Privacy Policy

Last updated: April 27, 2026

Redeo ("we," "us," or "our") operates the website redeo.ai and associated services. This Privacy Policy describes how we collect, use, store, and protect your personal information when you use our products and services.

By accessing or using Redeo, you agree to the practices described in this policy. If you do not agree, please discontinue use of our services.

1. Information We Collect

We collect information in the following categories:

1.1 Personal Information

When you create an account or use our services, we may collect:

• Account information — name, email address, and password (stored in hashed form).
• Profile information — display name, organization, and any details you voluntarily provide.
• Payment information — billing address and payment method details. Credit card numbers are handled directly by our payment processor and are never stored on our servers.

1.2 Usage Data

When you interact with our platform, we automatically collect:

• Log data — IP address, browser type, operating system, referring URLs, pages visited, and timestamps.
• Device information — device type, unique device identifiers, and operating system version.
• Interaction data — prompts submitted, model responses viewed, features used, and session duration.
• Performance data — latency metrics, error rates, and system performance telemetry used to improve reliability.

1.3 Cookies and Tracking Technologies

We use cookies and similar technologies for:

• Essential cookies — required for authentication, security, and core functionality (e.g., session management).
• Analytics cookies — help us understand how users interact with our platform so we can improve the experience.
• Preference cookies — remember your settings and customization choices.

You can manage cookie preferences through your browser settings. Disabling essential cookies may affect the functionality of our services.

2. How We Use Your Information

We use the information we collect for the following purposes:

• To provide and operate our services — including account management, processing requests, and delivering AI-powered outputs.
• To process payments — billing, invoicing, and subscription management through our payment processor.
• To improve our services — analyzing usage patterns, monitoring performance, and fixing bugs.
• To communicate with you — sending service updates, security alerts, and support responses. You may opt out of non-essential communications at any time.
• To ensure safety and compliance — detecting fraud, abuse, or violations of our Terms of Service.
• To comply with legal obligations — responding to lawful requests from public authorities as required by applicable law.

We do not sell your personal information to third parties.

3. Data Storage and Security

3.1 Storage

Your data is stored on secure servers managed by our infrastructure providers. Data is processed and stored primarily in the United States. If you are accessing our services from outside the US, please be aware that your information may be transferred to, stored, and processed in the US.

3.2 Security Measures

We implement industry-standard security measures to protect your data, including:

• Encryption in transit — all data transmitted between your browser and our servers is encrypted using TLS (HTTPS).
• Encryption at rest — sensitive data stored in our databases is encrypted.
• Access controls — strict internal access controls limit who can access user data, based on the principle of least privilege.
• Regular security reviews — we conduct periodic audits and vulnerability assessments of our systems.
• Secure authentication — passwords are hashed using strong cryptographic algorithms and we support multi-factor authentication where available.

While we strive to protect your personal information, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security.

4. Third-Party Services

We rely on the following third-party services to operate our platform. Each provider has their own privacy policy governing how they handle data:

4.1 Stripe (Payment Processing)

We use Stripe to securely process payments, manage subscriptions, and handle billing. When you make a payment, your credit card information is sent directly to Stripe — it never passes through or is stored on our servers.

Stripe is certified as a PCI DSS Level 1 service provider, the highest level of security certification available in the payments industry.

For more information, see Stripe's Privacy Policy.

4.2 Supabase (Backend Infrastructure)

We use Supabase for database storage, authentication, and real-time backend services. Your account information, project data, and usage records are stored in Supabase's secure, encrypted databases.

Supabase provides enterprise-grade security including row-level security, encrypted connections, and SOC 2 compliance.

For more information, see Supabase's Privacy Policy.

4.3 Other Services

We may also use third-party services for analytics, monitoring, and communications. These services collect only the minimum data necessary to perform their functions and are contractually obligated to protect your information.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide our services. Specifically:

• Account data is retained for the duration of your account and for a reasonable period after account closure to handle disputes and comply with legal obligations.
• Usage logs are retained for up to 12 months for analytics and security purposes, then anonymized or deleted.
• Payment records are retained for the period required by applicable tax and financial regulations (typically 7 years).
• Conversation and prompt data may be retained to improve our models and services, unless you request deletion.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

6.1 Right of Access

You have the right to request a copy of the personal information we hold about you. You can access much of this information directly through your account settings.

6.2 Right to Correction

You have the right to request correction of any inaccurate or incomplete personal information we hold about you.

6.3 Right to Deletion

You have the right to request deletion of your personal information, subject to certain exceptions (such as legal obligations or ongoing disputes). To request account deletion, please contact us at the email address below.

6.4 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

6.5 Right to Object or Restrict Processing

You have the right to object to or request restriction of certain processing of your personal data, including for direct marketing purposes.

6.6 Right to Withdraw Consent

Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

7. GDPR Compliance (European Economic Area)

If you are a resident of the European Economic Area (EEA), the United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

• Lawful basis for processing — We process your data based on: (a) performance of a contract (providing our services), (b) legitimate interests (improving services, security), (c) consent (where explicitly obtained), and (d) legal obligations.
• Data Protection Officer — For GDPR-related inquiries, you may contact us at the email address listed below.
• Right to lodge a complaint — If you believe our processing of your data infringes GDPR, you have the right to lodge a complaint with your local supervisory authority.
• International transfers — When your data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs).

8. CCPA Compliance (California Residents)

If you are a resident of California, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know — You have the right to know what personal information we collect, how it is used, and to whom it is disclosed.
• Right to delete — You have the right to request deletion of your personal information, subject to certain exceptions.
• Right to opt out of sale — We do not sell personal information. No action is required on your part.
• Right to non-discrimination — We will not discriminate against you for exercising your privacy rights.
• Notice at collection — This Privacy Policy serves as our notice at collection under CCPA.

The categories of personal information we collect, as defined by CCPA, include: identifiers (name, email, IP address), commercial information (payment and billing data), internet activity (usage data and interactions), and inferences drawn from the above.

9. Children's Privacy

Our services are not intended for individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will take steps to delete that information promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes:

• We will update the "Last updated" date at the top of this page.
• For material changes, we will provide notice via email or a prominent notice on our website.
• Continued use of our services after changes take effect constitutes acceptance of the updated policy.

We encourage you to review this page periodically to stay informed about how we protect your information.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: privacy@redeo.ai
• Website: redeo.ai
• Business inquiries: business@redeo.io

We aim to respond to all privacy-related inquiries within 30 days.