Privacy Policy

How RifePlayer collects, uses, and protects your personal information.

This Privacy Policy was last updated on 04 May 2026

This Privacy Policy explains how RifePlayer (“RifePlayer,” “we,” “us,” or “our”) collects, uses, discloses, and protects information about you when you visit rifeplayer.com, use app.rifeplayer.com, install the RifePlayer mobile or desktop application, or otherwise interact with our services (collectively, the “Service”).

By using the Service you agree to the collection and use of information in accordance with this Policy. If you do not agree, please do not use the Service.

1. Who We Are

RifePlayer provides frequency therapy software that lets users browse, customize, and play Rife frequency programs. The Service is operated as a web application at rifeplayer.com and app.rifeplayer.com, with companion mobile distribution via the Apple App Store and other platforms. Our backend API runs at api-v2.rifeplayer.com.

For privacy questions, please use our contact form.

2. Information We Collect

a. Information you provide to us

  • Account information. When you create an account we collect your email address. You may also optionally provide your first name and last name. We do not store passwords because we use passwordless email one-time passcode (OTP) authentication.
  • Contact form submissions. If you submit a contact form, we collect your first and last name, email address, phone number, company name, the category of your inquiry, and the contents of your message.
  • Billing information. When you purchase a paid subscription, billing is handled by our payment processor, Stripe. Stripe collects your payment card details directly; we do not see or store full card numbers. We retain a Stripe customer ID and subscription ID, your subscription status, plan tier, current billing period end, and cancellation state.
  • User-generated content. Programs you create, playlists you build, favorites you mark, and similar content you save in the app.

b. Information collected automatically

  • Authentication tokens. A short-lived JWT is stored in an HTTP-only cookie (auth_token). A CSRF token is stored in a separate cookie (csrf_token) for double-submit protection. Anonymous/guest users receive a temporary session token.
  • Diagnostic data on contact submissions. When you submit a contact form, we record the originating IP address and browser User-Agent string for spam and abuse prevention.
  • Session and activity events. We log authentication events (login, logout, token refresh) and limited usage events to operate the Service, troubleshoot issues, and detect abuse.

c. Information from third parties

  • Stripe sends us subscription status updates and billing events via signed webhooks so we can keep your account in sync with your subscription.
  • Apple App Store (if you sign in or subscribe via an Apple device) may share device-level identifiers and purchase confirmations consistent with Apple’s policies.
3. How We Use Information

We use the information we collect to:

  • Create and authenticate your account and keep you logged in.
  • Provide, maintain, and improve the Service, including syncing playlists and preferences across your devices.
  • Process subscription payments and manage billing through Stripe.
  • Respond to support requests and contact form inquiries.
  • Send transactional emails such as login codes, receipts, security alerts, and material changes to our terms or this Policy.
  • Detect, prevent, and investigate fraud, abuse, security incidents, and Terms of Use violations.
  • Comply with legal obligations.

We do not sell your personal information, and we do not use your information to train artificial intelligence or machine learning models.

If you are in the European Economic Area or the United Kingdom, we process your personal data on the following legal bases:

  • Contract: to provide the Service you have signed up for.
  • Legitimate interests: to secure the Service, prevent abuse, and improve the product.
  • Consent: where required, for example for certain communications. You may withdraw consent at any time.
  • Legal obligation: to comply with applicable law.
5. Sub-Processors and Service Providers

We share personal information only with vendors who help us run the Service, under contractual confidentiality and security obligations:

  • Cloudflare, Inc. — application hosting (Cloudflare Workers and Pages), database (D1), object storage (R2), key-value cache (KV), and content delivery. Some processing occurs at Cloudflare’s global edge network.
  • Stripe, Inc. — payment processing, subscription billing, invoicing, and the customer billing portal. See Stripe’s privacy policy at stripe.com/privacy.
  • Email delivery provider — used to send authentication codes, receipts, and transactional messages.
  • Apple Inc. — for iOS app distribution and, where applicable, in-app purchase processing.

We do not sell or rent personal information to third parties.

6. Cookies and Similar Technologies

We use a small number of strictly necessary cookies:

  • auth_token — HTTP-only session cookie used to keep you signed in.
  • csrf_token — used to protect against cross-site request forgery.
  • A short-lived guest session cookie for users who have not signed in.

We do not currently use third-party advertising cookies. If we add product analytics or similar tracking in the future, we will update this Policy and, where required, request your consent.

7. Data Retention

We retain personal information only for as long as needed to provide the Service and for the purposes described in this Policy:

  • Account data: retained while your account is active. If you delete your account, we will delete or anonymize your account data within 30 days, except for limited records we are required to keep (for example, billing records retained for tax and accounting purposes, typically up to 7 years).
  • Contact form submissions: retained for up to 24 months for support and abuse prevention.
  • Diagnostic logs: retained for up to 90 days.
  • Billing records held by Stripe: governed by Stripe’s retention policies.
8. Security

We use industry-standard safeguards including TLS in transit, HTTP-only cookies for session tokens, signed JWTs, CSRF protection, signed webhook verification, encrypted storage at rest on Cloudflare infrastructure, and the principle of least privilege for internal access. No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security.

9. Your Rights

Depending on where you live, you may have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate information.
  • Request deletion of your account and personal data.
  • Export a copy of your data in a portable format.
  • Object to or restrict certain processing.
  • Withdraw consent where processing is based on consent.
  • Lodge a complaint with your local data protection authority.

To exercise these rights, submit a request through our contact form using the email address associated with your account. We will respond within the timeframes required by applicable law.

California residents. If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA/CPRA), including the rights to know, delete, correct, and opt out of “sales” or “sharing” of personal information. We do not sell or share personal information as those terms are defined under the CCPA.

10. Children’s Privacy

The Service is intended for users 18 years of age or older. We do not knowingly collect personal information from children under 13 (or under 16 in the EEA/UK). If you believe a child has provided us personal information, contact us and we will delete it.

11. International Data Transfers

We are based in the United States and use service providers (including Cloudflare and Stripe) that operate globally. If you access the Service from outside the United States, your information may be transferred to, stored in, and processed in the United States and other countries. Where required, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses.

12. Apple App Store Disclosures

If you obtain a RifePlayer app through the Apple App Store:

  • Subscription purchases made through the app are processed by Apple under Apple’s terms; we receive subscription status confirmations from Apple and do not receive payment card details.
  • The data categories collected by the app are described above and are reflected in our App Store privacy nutrition label: contact info (email, optional name), identifiers (account ID), purchases (subscription status), usage data (limited app interaction events), and diagnostics (crash and performance data).
  • The app does not track you across other companies’ apps or websites.

The Service may link to third-party websites we do not control. This Policy does not apply to those sites. Please review their privacy policies before providing them with information.

14. Changes to This Policy

We may update this Policy from time to time. If we make material changes, we will notify you by email and/or by a prominent notice on the Service before the changes take effect, and we will update the “last updated” date above. Continued use of the Service after changes take effect constitutes acceptance of the revised Policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, please reach us through our contact form.