Privacy Policy

1. Introduction

Remindrr.ai ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our contract reminder and expiry tracking service ("Service").

This Privacy Policy applies to all users of Remindrr.ai, including both free and paying customers. By using our Service, you consent to the data practices described in this policy.

Key Privacy Commitments:

• We do NOT store raw document text - only AI-extracted metadata
• We do NOT sell your personal data to third parties
• We do NOT use your data to train AI models
• We use industry-standard encryption to protect your data
• You can request deletion of your data at any time

2. Information We Collect

2.1 Information You Provide

Account Information:

• Name and email address (required for account creation)
• Company/organization name
• Phone number (optional, for SMS notifications)
• Password (encrypted and never stored in plain text)
• Payment information (processed by Stripe, not stored on our servers)

Contract Data (AI-Extracted Metadata Only):

• Contract type (e.g., lease, service agreement)
• Counterparty names
• Contract start and end dates
• Renewal dates and terms
• Notice periods
• Payment frequencies
• AI confidence scores

Privacy Note: We do NOT store the full text of your uploaded documents. Only structured metadata extracted by our AI is retained. Original documents are deleted immediately after processing.

Section and Ownership Data:

• Section names (e.g., "Legal", "Facilities")
• Section owner names and contact information
• Company manager details

2.2 Information Collected Automatically

Usage Data:

• IP address
• Browser type and version
• Operating system
• Pages visited and time spent on pages
• Referring URLs
• Date and time of access
• Error logs and crash reports (via Sentry)

Cookies and Similar Technologies:

• Authentication cookies (essential)
• Preference cookies (e.g., language, theme)
• Analytics cookies (with your consent)
• Session identifiers

2.3 Information from Third-Party Services

If you connect third-party integrations:

• Google Calendar: Calendar events, event metadata, calendar access tokens
• Email Service: Email delivery status, open/click rates (if enabled)

These integrations are optional. You control what data is shared through OAuth consent screens.

3. How We Use Your Information

We use collected information for the following purposes:

3.1 Core Service Delivery

• Create and manage your account
• Process contract uploads and extract metadata using AI
• Send reminder notifications via email and SMS
• Display dashboard and reports
• Sync reminders with Google Calendar (if enabled)
• Route notifications to the correct section owners

3.2 Communication

• Send transactional emails (account confirmations, password resets)
• Send service updates and important notices
• Respond to customer support inquiries
• Send marketing emails (with your consent, opt-out available)

3.3 Service Improvement

• Analyze usage patterns to improve features
• Monitor and fix errors (via Sentry)
• Conduct A/B testing for UX improvements
• Develop new features based on user feedback

3.4 Security & Compliance

• Detect and prevent fraud
• Monitor for security threats
• Enforce our Terms of Service
• Comply with legal obligations

AI Training: We do NOT use your contract data to train our AI models. We use third-party AI APIs (OpenAI) with data processing agreements that prohibit training on customer data.

4. How We Share Your Information

We do NOT sell your personal information. We only share data in the following limited circumstances:

4.1 Service Providers

We share data with trusted third-party service providers who help us operate our Service:

• Supabase: Database hosting and authentication (data stored in US/EU regions)
• Vercel: Application hosting and CDN
• OpenAI: AI contract extraction (data NOT used for training)
• Stripe: Payment processing (PCI-DSS compliant)
• Resend: Transactional email delivery
• Twilio: SMS notifications (optional)
• Sentry: Error tracking and monitoring

All service providers are bound by data processing agreements and are prohibited from using your data for any purpose other than providing services to us.

4.2 Legal Requirements

We may disclose your information if required by law or in response to:

• Court orders or subpoenas
• Government or regulatory requests
• Legal processes or investigations
• Protection of our rights, property, or safety

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. You will be notified via email and/or prominent notice on our Service.

4.4 With Your Consent

We may share your information for other purposes with your explicit consent (e.g., connecting to your Google Calendar).

5. Data Security

We implement industry-standard security measures to protect your data:

5.1 Technical Safeguards

• Encryption: Data encrypted in transit (TLS/SSL) and at rest (AES-256)
• Authentication: Secure password hashing (bcrypt) and multi-factor authentication
• Access Controls: Role-based access and principle of least privilege
• Network Security: Firewalls, DDoS protection, and intrusion detection
• Regular Audits: Security assessments and penetration testing

5.2 Organizational Safeguards

• Employee background checks and confidentiality agreements
• Security awareness training
• Incident response procedures
• Data minimization and retention policies

Important: No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

6. Data Retention

We retain your data for as long as necessary to provide the Service and comply with legal obligations:

• Active Accounts: Data retained while your account is active
• Cancelled Accounts: Data retained for 30 days after cancellation, then permanently deleted
• Legal Compliance: Some data (e.g., financial records) retained for 7 years as required by law
• Backup Data: Backups deleted within 90 days after account deletion
• Analytics Data: Anonymized analytics retained indefinitely

You can request immediate data deletion by contacting privacy@remindrr.ai.

7. Your Privacy Rights

Depending on your location, you may have the following rights:

7.1 Rights Under GDPR (EU/UK Users)

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restriction: Limit how we process your data
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for processing at any time
• Right to Lodge a Complaint: File a complaint with your local data protection authority

7.2 Rights Under CCPA (California Users)

• Right to Know: Request details about what personal information we collect and how we use it
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt out of sale of personal information (note: we do not sell data)
• Right to Non-Discrimination: Equal service regardless of privacy rights exercise

7.3 How to Exercise Your Rights

To exercise any of these rights:

• Email us at: privacy@remindrr.ai
• Use the "Export Data" or "Delete Account" options in your account settings
• For GDPR requests, we respond within 30 days
• For CCPA requests, we respond within 45 days

We may ask for verification of your identity before processing requests to prevent unauthorized access.

8. Cookies and Tracking

We use cookies and similar technologies to enhance your experience:

8.1 Types of Cookies We Use

• Essential Cookies: Required for authentication and core functionality (cannot be disabled)
• Preference Cookies: Remember your settings and choices
• Analytics Cookies: Help us understand how you use the Service (with your consent)
• Marketing Cookies: Show you relevant ads (with your consent)

8.2 Managing Cookies

You can control cookies through:

• Our cookie consent banner (shown on first visit)
• Your browser settings (disable or delete cookies)
• Account settings (opt out of analytics)

Note: Disabling essential cookies may prevent you from using certain features of the Service.

9. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws.

For EU/UK Users:

• We use Standard Contractual Clauses (SCCs) approved by the European Commission
• Data is stored in EU or US data centers with appropriate safeguards
• Service providers are GDPR-compliant

10. Children's Privacy

Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@remindrr.ai.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy with a new "Last Updated" date
• Sending an email notification to registered users
• Displaying an in-app notification

Your continued use of the Service after changes become effective constitutes acceptance of the revised Privacy Policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:

• Email: privacy@remindrr.ai
• Data Protection Officer: dpo@remindrr.ai
• Support: support@remindrr.ai
• Address: [YOUR BUSINESS ADDRESS - TO BE ADDED]

For EU/UK Users: You have the right to lodge a complaint with your local supervisory authority if you believe our processing of your personal data violates data protection laws.