Privacy Policy
Rivale.io, Last updated: April 2026
What this covers
This policy explains what data Rivale.io collects, how we use it, and who we share it with. Rivale.io is operated by Rivale.io.
What we collect
Account information
When you create an account, we collect your name and email address. We use this to manage your account and send you product notifications.
Payment information
Payments are processed by Stripe. We do not store your card number, expiry date, or CVV. Stripe handles all payment data directly. We store your subscription tier and billing status.
Usage data
We store the competitors you track, your notification settings, and which features you use. This lets us run your notifications correctly and improve the product.
Session cookie
We use one cookie to keep you logged in. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.
What we do not collect
We do not collect competitor data from you. Rivale fetches competitor plugin data directly from WordPress.org public APIs and crawls competitor marketing websites that are publicly accessible. No data about you is included in those requests.
Who we share data with
Supabase
Database hosting, authentication, and backend infrastructure. Your account and usage data are stored in Supabase infrastructure in the EU region.
Stripe
Payment processing. Your payment data goes directly to Stripe. We receive a customer ID and subscription status in return. Stripe’s own privacy policy governs payment data.
Loops.so
Email delivery for transactional notifications and product updates. Your email address and name are stored in Loops. You can unsubscribe from marketing emails at any time via the unsubscribe link in any email.
Slack
If you connect a Slack workspace, we send notifications to the webhook URL you provide. We store that URL in your account settings. Rivale sends only the notification content you have configured. Disconnecting Slack removes the webhook from your account immediately.
Firecrawl
Competitor website crawling infrastructure. When you add a competitor website URL, that URL is sent for crawling. No account data or personal information is included. Only the competitor URL is processed.
WordPress.org
Public plugin API. We fetch competitor plugin data from WordPress.org public endpoints. No user data is sent to WordPress.org.
We do not sell your data. We do not share your data with advertisers.
Data retention
We retain your account data for as long as your account is active. If you delete your account, we remove your personal data within 30 days.
Competitor tracking data (plugin metrics, changelog history, reviews) is retained for up to 365 days depending on your plan.
Your rights
You can request a copy of your personal data or request account deletion by emailing legal@rivale.io. We respond within 30 days.
GDPR (EU residents): You have the right to access, correct, delete, and restrict processing of your personal data. Email legal@rivale.io to exercise these rights.
CCPA (California residents): You have the right to know what personal information we collect and to request deletion. Email legal@rivale.io.
Security
Authentication is handled by Supabase using encrypted storage and secure session management. Passwords are not stored in plaintext.
Changes to this policy
If we make material changes to this policy, we will notify you by email at least 30 days before the changes take effect.
Questions: legal@rivale.io