Riskli Privacy Policy

Effective Date: August 5, 2025

Welcome to Riskli, a mobile-only application dedicated to helping users assess and mitigate digital risks. We are committed to protecting your privacy and handling your personal information in a transparent and secure manner. This Privacy Policy describes what data we collect, how we use and share it, your rights regarding your data, and our practices to keep your information safe. We follow industry best practices and comply with applicable privacy laws and app store guidelines (Apple App Store and Google Play) to ensure your information is protected globally. By using the Riskli app, you agree to the collection and use of information as outlined in this policy.

Information We Collect

We limit our data collection to what is necessary to provide and improve our services. We do not collect any sensitive personal information such as government-issued IDs, financial information, health data, or biometric identifiers. The types of information we collect include:

Account Information: When you register for a Riskli account, we collect your email address and password. This is used for login and account management. (Your password is stored in an encrypted form for security.) We do not require or collect a personal name, physical address, or phone number for account creation, unless you voluntarily provide such details.
Usage Data: We automatically collect certain data about your device and how you use the app. This includes technical information like your device model, operating system version, app version, and device identifiers (e.g. Android Advertising ID or Apple Identifier for Advertisers). We also log usage information such as the features you interact with, timestamps of usage, and performance metrics. This data helps us understand app performance and user engagement in an anonymized way.
Analytics and Diagnostics: We use third-party analytic tools to collect anonymous usage statistics (for example, which screens are visited, session length) to help us improve the app’s functionality. Additionally, if the app crashes or encounters errors, we collect diagnostic reports (through Firebase Crashlytics) containing device state and error logs at the time of the crash. These reports do not include any personal content but help us identify and fix issues.
Communications: If you contact us for support or provide feedback, we will collect the information you choose to give us (such as your email inquiry or feedback comments). This may include contact details and the content of your correspondence.
Cookies & Similar Technologies: Since Riskli is a mobile app, it does not use traditional website cookies. However, the app and our analytics providers may use local storage or device identifiers to remember your preferences and track usage patterns. These technologies function similarly to cookies in a mobile context (for example, storing a unique random ID on your device) and are solely used to enhance your experience and analyze app performance. You can reset or limit such identifiers through your device settings if you prefer (see User Rights and Choices below).
No Sensitive Data: We want to emphasize that Riskli does not ask for or collect sensitive personal data such as your financial information, credit card numbers, banking details, social security/national ID numbers, race, religion, health, or biometric data. Our app’s focus is on business risk analysis, and the personal data we collect is limited to basic account and usage info as described above. We also do not knowingly collect any information from your device’s contacts, photos, or other personal files unless you explicitly grant permission and it is necessary for a specific app feature (if ever introduced; currently, no such features exist).

How We Use Your Information

We use the collected information for the following purposes, all in accordance with applicable laws and your expectations when using Riskli:

To Provide and Maintain the Service: We use your information to create and manage your account, authenticate you at login, and deliver the app’s core features (including generating risk analyses tailored to your inputs). For example, your email and password allow you to securely access your account, and device data helps ensure the app displays correctly on your device.
To improve and personalize the experience: Usage and analytics data are analyzed to understand how users interact with Riskli so we can improve our features, user interface, and overall user experience. This helps us fix bugs, optimize performance, and develop new functionalities that better serve our users. We may also personalize certain aspects of the app content or recommendations based on aggregated usage patterns (not based on any sensitive traits).
To Communicate with You: We may use your contact information (e.g. email address) to send you service-related communications. These include confirmations of registration, important updates or changes to the app, security alerts, or customer support responses. We do not send promotional or marketing emails unrelated to the service unless you have opted in to such communications. If you do opt in, you will have the ability to unsubscribe at any time.
To Ensure Security and Prevent Fraud: Information (like device identifiers, IP address, and usage patterns) may be used to monitor for and prevent fraudulent or unauthorized activity in the app. For instance, we may detect unusual login behavior to protect your account or use crash/error logs to detect potential security issues. This use of data helps us keep the app safe, secure, and trustworthy for all users.
To Comply with Legal Obligations: In certain cases, we may need to use or disclose your information to comply with applicable laws, regulations, legal processes or governmental requests. For example, we might retain certain data to fulfill tax or accounting requirements, or disclose data if required by a lawful subpoena or court order (more on this in Data Sharing below).
Aggregate and De-Identified Uses: We may aggregate or anonymize the information we collect (so it can no longer be linked to any individual user) and use that aggregated data for analytical and research purposes, such as publishing overall trends or statistics about digital risks. Aggregated data contains no personally identifiable information and is used purely to understand broader patterns and improve our services.

