Privacy Policy

6 key principles to protect users and their data

Privacy Principles

  1. We do not ask for your name, identity, profile, gender, date of birth, email id, mobile number, address, contacts or other personal information for any purpose.
  2. Your data and its access keys are stored encrypted in our database in a way that even we cannot decrypt them or read.
  3. We do not provide perpetual login. Users have to login each time they want to access their account again.
  4. We do not automatically display our list of users to any user. Users who have previously connected with you are listed for you.
  5. Our connect feature is at a data item level. What is not connected remains private with the owner.
  6. We do not use cookies or your data for profiling or advertising.

Your Data

Account Information

When you sign-up, the only data we ask for is a private key and a personal riddle. We do not ask for any personally identifiable information on sign-up or after. Also, we do not have any mechanism to restore or reset your account in case you forget your private key or riddle. These are stored encrypted in our database and can be decrypted only when you re-enter them.

Personal Data

What you enter in riddlock is encrypted and stored in the database and on our servers. Our encryption mechanism uses your private key, riddles and other dynamically generated keys to encrypt. To this extent data encryption is unique for every user. All data items are encrypted with a public-private key pair to enable user connects. Every data item is thus uniquely encrypted as well.

Share Handle

The only way for a user to expose oneself is by creating a share handle and disclosing it to others. First, in order to not reveal your identity, users should not use their name or personal data in the share handle. Secondly, users should connect with trusted users only. Thirdly, users who do not want to connect at all need not create their share handle.

Group Data

Users in a group are identified by their user-id in the group which is created by group admins. Group user-ids are stored encrypted in the database and not known outside the group. For this reason, riddlock has no control over groups that decide to include names of their users in the user-ids.

Data Retention

In general, your data remains with us for perpetuity, except when you delete it or if you delete your account. In account deletion, data of only those groups in which you are the sole group admin is deleted. This is because groups in riddlock are not owned by a single user but the whole group.

Deleted data is permanently removed (purged) from our database and servers periodically through automated processes. Presently the frequency of such data purge is once in 24 hours, but this may change from time to time without intimation. Additionally, we may ourselves delete user accounts that remain inactive for a period of 6 months or more.

Your Identity

Personally Identifiable Information

We do not ask for any personally identifiable information from our users. We do not profile users or track their preferences, device id or IP address. Our goal is to comply fully with privacy laws worldwide.

Non-Personal Data

Non-personal data is your browsing history, websites you visit, your language preferences and other such information which does not uniquely identify you. The only non-personal data riddlock captures is our screens (pages) you open. We use this information to know the usage and popularity of our screens and to identify areas of improvement. We do not use any information for user profiling or advertising.


Server-Side Only

Many websites and apps use cookies to track user behavior and preferences. The only cookies we use are server-side cookies meant for riddlock to run effectively. We do not use cookies for any type of user profiling or advertising. We recommend that you do not block our cookies in your web browser settings as you may not be able to use riddlock if you do so.

Other Websites

External Links

Riddlock or your data may contain links to other websites. You must note that since we do not have any control over such other websites, we cannot be responsible for their user and data protection policies.

Data Management

Data Locations

Your data may be transmitted to and stored on servers in your home country or elsewhere. We choose our data hosting locations based on technical, administrative and financial parameters with the objective of providing unhindered and high-quality service to our users. We may also similarly delegate the maintenance, administration and management of data to employees, affiliates and third parties in different locations.

Data Security

In order to prevent unauthorized access or leakage of user data, we have used several measures and tools to ensure adequate security in data access, storage and transmission. We continue to enhance these on an ongoing basis to the best of our ability as data security is a forever evolving field that cannot be fully guaranteed in all respects at all times.


Terms Of Use

This privacy policy is part of our terms of use and must be read and understood in conjunction with those terms. We may change this privacy policy from time to time. We recommend that you check it regularly for changes.