Privacy Policy

Account Information: When you create a RehXa account, we collect your name, email address, and password. If you sign up via Google or GitHub OAuth, we receive your name, email, and profile picture from those services.

Business Data: You may upload files (PDFs, documents, CSVs), provide website URLs for crawling, or create custom Q&A pairs. This data is used solely to train your AI agent and is never shared with other customers or third parties.

Conversation Data: We store conversations between your website visitors and your AI agent to provide analytics, improve response quality, and enable conversation history features.

Usage Data: We collect information about how you use RehXa, including pages visited, features used, and actions taken within the dashboard.

Payment Information: Payment processing is handled by Lemon Squeezy. We do not store your credit card details on our servers.

We use the information we collect to:

• Provide, maintain, and improve the RehXa platform
• Train and operate your AI agents using your uploaded business data
• Generate analytics and insights about your customer conversations
• Process payments and manage your subscription
• Send transactional emails (welcome, billing, alerts)
• Respond to your support requests
• Detect and prevent fraud and abuse

Your business data is strictly isolated. Each workspace has its own data partition. Your uploaded files, Q&A pairs, and conversation history are never accessible to other RehXa customers.

All data is encrypted at rest using AES-256 encryption and in transit using TLS 1.3. Our infrastructure is hosted on SOC 2 compliant providers.

We do not sell your personal information or business data. We share data only with:

• Service Providers: Supabase (database), Pinecone (vector search), Groq (AI inference), Lemon Squeezy (payments), Resend (email), Vercel (hosting), Railway (API hosting)
• Legal Requirements: When required by law, subpoena, or court order
• Business Transfers: In connection with a merger, acquisition, or sale of assets

We retain your account data for as long as your account is active. Conversation data is retained for 12 months from the conversation date. When you delete your account, we permanently delete all associated data within 30 days.

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Export your data in a portable format
• Opt out of marketing communications

To exercise these rights, contact us at privacy@rehxa.com.

If you are located in the European Economic Area, we process your data under the following legal bases: consent (for optional features), contract performance (for providing the service), and legitimate interests (for analytics and improvement).

For privacy-related inquiries, contact us at privacy@rehxa.com.