Regl.ai

Privacy Policy

Last updated: 2025-11-06

This Privacy Policy explains how ReglAI ("we", "us", "our") collects and processes information when you use our website and services. We aim to follow GDPR principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality.

Who We Are

Controller: ReglAI (HerixAI). Contact: privacy@regl.ai

Data We Process

  • Account data: email address and basic profile for authentication via Clerk.
  • Usage data: requests count and plan/quota status to prevent abuse and provide your plan features.
  • Content you provide: text you paste or files you upload (PDF/DOCX/TXT) are processed to provide the analysis you request. By default, processing is transient and not used to train models.
  • Product analytics (with consent): privacy-friendly analytics (PostHog EU) to understand feature usage and improve the product.

Purposes & Legal Bases

  • Provide the service (perform the contract): analyze content, return results, and manage your account.
  • Improve and secure (legitimate interests): detect abuse, ensure reliability and performance.
  • Analytics (consent): only after you accept cookies.

Data Sharing & Processors

  • Clerk — user authentication and session management.
  • PostHog (EU) — privacy-friendly analytics, only after consent.
  • Hugging Face / Mistral — AI inference for prompts and responses.
  • Upstash/Redis — server-side quota storage.
  • Lemon Squeezy — payments, invoicing, subscription management.
  • Hosting providers — (e.g., Vercel, Railway) for web and API hosting.

International Transfers

Some processors may operate outside the EU/EEA. Where applicable, we rely on appropriate safeguards (e.g., Standard Contractual Clauses).

Retention

Account and billing records are kept as required by law. Quota counters reset monthly. Uploaded content is processed transiently unless otherwise stated.

Your Rights

Under GDPR you may request access, rectification, deletion, restriction, portability, and objection. You may withdraw consent at any time for analytics. To exercise rights, contact privacy@regl.ai.

Security

We implement technical and organizational measures appropriate to risk, including encryption in transit, authentication, and access controls.

Children

ReglAI is not directed to children under 16 and should not be used by them.

Changes

We may update this Policy from time to time. We will post the updated date above.