We do not use your personal data for any form of automated decision-making that produces legal or similarly significant effects on you without human intervention. Any AI or analytics in Riskli serves to provide insights to you (the user) and to enhance the service, not to make decisions about you in a vacuum. We also do not engage in any form of sale of personal data or targeted advertising profiling with the information we collect.

Third-Party Services and Sharing

Riskli relies on certain trusted third-party service providers to operate our app and provide it to you. We share your information with these third parties only to the extent necessary for them to perform services on our behalf, and always under obligations to protect your data. We do not sell your personal information to anyone, and we do not share it with third parties for their own marketing or advertising purposes.

Service Providers:

Firebase by Google: Riskli uses Google Firebase services for critical app functionality. This includes Firebase Authentication (to handle user sign-ups and logins via email/password), Firebase Cloud Firestore/Database (to securely store user data and preferences in the cloud), and Firebase Crashlytics (to collect crash reports for app stability). We also use Firebase Analytics (part of Google Analytics for Firebase) to gather anonymous usage statistics. These Firebase services provided by Google may collect device information and usage data as described in Information We Collect (such as device identifiers and app usage events). All data shared with Firebase is governed by Google’s privacy policy and is used strictly to provide these services to Riskli. (You can find more details in Google’s Privacy Policy here.)
Cloud Hosting (AWS): Our application and its backend systems are hosted on Amazon Web Services (AWS) cloud infrastructure. This means that any information you provide (such as your account data) is stored in AWS data centers on our behalf. AWS is a reputable cloud provider that maintains high levels of physical and network security, data encryption, and industry compliance certifications. AWS acts solely as a storage and hosting provider for Riskli; Amazon does not access the content of our users’ data except as needed to maintain the cloud services (per their privacy and security terms).
Analytics Tools: In addition to Firebase Analytics, we may integrate other analytics or performance monitoring tools to better understand app usage and improve our service. For example, we might use tools that measure how users navigate the app or what features are most popular. These tools typically collect data such as your device type, OS version, timestamps of actions, and general location (e.g. country or region inferred from IP) in an anonymous manner. We ensure that no directly identifying personal data (like your name or email) is transmitted to analytics providers. All usage data is analyzed in aggregate form. (If you wish to opt out of analytics, see User Rights and Choicesbelow for options.)

All our service providers are bound by confidentiality and data protection obligations. They may only use your information as instructed by us and in a manner consistent with this Privacy Policy. They are prohibited from using your data for any other purposes. For instance, Firebase and AWS act as our agents and will not independently exploit your data; they process it only to deliver the functionalities of our app (such as storing data or sending push notifications, if applicable). We carefully select these providers based on their privacy and security standards.

Other Sharing and Disclosures

Aside from our service providers, Riskli will not share your personal information with third parties except in a few rare circumstances:

Legal Compliance and Protection: If we are required by law to disclose information, or if we have a good-faith belief that such disclosure is necessary to comply with legal obligations, we may share your data. This can include responding to lawful requests by public authorities (e.g., a court order, subpoena, or government demand). We may also disclose information if necessary to enforce our Terms of Service or policies, to protect our rights and property, or to ensure the safety of our users or the public (for example, investigating fraud or security incidents). Any such disclosure will be done in accordance with applicable laws and regulations.
Business Transfers: If Riskli or its parent company Civil Security AI (the company behind Riskli) is involved in a merger, acquisition, sale of assets, or other business transaction, user information may be transferred to the successor or new owner as part of that deal. In such an event, we will ensure that your personal data remains subject to protections at least as strict as those outlined in this policy, and we will notify you (for example, via email or an in-app alert) of any change in data ownership or use.
With Your Consent: In situations where you actively request or consent to a specific data sharing, we will of course share accordingly. For example, if in the future the app offers an option to share your risk report with a colleague or to integrate with another service (hypothetically), we would do so only with your explicit direction and consent.

Importantly, we do not share any personal data with advertisers or ad networks , as our app currently does not display third-party ads. If this ever changes, we will update this Privacy Policy and seek any necessary consent. Additionally, any links to third-party websites or services (for example, a link to an external resource or partner) are provided for your convenience; if you visit those, note that we are not responsible for the privacy practices of external sites.

