Riff Privacy Policy

About The Riff Platform

The Riff Platform contains a simple video chat service and a customized instance of an open source text chat platform, provided by Riff Learning Inc, an independent software company incorporated in the State of Delaware and based in Newton, MA.

Our mission is to provide enhanced communications tools online that help people collaborate better for learning, team development, leadership training, and other activities where human interaction is important — so pretty much everything people do together! We sell software-as-a-service licenses of the Riff Platform to learning companies, corporations, and nonprofit entities at fair market prices, occasionally coupled with custom solutions that integrate the Riff Platform with other systems or services.

We are not ad based and we’re not interested in selling anyone anything other than the software that we have worked hard to deliver to our customers. We don’t keep track of conversations on the Riff Platform or anything else you do online, either coming to or going from our platform, except to provide value to you, our customers, in a transparent way. In other words, we don’t sell your data to anyone. We respect the individual’s privacy and the security of all communications on the Riff Platform. This is the core value of Riff Learning Inc, as well as a responsibility we take very seriously.

How The Riff Platform works

The Riff Platform video chat service is based on a new technology, called WebRTC, and many related advanced technologies for managing the exchange of audio and video data streams. WebRTC is a new Internet protocol that gives your web browser or mobile device access to the microphone and camera on your device along with the ability to exchange audio, video, and other data with someone else’s computer. This innovation enables Riff to provide real time video communication and feedback within the Riff Platform video chat application.

The video chat works something like this.:

  • When you visit the the Riff Platform website, your device runs the software that we provide and talks to our server to set up the video chat.

  • When another person joins the same room as you on the Riff Platform, our we start the connection process.

  • Once both computers are connected to our server, your computer exchanges various kinds of information with the other person’s computer either directly (“peer to peer”) or through a relay server, to help audio and video data travel between clients when peer-to-peer connections aren’t possible.

  • When you and the other person click the “Leave” button, we stop collecting data and send you to the page that provides metrics about the meeting.

  • The video chat application can manage several peer-to-peer and client-server connections at a time in this way, independently establishing exchanges of data in order to produce a real-time video conference with multiple parties

The Riff Platform text chat service (the chat within the video tool) operates much more simply, using standard Internet protocols to send messages between parties, namely a websocket connection and Transport Layer Security (TLS),.

The Riff Platform EDU environment provides a means of chatting in public channels, private channels, and via direct messages for people who are all part of a single team site (usually people in an online course together, or in a team or teams at a company, or part of some other organizing structure). These messages are all delivered using HTTPS and are encrypted from end to end. If you write a text message to one or more individuals in a direct message you have created, then it goes only to those individuals. If you write a text message in a private channel, likewise it only goes to the members of that channel. If you write a text message in a public channel, it goes to all members of the team site, but never to any other people who use other Riff Platform team sites.

In learning scenarios where Riff staff are responsible for maintaining a safe and respectful chat environment, content may be monitored, flagged and removed if it violates the terms of service.

Security and encryption

Your audio, video, and text data are encrypted between your device and any peer-connected device while you’re using the Riff Platform, so that your conversations can’t be interpreted by anyone other than you and the other parties involved. We also encrypt all the set up, call control, and disassembly information that your device sends to our servers (which can reveal private information such as the IP address of your computer).

Privacy policy

Our default privacy policy is never to gather or store or sell information about you, to log your conversations, or to engage in any other behavior that would compromise your privacy and security in any way.

However, we do need to gather a few pieces of personally identifying information (“PII”) in order for you to use the Riff Platform.

  • If you are connecting to Riff from a learning management system or other application, your device needs to tell us its Internet location (IP address) so that we can connect you with others’ devices (which need to tell us their Internet locations, too). We then create a unique identifier for you on the platform and receive whatever data the other application wants to give us (usually a name or an email address or some other identifier that is specific to that application).

  • If you are connecting to Riff directly through our Website, we also create a unique identifier for you, so we can show you data about your meetings over time. We do not otherwise track this information and we don’t share it with anyone else. (Anonymous usage is available in trial and beta versions only.)

  • When you create a password-protected profile on the Riff Platform, you can then provide as little or as much information as you like in the profile form, but you must at least give us your name and your email address. Again, these data are not shared with anyone who doesn’t already know them (you and the other people in your meetings).

Anonymous metrics

We collect anonymous usage data (with no personally identifying information attached) to improve the Riff Platform services and WebRTC technologies in general. Examples of usage data may include information about your browser, operating system, platform, the percentage of time spent talking or using text chat, how and when certain features are used (e.g., muting and unmuting audio), and the occurrences of connectivity failures. At times we provide some of this data to the Google Chrome and Mozilla Firefox teams so that they can prioritize and fix bugs in their code.

Personalized metrics

We collect personalized usage data on your behalf in order to produce analytically derived insights about you — how much you spoke, interruptions and affirmations, turn-taking in your meetings with others, your network of chat-based connections, and other metrics derived from the textual, vocal, and facial-gestural data streams. Your usage data is aggregated with data from other users to develop and refine the behavioral models that we use to deliver the visualizations and metrics you see during a meeting and immediately after a meeting has occurred.

At no time do we share that data — in its non-anonymized form — with anyone other than you and, as appropriate, the other people who were in a meeting or text-based exchange with you.

Reporting a bug

All security bugs in the Riff Platform are taken seriously. Bugs or vulnerabilities should be reported by email to devops@rifflearning.com. Your email will be acknowledged within 24 hours.

You will receive a more detailed response within 48 hours, which will also indicate the next steps we will take in handling your report. After our initial reply, the team will keep you informed of the progress being made toward a fix. As we move toward a formal announcement of the report and resolution, we may contact you for additional information surrounding the reported issue.