Privacy Policy
This Privacy Policy explains how the “Rivrox” (“Service”) processes and protects personal data of users in accordance with Russian law (152-FZ, 242-FZ) and Regulation (EU) 2016/679 (GDPR) and Directive 2002/58/EC (ePrivacy).
1. Controller and Contacts
Data Protection Officer: info@rivrox.com.
2. Data Processed and Sources
We process data provided by the user and/or collected automatically: email, name or nickname, profile images, country and city, IP address, cookies, listening history, likes, reposts, messages and comments, technical logs and timestamps. Sources: the user themself, automatic collection through the Service, or public data posted by the user.
3. Legal Basis
Processing is based on: user consent (Art. 6(1)(a) GDPR, Art. 9 152-FZ); performance of a contract (Art. 6(1)(b)); legal obligation (Art. 6(1)(c)); legitimate interests of the Administration (Art. 6(1)(f)). Consent may be withdrawn at any time.
4. Purposes
Registration and account management; providing service functions (upload, storage, streaming, messages, playlists, charts); personalization and recommendations; moderation and security; analytics and service improvement; legal compliance.
5. Mandatory Data
Email is required for registration and login. Profile fields (bio, avatar, city) are optional. Refusal to provide mandatory data may limit use of the Service. Essential cookies are necessary for operation; others require consent.
6. Storage and Security
Data of Russian citizens are stored on servers in Russia (242-FZ). Data transfer via HTTPS/TLS; access restricted by roles; logging and backups maintained; least-privilege principle applied.
7. Retention Periods
Data are stored until account deletion plus 30 days for technical completion. Messages and comments — until deleted by user or moderator. Security logs — up to 12 months. Analytics — anonymized for up to 24 months.
8. Data Sharing
Data may be shared only as necessary: by law request; with processors (hosting, cloud storage, analytics, mail services, security, payments). All processors are bound by DPA and confidentiality agreements.
9. Cross-border Transfer
Transfers outside the EEA occur only to countries with adequate protection (Art. 45 GDPR) or under Standard Contractual Clauses (Art. 46). Data of Russian citizens are primarily stored in Russia.
10. Automated Decisions and Profiling
The Service uses recommendation and chart algorithms based on listening history. They do not produce legal effects or affect user rights. Users may object to profiling.
11. User Rights and Procedure
Users have the right to obtain information about their personal data and its processing, to request rectification or erasure, to restrict processing, to data portability, to withdraw consent, to object to processing, and to lodge complaints with Roskomnadzor or an EU supervisory authority. Requests regarding personal data can be sent to: info@rivrox.com. We will review the request and reply within 30 calendar days.
12. Data Breaches
In case of security incidents, the Administration will assess risk and notify authorities and/or users if required by law.
13. Children
The Service is intended primarily for use by adults. Minors may use the Service only with the consent of their parent or other legal guardian. In EU countries, registration and use of the Service by individuals under 16 years of age (or another age between 13 and 16 as defined by the law of the relevant country) is only permitted where such consent has been obtained. In the Russian Federation, users under 18 years of age also require the consent of a legal representative.
14. Cookies and Similar Technologies
We use cookies and Local Storage for sessions, security, and personalization. Details on types and storage periods are in the Cookie Policy.
15. Policy Updates
The current version is available at /privacy-policy.
Last updated: 5 November 2025