User Rights and Choices

We believe in giving you control over your personal information. Depending on your location and the applicable laws, you have certain rights regarding the data we hold about you. Regardless of jurisdiction, Riskli will honor the following rights and requests to the extent feasible:

Access and Portability: You have the right to request a copy of the personal data we have collected about you and to obtain information about how we process it. This includes your account information and any identifiable usage data. We will provide this information in a structured, commonly used format.
Correction: If any personal information we have is inaccurate or outdated (for example, if you change your email address), you have the right to correct or update it. You can do so directly in the app’s account settings (if available) or by contacting us to request an update. We encourage you to keep your information current so we can serve you best.
Deletion: You have the right to request deletion of your personal data. This is sometimes called the “right to be forgotten.” You can delete your Riskli account through the app’s settings if this feature is provided, or by contacting us to request account deletion. Upon verifying such a request, we will remove or anonymize your personal information from our records, except for data we are required to keep for legal compliance or legitimate business purposes (which we will explain to you if applicable). Do note that once deleted, your account data (including any saved analyses or preferences) generally cannot be recovered.
Withdrawal of Consent: If we ever process any personal data based on your consent (for example, optional features or marketing emails you agreed to), you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of any processing we already completed but will stop future processing of the relevant aspect. For instance, if you opted into a newsletter, you can opt out via the “unsubscribe” link in emails or by contacting us, and we will cease those communications.
Opt-Out of Analytics/Tracking: We respect your choice if you do not want certain data to be collected. While we do not offer a dedicated toggle in-app to disable all analytics (as some are essential for service functionality), you can limit ad tracking on your device which will reduce the collection of identifiable analytics data (for example, you can enable “Limit Ad Tracking” on iOS or reset your Android Advertising ID). You can also contact us to inquire about any further opt-out options, and we will provide guidance.
Marketing Choices: As noted, we currently do not send unsolicited marketing communications. In the event this changes (such as offering a newsletter or promotional updates), we will always provide a clear opt-in mechanism. Even after opting in, you will have the ability to opt out at any time by using the unsubscribe link in emails or adjusting your subscription preferences. We will not spam you and will ensure any communications are infrequent and relevant.
Non-Discrimination: We will never discriminate against you or deny you any service for exercising your privacy rights. For example, if you request deletion of your data or opt out of analytics, we will not provide you a lesser experience except as needed to respect your request (obviously, if you delete your account, you will lose access to account-based features, but we will always treat users fairly and without bias for exercising privacy choices).

To exercise any of your rights or choices, or if you have a privacy-related request, please contact us at privacy@riskliapp.com (see Contact Us below). We may need to verify your identity before fulfilling certain requests (to ensure we don’t delete or disclose the wrong person’s data). Verification might involve confirming account details or other information. We will respond to your request within a reasonable timeframe and in accordance with applicable law. For example, GDPR (EU law) requires response within one month, and we strive to meet such standards. If we cannot fulfill your request for a specific legal reason, we will inform you of the reason (for instance, we cannot delete data we are legally obliged to keep) and discuss how we can best address your concerns.

Data Retention

We retain personal information for only as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law. The criteria we use to determine retention periods include:

Account Lifespan: For active users, we keep your account information and usage data for as long as you maintain an account with Riskli. This allows you to have ongoing access to your data and use the app continuously.
Service Requirements: We retain data as needed to operate and provide the app services you have requested. For example, if you use Riskli, your risk analysis history (if tied to your account) would be retained so you can review past results. If you decide to delete your account or if your account remains inactive for an extended period, we will initiate deletion of your data after a reasonable time or upon your request.
Legal and Operational Obligations: Even after you delete your account or cease using the app, we may need to keep certain data for a limited time to comply with legal obligations, resolve disputes, enforce our agreements, or for other legitimate business purposes. For instance, we might retain transaction records (if any payments were involved) for accounting and tax purposes or keep server logs for a period to assist with security investigations. We will either securely isolate and protect any such data or anonymize it if retained for these purposes.
Backup and Archival: Like many services, we perform routine backups of our systems to ensure resilience of the service. Backup copies of databases might inadvertently contain your information even after deletion. However, these backups are retained only for a limited duration and are tightly secured. If restored (e.g., for disaster recovery), we will re-delete the data as required.

In summary, we keep your personal data only for as long as it is truly needed – for providing the service you expect or as required for legal compliance – and no longer. When personal information is no longer necessary, we will erase it or render it anonymous so that you can no longer be identified from it.

Security Measures

The security of your data is extremely important to us. We implement a variety of industry-standard technical and organizational measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. These measures include encryption, access controls, and regular security audits:

Data Encryption: All network communication between the Riskli app and our servers is encrypted using HTTPS (TLS) to prevent eavesdropping. Likewise, any sensitive data stored in our databases or in cloud storage is encrypted at rest. For example, passwords are hashed and never stored in plaintext.
Access Control: Only authorized personnel with a legitimate need can access user data, and even then, it’s on the least privilege basis. Administrative access to servers and databases is protected by strong authentication and is logged and monitored.
Infrastructure Security: Our backend is hosted on AWS, which maintains robust physical security, network firewall protection, and DDoS mitigation at its data centers. We follow best practices in cloud security architecture and keep our systems updated.
Monitoring and Testing: We employ monitoring systems to detect suspicious activities. Regular security testing, including code reviews and vulnerability scans, is conducted to address potential security weaknesses.
Organizational Policies: Our team is trained in data protection best practices and follows internal policies to respond swiftly to any security concerns.

