Privacy Policy

Last updated: June 19, 2026

1. Who we are

CoreNet Solutions (“we”, “us”) operates the employee advocacy platform Ripple at https://app.ripples.marketing. For privacy inquiries: support@ripples.marketing.

Ripple is a product of CoreNet Solutions.

2. Scope

This policy describes how we collect, use, and share personal data when you use Ripple’s web application, when your organization invites you, and when you contact support.

3. Data we collect

Account

Examples
Name, email, password hash
Purpose
Authentication, account management

Organization

Examples
Company name, domain, role
Purpose
Multi-tenant access control

Content

Examples
Posts, drafts, media, share history
Purpose
Core product functionality

LinkedIn

Examples
OAuth tokens (encrypted), profile identifiers, share IDs
Purpose
Connect account and publish shares

Billing

Examples
Stripe customer/subscription IDs (no full card numbers)
Purpose
Subscriptions

Usage & diagnostics

Examples
Request logs (no passwords/tokens), error reports
Purpose
Security, reliability, support

Support

Examples
Feedback messages, optional screenshots
Purpose
Product improvement

We do not sell personal data.

4. Legal bases (EEA/UK)

Where GDPR applies, we process data based on: contract (providing the service), legitimate interests (security, product improvement), and consent where required (e.g., optional marketing cookies on our website).

5. How we use data

  • Provide, secure, and improve Ripple
  • Process subscriptions and send transactional email (verification, invites, password reset)
  • Enforce Terms and prevent abuse
  • Respond to support and legal requests

6. Subprocessors

We use trusted providers to run the service. See our Subprocessor list.

7. Retention

  • Account data: retained while your account or organization membership is active
  • Billing records: retained as required for tax and accounting
  • Logs: typically 30–90 days unless needed for security investigations
  • Deleted accounts: removed or anonymized within 30 days of a verified deletion request, subject to legal holds

8. Your rights

Depending on your location, you may have rights to access, correct, delete, export, restrict, or object to processing, and to withdraw consent. To exercise rights, see Privacy requests or email support@ripples.marketing.

We respond within 30 days for beta (may extend where permitted by law).

9. International transfers

Data may be processed in the United States and other countries where our subprocessors operate. We rely on appropriate safeguards (e.g., Standard Contractual Clauses) where required.

10. Security

We use encryption in transit (HTTPS), encrypted storage for LinkedIn tokens, row-level security in our database, and access controls by role. See our security overview in the app repository SECURITY.md (summary available on request).

11. Cookies and tracking

App (app.ripples.marketing)

  • Essential cookies: Supabase session cookies for login
  • CSRF cookie: Protects against cross-site request forgery
  • Error monitoring: Sentry (first-party error reporting; no advertising profiles)

We do not use third-party advertising trackers in the app during beta.

Marketing site (ripples.marketing)

If we add analytics (e.g., Google Analytics), we will show a cookie consent banner and update this section.

12. Children

Ripple is not directed at children under 16. We do not knowingly collect their data.

13. Changes

We may update this policy. The “Last updated” date will change; material updates may be communicated by email or in-app notice.

14. Contact

Ripple

A product of CoreNet Solutions

support@ripples.marketing