RivierBack to Home

Privacy Policy

Last updated: March 23, 2026

Our Privacy Principles

Non-Custodial Architecture

Rivier operates a non-custodial wallet infrastructure. Your private keys are generated and managed through MPC (Multi-Party Computation) threshold signing in hardware-secured enclaves. No single party, including Rivier, ever holds your complete private key.

Decentralized by Design

Identity verification, trade settlement, and asset management operate across decentralized networks. Your identity is represented by DIDs (Decentralized Identifiers) and on-chain attestations rather than centralized databases of personal information.

No Raw User Data Stored

We do not store raw personally identifiable information. KYC verification produces only cryptographic attestations (tier level, not documents). Email addresses used for authentication are hashed in logs. No biometric templates are retained after liveness verification.

Strong Encryption

All sensitive data is protected with AES-256-GCM envelope encryption backed by hardware security modules (HSMs). Key material is derived using HKDF-SHA256 with per-record data encryption keys. Keys are zeroed from memory immediately after use.

Information We Collect

Account Information

When you create an account, we receive your email address and display name from your Google OAuth provider or WebAuthn passkey credential. This is used solely for authentication and session management. We do not request or store passwords.

Identity Attestations

KYC verification is processed to produce a cryptographic tier attestation (e.g., "KYC Tier 2"). The original identity documents are not stored by Rivier. On-chain identity records contain only your DID and attestation tier, never personal information.

Transaction Data

Trade history, portfolio holdings, and balance transactions are stored in an encrypted database with row-level security. Each user can only access their own records. Transaction hashes are public on-chain by nature of blockchain technology.

AI Agent Context

When you use AI agents, conversation context and agent decisions are associated with your account. Agent configurations (personality, skills, spending limits) are stored encrypted. Agent decisions require your explicit approval before execution.

Usage Analytics

We collect minimal, anonymized usage metrics to maintain service reliability. We do not use third-party tracking pixels, advertising networks, or behavioral analytics platforms. We do not sell, rent, or share your data with advertisers.

How We Protect Your Data

Encryption at Rest and in Transit

All data is encrypted at rest using AES-256-GCM with HSM-backed key management. All connections use TLS 1.3. Database connections are encrypted. Internal service communication uses mutual TLS (mTLS) where applicable.

Hardware Security

Cryptographic signing operations run inside AMD SEV-SNP Trusted Execution Environments (TEEs) on dedicated confidential computing nodes. Key material never leaves the secure enclave in plaintext. TEE attestation is verified on every signing operation.

Row-Level Security

Database access is enforced through PostgreSQL Row-Level Security (RLS) policies. Every query is scoped to the authenticated user. Even in the event of an application vulnerability, cross-user data access is prevented at the database level.

Session Security

Authentication uses httpOnly, Secure, SameSite cookies. Sessions are stored server-side and rotated on privilege changes. WebAuthn passkeys provide phishing-resistant authentication. CSRF protection is enforced on all state-changing operations.

Data Sharing

We do not sell your personal information. We do not share your data with third parties for marketing purposes. Data is shared only in the following limited circumstances:

  • Blockchain Networks: Transaction data is broadcast to public blockchains as part of normal operation. On-chain data is public and immutable.
  • Identity Networks: Decentralized identity attestations are registered on verification networks (Tenzro, Canton) as you opt in. Only DIDs and attestation tiers are shared, never PII.
  • AI Model Providers: Agent conversations are processed by AI model providers (Google, Anthropic) under their data processing agreements. No wallet keys, balances, or financial data are sent to model providers.
  • Legal Compliance: We may disclose information if required by law, subpoena, or regulatory order. We will notify you unless legally prohibited from doing so.

Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and associated data
  • Export your transaction history and portfolio data
  • Withdraw consent for optional data processing at any time
  • Freeze or revoke any agent identities you have created

On-chain data (transactions, identity attestations, NFTs) cannot be deleted due to the immutable nature of blockchain technology. However, all off-chain data associated with your account can be removed upon request.

Data Retention

Account data is retained for the duration of your active account. Upon account deletion, off-chain data is purged within 30 days. Audit logs required for regulatory compliance are retained for the minimum period required by applicable law, then securely destroyed.

Session data expires automatically. Rate limiting and security monitoring data is ephemeral with a maximum 1-hour retention window.

Cookies

We use a single essential httpOnly session cookie for authentication. We do not use advertising cookies, tracking cookies, or third-party analytics cookies. No cookie consent banner is required because we only use strictly necessary cookies.

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the application. Continued use of the service after changes constitutes acceptance of the updated policy.

Contact

For privacy-related inquiries, data access requests, or to exercise your rights, contact us at privacy@rivier.ai