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. Despite all our efforts and the use of reputable cloud services, we cannot guarantee absolute security of data. In the unlikely event of a data breach or security incident affecting your personal information, we will notify you as required by law and take all necessary steps to mitigate the issue.

We also encourage you, as a user, to take precautions. Keep your account credentials confidential and use a strong, unique password for Riskli. If you suspect any unauthorized access to your account or any security vulnerabilities, please contact us immediately so we can assist.

Children’s Privacy

Riskli is not directed to children, and we do not knowingly collect personal data from individuals under the age of 13. . If you are under 13 years old, please do not use the Riskli app or provide any personal information to us. We adhere to the U.S. Children’s Online Privacy Protection Act (COPPA) and similar regulations that aim to protect young users online.

If we learn that we have inadvertently collected personal information from a child under 13, we will take prompt action to delete that information from our records. If you are a parent or guardian and discover that your child under 13 has created a Riskli account or provided us with personal data without your consent, please contact us immediately (see Contact Us below) so that we can remove the child’s information.

For minors aged 13 to 17: While Riskli’s services are generally intended for adult business owners and professionals, we recognize some tech-savvy teenagers might be interested in our app. If you are between 13 and 17 (or the age of majority in your jurisdiction), you should only use this app with the involvement and consent of a parent or legal guardian. By using Riskli, you represent that you are at least 18 years old or that you have permission from a parent/guardian (for users 13–17). We may request verification of parental consent for users in this age range if necessary.

Please note that certain jurisdictions have higher age thresholds (for example, under GDPR in some EU countries, the consent age for online services is 16). We do not knowingly allow use of Riskli by children under such applicable ages without appropriate consent. Our goal is to ensure a safe and appropriate experience for all users.

International Data Transfers

Riskli is a global service – you can download and use the app from anywhere in the world. Our servers, however, may be located in countries different from your own. In particular, as noted, we use cloud infrastructure in the United States (AWS) and possibly other locations.This means your personal data may be transferred to and stored on servers outside of your home country, potentially including the United States or other jurisdictions where our service providers operate.

Different countries have different data protection laws. Some may offer the same level of protection as your country’s laws, while others may not. Regardless of location, we will implement the same protections described in this Privacy Policy to all user data, no matter where it is processed. We take steps to ensure that international transfers comply with applicable legal requirements. For example, if you are in the European Economic Area (EEA) or United Kingdom, and your data is transferred to a country not deemed “adequate” by EU/UK authorities, we will rely on approved mechanisms (such as Standard Contractual Clauses or other lawful measures) to ensure your data remains protected.

By using the Riskli app, you acknowledge that your information may be transferred to facilities in the United States or other countries. Rest assured, such transfers are only done for the purposes of operating the service , and we continue to safeguard your privacy during and after the transfer. We also comply with any local requirements for data export where applicable.

If you have questions about our international data practices, or need more information about cross-border safeguards, feel free to contact us. We understand that privacy is a global concern and aim to be transparent about how and where your data flows.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time as our practices or applicable laws evolve. If we make any important (material) changes, we will notify you in an appropriate manner. For example, we might send you an email at the address associated with your account or display a prominent notice in the app informing you of the update. We will also update the “Effective Date” at the top of the policy to indicate when the latest changes took effect.

Your continued use of Riskli after any modifications to this Privacy Policy signifies your acknowledgment of the changes and your agreement to be bound by the updated policy. However, if required by law, we will obtain your consent for significant changes (for instance, if a change would require new consent under GDPR). We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

If we make changes that materially affect how we handle personal data, we will take additional steps to inform you (which may include prompting you to review the new policy within the app). Minor updates (such as clarifications or typographical corrections) may be simply posted with the new effective date. In all cases, we will not reduce your rights under this Privacy Policy without your explicit consent.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please do not hesitate to contact us. We are here to help and address any issues related to your privacy and security.

Contact Information:
Riskli Support / Privacy Team
Email: falroumi@riskliapp.com

We will respond to your inquiries as soon as possible, typically within a few business days. If you need any assistance or have concerns about how your data is handled, we appreciate the opportunity to make things right. Your trust is important to us, and we are committed to ensuring your experience with Riskli is not only useful but also safe and respectful of your privacy.

Thank you for reading our Privacy Policy. By using Riskli, you put your trust in us to handle your data responsibly – a responsibility we take very seriously. We continuously work to protect your information and uphold your privacy rights.