thank-you media, downloadable files), the files are stored on Vercel Blob Storage, a third-party cloud storage service hosted in the United States. Images and avatars are publicly accessible via CDN URLs. Downloadable reward files are served through controlled-access URLs. We store metadata about uploads (file type, size, upload timestamp) alongside the file URLs.

Usage and Technical Data

We automatically collect certain information when you use the Platform:

  • IP address, browser type, operating system, and device information
  • Pages visited, features used, and actions taken on the Platform
  • Referring URLs and how you arrived at the Platform
  • Date, time, and duration of your visits

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing our services: Operating the Platform, processing tips and subscriptions, managing Creator accounts, generating QR codes for tip pages, delivering digital Rewards on thank-you pages, and facilitating payouts through Stripe Connect
  • Creator analytics: Providing Creators with aggregated analytics about their tip page performance, supporter activity, and revenue — individual Supporter data is only shared with the Creator when the Supporter has given explicit consent
  • Communication: Sending transactional emails (tip confirmations, subscription receipts, payment failure notifications, account notifications), responding to support requests, and delivering Creator thank-you messages via our email service provider (Resend)
  • Platform improvement: Analyzing aggregated usage patterns through Vercel Web Analytics and Speed Insights to improve the Platform's functionality, performance, and user experience
  • Security and fraud prevention: Detecting and preventing fraudulent transactions, unauthorized access, and abuse of the Platform
  • Legal compliance: Fulfilling legal obligations, responding to legal requests, and enforcing our Terms of Service

4. Information Sharing and Disclosure

We do not sell your personal information. We share information only in the following circumstances:

With Stripe (Payment Processor)

We share necessary information with Stripe to process payments, manage Creator connected accounts, handle disputes, and facilitate payouts. Stripe processes this information according to its own Privacy Policy.

With Vercel (Hosting and Storage)

The Platform is hosted on Vercel's infrastructure. User-uploaded files (avatars, images, downloadable files) are stored on Vercel Blob Storage. Vercel Web Analytics collects aggregated, cookieless page view data, and Vercel Speed Insights collects Core Web Vitals performance metrics. Vercel processes data according to its Privacy Policy and Data Processing Agreement.

With Resend (Email Delivery)

Transactional emails (tip confirmations, subscription receipts, payment failure notifications, and Creator thank-you messages) are delivered through Resend's email service. Resend receives recipient email addresses and email content for delivery purposes. Emails are sent from support@rigo.bio.

With Google and GitHub (Authentication)

We use Google and GitHub OAuth services for account creation and login. These providers receive authentication requests and provide your name, email, and profile image. We do not share additional personal information with these providers beyond what is necessary for authentication.

With Creators (Supporter Data)

Supporter names and email addresses are shared with Creators only when the Supporter has explicitly consented to sharing this information. Both name and email consent default to "do not share" and must be independently opted into by the Supporter on the thank-you page after payment. If you tip anonymously or decline to share your details, the Creator will see only that a tip was received, along with the amount and any message you included.

With Amazon (Affiliate Links)

If a Creator has enabled Amazon Associates affiliate links on their tip page and you click on those links, Amazon may collect information about your interaction according to Amazon's privacy policy. Rigo does not share your personal information with Amazon.

Legal Requirements

We may disclose your information when required by law, in response to valid legal process (such as a subpoena or court order), or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction. We will notify you of any such change via prominent notice on the Platform.

5. Cookies and Tracking Technologies

We use the following cookies and technologies:

  • Essential cookies: NextAuth session tokens (JWT-based) required for authentication and maintaining your logged-in session. These cannot be disabled without losing the ability to sign in.
  • Vercel Web Analytics: A privacy-focused, cookieless analytics service that collects aggregated page view data (pages visited, referrers, browser and device information). Because it does not use cookies, it does not track individual users across sessions.
  • Vercel Speed Insights: Collects Core Web Vitals performance metrics (loading speed, interactivity, visual stability) to help us monitor and improve Platform performance. Does not use cookies.

We do not use third-party advertising cookies, tracking pixels, or retargeting technologies. We do not share cookie data with advertisers.

You can control essential cookies through your browser settings. Disabling session cookies will prevent you from signing in to the Platform.

