Privacy Policy

Last updated: May 22, 2026

This Privacy Policy governs your use of our Website and application (collectively referred to as the “Service”). It describes the data we collect, how it is stored, how that data may be used, with whom it may be shared, and your choices about such uses and disclosures. Please be sure to carefully read the entirety of this Privacy Policy when using our Service.

“GDPR” means the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

“EEA” includes all current Member States to the European Union and the European Economic Area.

"CCPA" means California Consumer Privacy Act of 2018.

“Process”, in respect of personal data, includes to collect, store, use, and disclose to others.

Check Risora Terms of Use and Service (the “Terms”) for the meaning of defined words (those with capital letters) not explicitly defined in this Privacy Policy.

1. PERSONAL DATA CONTROLLER

Fulcrum Rocks LLC (reg. 2020-000938841) with registered office at 30 N Gould St Ste R, Sheridan, WY 82801, USA.

2. WHAT CATEGORIES OF PERSONAL DATA DO WE COLLECT?

We collect data you make available to us voluntarily (for example, email address, phone number, name, date of birth). We also collect data automatically when you use the Service (for example, your IP address, device type).

2.1. Data you give us

You provide us data about yourself when you register for and/or use the Website, for example, when you create a user profile (“Profile”), respond to our emails, or report a problem. The data that you give us includes:

Profile data. This includes your email address and password.

By providing Profile data you agree and understand that this data will be publicly available. Please do not provide personal data to your Profile that you would not want to be publicly available.

2.2. Data we collect automatically

3. FOR WHAT PURPOSES DO WE PROCESS YOUR PERSONAL DATA?

We process your personal data for the following purposes:

1. To provide Service to you: Enabling seamless use of the Service and addressing errors or technical issues. For example, we use your data to authenticate you and authorize access to our Service.

2. To research and analyze your use of the Service: Helping us maintain, improve, innovate, and develop our Service. We conduct surveys, research, and test features in development. We analyze the data we have to evaluate our Service and conduct audits and troubleshooting activities to improve our Service content and layouts. As a consequence, we often decide how to improve the Service based on the results obtained from this processing. For example, if we discover that users do not often use certain section of the Service we may focus on improving this section.

3. To customize the Service for you: Selecting available payment processors or determining eligibility for promotions.

4. To process your payments: We provide paid Service and/or Service within the Service. For this purpose, we use third-party Service for payment processing (for example, payment processors). As a result of this processing, you will be able to make a payment for paid features of the Service.

5. To enforce terms and prevent fraud: We use personal data to enforce our agreements and contractual commitments, to detect, prevent, and combat fraud. As a result of such processing, we may share your information with others, including law enforcement agencies (in particular, if a dispute arises in connection with the Terms).

6. To communicate with you: We may communicate with you, for example, by email or directly on the Service, including through push notifications.

7. To send marketing communications: We process your personal data for our marketing campaigns. We may add your email address to our marketing list. As a result, you will receive information about our Service features, offers, promotions, contests, and events or provide other news or information about third party Service that may be of interest to you. You can opt out of marketing communications by clicking the "Unsubscribe" button in one of the received emails.

8. To provide customer Service and support: As a result of such processing, we will send you messages about the availability of our Service security, payment transactions, status of your orders, legal notices, or other Service related information.

9. To personalize our ads: We and our partners use your personal data to tailor ads and possibly even show them to you at the relevant time.

10. To comply with legal obligations: We may process, use, or share your data when the law requires it, in particular, if a law enforcement agency requests your data by available legal means.

4. LEGAL BASIS FOR DATA PROCESSING (EEA ONLY)

This section applies only to EEA-based users. We process data under the following legal grounds:

5. CALIFORNIA PRIVACY RIGHTS

This section provides additional details about how we process personal data of California consumers and the rights available to them under the California Consumer Privacy Act of 2018 ("CCPA") and California's Shine the Light law. Therefore, this section applies only to residents of California, United States.

