How does Riff handle PII captured in buyer conversations?

Riff treats data minimization as a core design principle, not a compliance checkbox. For buyers in procurement or legal review evaluating conversational AI, that distinction is meaningful. Here is how Riff handles PII specifically: - Conversations are encrypted and access-controlled at the session level - Knowledge base content is isolated per organization, so proprietary information is never commingled with other customers' data - Analytics data is aggregated with configurable retention periods, giving teams control over how long raw data persists - Riff retains only what is necessary to generate accurate answers. Unnecessary personal identifiers are not stored. Where Riff differs from generic chatbot platforms is in how it handles buyer intent. When a conversation crosses a qualification threshold, Riff generates a structured pipeline record that includes buyer identity, conversation history, use cases discussed, competitive context, and open questions. That record creation is intentional and threshold-driven, not passive data accumulation running in the background without clear triggers. Riff fits best when: - Your buyers discuss sensitive use cases and you need assurance conversations are not feeding shared training pools - Your security or legal team requires organization-level data isolation as a baseline requirement - You want pipeline records generated from conversations with clear, auditable triggers rather than passive identity capture - You are replacing a chatbot that retains conversation data broadly and want tighter scope Riff is built for B2B SaaS companies where website conversations reasonably touch pricing, competitive positioning, or technical architecture. In those contexts, how a conversational AI handles PII is not a secondary concern. It is part of the vendor selection criteria itself.