Home

Privacy Policy

Effective date: 27 September 2025 · Last updated: 12 May 2026

Introduction

Welcome to RiverAI.dk ("we", "us", "our"). We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, share, and secure your personal data when you use our website and related services.

If you have any questions, you may contact us at:

RiverAI ApS Email: support@riverai.dk Phone: +45 93 60 71 15

What personal data we collect

We collect the following personal data when you interact with us via forms, scheduling, or email:

  • First name
  • Email address
  • Phone number
  • Company name
  • Company website
  • Estimated number of employees
  • Industry
  • Current tech stack

We also may collect technical data, such as IP address, browser type, device information, and cookies, for website functionality and analytics. For website development/hosting Services, we may process additional data if your site includes forms (e.g., visitor contact details), acting as a processor under GDPR.

How we collect data

We collect your personal data in several ways:

  • When you fill out forms on our website (processed via Cloudflare Workers and n8n)
  • When you schedule calls/appointments (Cal.com, Google Calendar)
  • When you communicate via email (Gmail)
  • Through workflow automations (n8n)
  • For website Services, via hosting platforms or integrations (e.g., Google Workspace, Cloudflare)

Why we collect your data / legal basis

We use your data for:

  • Responding to your inquiries, requests, and bookings
  • Managing leads, follow-up, and customer communication
  • Automating processes internally to improve service
  • Scheduling and calendar management

The legal bases are:

  • Legitimate interest — for managing leads, follow-up, business communications
  • Consent — where required (e.g. if you explicitly agree to be contacted or for certain kinds of marketing)
  • Contractual necessity — for delivering Services like website setup

Who we share your data with (processors)

We share your personal data with external service providers (processors) who assist in delivering our services:

  • Cloudflare (hosting, CDN, edge security, form processing via Workers)
  • n8n (workflow automation, form processing, lead handling)
  • Supabase (database storage)
  • Google Analytics (website analytics, opt-in only via cookie banner)
  • Google Sheets (data exports and tracking)
  • Google Calendar (appointment scheduling)
  • Google Workspace (productivity suite)
  • Gmail (email communications)
  • Cal.com (appointment scheduling)
  • OpenAI (AI processing for internal content and lead workflows)
  • Google Gemini (AI processing)
  • Anthropic / Claude (AI processing)
  • xAI / Grok (AI processing)
  • Lovable (custom dashboard building for clients)
  • Discord (internal notifications)
  • Slack (internal notifications)
  • Hostinger (domain registration)

Each of these processors works under contract with us and is subject to GDPR obligations.

Data transfers outside the EU & safeguards

Some of the processors we use are based outside the European Union or process data in the US. The US-based or non-EU processors we currently use include:

  • Cloudflare
  • Supabase
  • Gmail
  • Google Analytics
  • Google Workspace
  • Google Calendar
  • Google Sheets
  • Cal.com
  • OpenAI
  • Google Gemini
  • Anthropic
  • xAI
  • Lovable
  • Discord
  • Slack

To protect your data when it is transferred outside the EU, we implement the following safeguards:

  • Data Processing Agreements (DPAs) with these processors
  • EU Standard Contractual Clauses (SCCs) to legalise the transfer
  • Encryption in transit and, where possible, at rest
  • Access controls, two-factor authentication, and limited permissions

We conduct transfer impact assessments for US transfers to ensure adequacy under GDPR.

Retention of data

We retain your personal data only as long as necessary for the purposes we describe here, including:

  • Lead data / inactive contact data: typically 24 months after last activity
  • Customers / contractual data (if applicable): duration of the business relationship plus any legal retention requirements (e.g. accounting, tax laws)

When data is no longer needed, we securely delete or anonymise it.

Your rights

Under the GDPR, you have rights in relation to your personal data:

  • Right of access — you can request what data we hold about you
  • Right of rectification — correct inaccurate or incomplete data
  • Right of erasure — delete data when no longer necessary or if you withdraw consent
  • Right of restriction of processing — in certain situations limit how your data is processed
  • Right of data portability — receive your data in a structured, machine-readable format
  • Right to object — object to processing under certain circumstances (e.g. direct marketing)
  • Right to withdraw consent — if any processing is based on consent

If you wish to exercise any of these rights, contact us at support@riverai.dk. We will respond within one month (or up to two months in complex cases) according to GDPR.

Security measures

We employ technical and organizational measures to protect your data, including:

  • Encryption (in transit and where possible at rest)
  • Role-based access control, restricting access only to those who need it
  • Two-factor authentication for critical accounts
  • Regular reviews of our security practices and processor agreements

Cookies and tracking technologies

Our website uses cookies and similar technologies for:

  • Essential site functionality
  • Analytics and performance monitoring

You will be given the opportunity to consent to non-essential cookies via our cookie banner. You can also modify cookie settings via your browser.

Changes to this policy

We may update this Privacy Policy from time to time. If changes are significant, we will notify you via our website (or via email if you are an existing client). The updated policy will show the "Last updated" date.

Contact information

If you have questions, complaints, or want to make a privacy-related request, contact us:

RiverAI ApS Email: support@riverai.dk Phone: +45 93 60 71 15

If you are dissatisfied with how we process your data, you can file a complaint with the Danish Data Protection Agency (Datatilsynet).