If you are a resident of California, you may request that we provide you with the information that we have shared with third parties for electronic/online direct marketing purposes, if such sharing has occurred; such information can be provided to you once a year free of charge, and will cover information shared during the past twelve (12) months. Information will be provided within forty-five (45) days of your request, or we will inform you that we need additional time to fulfill your request.

If you are a California resident and wish to make such a request, please provide sufficient information for us to determine if this applies to you, attest to the fact that you are a California resident and provide a current California address for our response. Requests can be made by contacting us at legal@risora.io. Any such request must include "California privacy rights request" in the first line of the description and include your name, street address, city, state and ZIP code. Please note that we are only required to respond to one request per customer each year, and we are not required to respond to requests made by means other than through this address.

Information shared for purposes other than direct marketing will not necessarily be included in our response to such request. We reserve the right to request and confirm proof of identity as we determine necessary in our sole discretion, and retain your request for at least two years for auditing and user management purposes.

6. DATA RETENTION

We will retain personal data for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law.

Please note that we have a variety of obligations to retain the data that you provide to us, including to ensure that transactions can be appropriately processed, settled, refunded, or charged-back, to help identify fraud and to comply with anti-money laundering and other laws and rules that apply to us and to our financial Service providers. Accordingly, even if you disable/delete your Profile, we will retain certain data to meet our obligations.

7. SECURITY OF YOUR PERSONAL DATA

We take reasonable and appropriate physical, technical, and organizational security measures in accordance with applicable laws to protect your personal data against the risk of accidental loss, compromise, or any form of unauthorized access, disclosure, or processing.

8. WITH WHOM DO WE SHARE YOUR PERSONAL DATA?

We share information with third parties that help us operate, provide, improve, integrate, customize, support, and market our Service. We may share some sets of personal data, in particular, for purposes indicated in Section 3 of this Privacy Policy. The types of third parties we share information with include, in particular:

9. INTERNATIONAL DATA TRANSFERS

We may transfer personal data to countries other than the country in which the data was originally collected in order to provide the Service set forth in the Terms and for purposes indicated in this Privacy Policy. If these countries do not have the same data protection laws as the country in which you initially provided the information, we deploy special safeguards.

In particular, if we transfer personal data originating from the EEA to countries with an inadequate level of data protection, we use one of the following legal bases: (i) Standard Contractual Clauses approved by the European Commission, or (ii) the EU-U.S. Data Privacy Framework, or (iii) the European Commission adequacy decisions about certain countries.

10. CHANGES TO THIS PRIVACY POLICY

We may modify this Privacy Policy at any time. If we decide to make material changes to this Privacy Policy, you will be notified through our Service or by other available means and will have an opportunity to review the revised Privacy Policy. By continuing to access or use the Service after those changes become effective, you agree to be bound by the revised Privacy Policy.

11. AGE LIMITATION

We do not knowingly process data from persons under 18 years of age (or older as required locally). If you discover a minor has shared data, contact us at legal@risora.io for immediate erasure.

12. PRIVACY RIGHTS

You maintain full control of your data rights, including access, update/correction, erasure, restricting processing, data portability, and lodging complaints with a supervisory data protection authority.

Verification of Privacy Requests: Once we receive a request to exercise any of your privacy rights (such as data access, portability, or erasure), we must verify your identity and authorization before taking action. We require you to securely authenticate your identity at a level appropriate to the requested action (e.g., via email confirmation link, multi-factor authentication, or logging directly into your secure account). This verification process is strictly necessary to prevent identity theft, phishing, or unauthorized disclosure of personal data to third parties.

13. HOW DO WE HANDLE "DO NOT TRACK" REQUESTS?

Except as stipulated otherwise, this Service does not natively support browser-based “Do Not Track” requests.

14. TRANSLATIONS

Translations are for convenience only. In the event of ambiguities, the English language version of this Policy will prevail.

15. CONTACT US

If you have any questions or concerns, contact us at:

Email: legal@risora.io