6. Data Retention

We retain your information for the following periods:

  • Account data: Retained for as long as your account is active. If you request account deletion by emailing support@rigo.bio, we will delete your personal data within 30 days, except as required by law.
  • Transaction records: Retained for a minimum of 7 years to comply with tax, legal, and regulatory requirements.
  • Uploaded files: Creator-uploaded content (avatars, images, downloadable files) stored on Vercel Blob Storage is retained for as long as the account is active and deleted within 30 days of account termination.
  • Anonymous tip data: Tip records from anonymous Supporters do not contain personal information and are retained indefinitely as part of Creator analytics.
  • Checkout session mappings: Temporary records linking payment sessions to connected accounts automatically expire after 24 hours.
  • OAuth tokens: Authentication tokens are retained for as long as your account is active and deleted upon account deletion.
  • Usage data: Aggregated and anonymized usage statistics collected through Vercel Web Analytics are retained indefinitely. Individual server logs are retained for up to 12 months.

7. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

General Rights

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information by emailing support@rigo.bio, subject to legal retention requirements
  • Data portability: Request a copy of your data. We will provide your data via email in a commonly used format upon verified request
  • Account deactivation: You may deactivate your account at any time by disabling all payment links from your Tip Settings page. This preserves your data while making your page inactive. Creators may also disconnect their Stripe account via the Stripe Dashboard
  • Opt-out: Unsubscribe from marketing communications at any time
  • Anonymous tipping: Choose to tip without providing any personal information

European Economic Area (GDPR)

If you are located in the EEA, you have additional rights under the General Data Protection Regulation (GDPR), including:

  • Right to data portability — receive your data in a structured, machine-readable format
  • Right to restrict processing of your personal information
  • Right to object to processing based on legitimate interests
  • Right to withdraw consent at any time where processing is based on consent
  • Right to lodge a complaint with your local data protection authority

California (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including:

  • Right to know what personal information we collect and why
  • Right to delete your personal information
  • Right to opt-out of the sale of personal information — however, Rigo does not sell personal information
  • Right to non-discrimination for exercising your privacy rights

To exercise any of these rights, please contact us at support@rigo.bio. We will respond to your request within 30 days (or sooner where required by law).

8. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

  • Encryption in transit: All data transmitted between your device and the Platform is encrypted using TLS (Transport Layer Security)
  • Encryption at rest: Our database (hosted on Neon PostgreSQL) encrypts stored data at rest
  • Payment security: Payment processing is handled by Stripe, which is PCI DSS Level 1 certified — the highest level of payment security compliance
  • File storage security: Files stored on Vercel Blob Storage are served exclusively over HTTPS
  • Access controls: Access to personal data is restricted to authorized personnel who need it to perform their duties
  • Authentication: We use OAuth-based authentication through trusted identity providers (Google, GitHub). OAuth tokens are stored server-side only and are never exposed to client-side code
  • API security: All API endpoints use server-side session validation to prevent unauthorized access

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

9. International Data Transfers

ARCHON LAB LLC operates from the United States. The Platform is hosted on Vercel's infrastructure and our database is hosted on Neon, both primarily in the United States. If you access the Platform from outside the United States, your information will be transferred to, stored, and processed in the United States.

Our key sub-processors and the transfer mechanisms we rely on include:

For transfers from the European Economic Area, we rely on Standard Contractual Clauses (SCCs) as included in our sub-processors' Data Processing Agreements. We take steps to ensure that your information receives an adequate level of protection in the jurisdictions in which we process it.

10. Children's Privacy

The Platform is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal information from a child under 13, we will take steps to delete that information as soon as possible.

Creator accounts, which involve receiving financial payments, require users to be at least 18 years of age (or the age of majority in their jurisdiction).

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Platform and updating the "Last Updated" date at the top of this page. For significant changes that affect how we use your personal information, we may also send email notifications to registered users.

Your continued use of the Platform after any changes constitutes acceptance of the updated Privacy Policy.

12. Contact Us

If you have any questions about this Privacy Policy, your personal data, or would like to exercise any of your privacy rights, please contact us at:

For data protection inquiries from the European Economic Area, please include "GDPR Request" in the subject line of your email so we can prioritize and respond within the required timeframe.