Privacy Policy

This Privacy Policy describes what information we collect, how we use and protect it, and the rights and choices available to you. We are committed to handling personal information in a transparent and responsible manner.

1. Who we are

This Privacy Policy is provided by Reactable (“we,” “us,” “our”). It applies to our websites, applications, and Services.

2. What this policy covers

This policy describes how we collect, use, disclose, and protect information when you:

• Visit our websites;
• Create or use an account;
• Connect integrations (e.g., code repositories);
• Purchase or request services; or
• Communicate with us.

It does not cover third-party services you connect or visit, which are governed by their own policies.

3. The information we collect

We collect information in three broad categories: (A) information you provide, (B) information collected automatically, and (C) information from third parties.

3.1 Information you provide

Depending on how you use the Services, you may provide:

• Contact details (name, email, company name, role);
• Account information (login identifiers, authentication tokens);
• Billing details (handled primarily by our payment processor; we may receive limited billing metadata);
• Communications (messages, support requests, feedback);
• Customer Content (code, configuration, documents, and other materials you connect or upload).

Important: Customer Content may contain personal data (e.g., names in commit history) depending on your repositories and documents. You control what you connect and provide.

3.2 Information we collect automatically

When you use the Services, we may automatically collect:

• Device and browser information (e.g., browser type, OS, language);
• Log data (IP address, timestamps, pages viewed, referring URLs);
• Usage data (feature interactions, performance metrics, errors/crash reports);
• Approximate location inferred from IP (city/region level, not precise GPS).

3.3 Information from third parties

If you connect integrations (e.g., GitHub/GitLab/Bitbucket, Google Cloud, Jira), we may receive:

• Account identifiers and access tokens (scoped to what you approve);
• Repository metadata and code access (as authorized);
• Organization/project metadata; and
• Webhook events or audit-style metadata.

We may also receive information from service providers (e.g., payment processors, analytics) limited to what’s necessary to provide the Services.

4. How we use information

We use information to:

• Provide and operate the Services (authentication, account management, feature delivery);
• Generate assessments, reports, and deliverables you request;
• Maintain, troubleshoot, and improve performance and reliability;
• Provide support and respond to inquiries;
• Process payments and manage subscriptions;
• Prevent fraud, abuse, and security incidents;
• Comply with legal obligations; and
• Communicate with you about updates, security notices, and administrative messages.

Marketing communications

If we send marketing emails, you can opt out anytime (unsubscribe link or contact us). We may still send non-marketing emails like receipts, security updates, or account notices.

5. Legal bases (for users who care about this)

When applicable, we rely on:

• Contractual necessity (to provide the Services you request);
• Legitimate interests (security, fraud prevention, product improvement);
• Consent (where required for certain cookies/marketing); and
• Legal obligations (tax, accounting, compliance).

6. How we share information

We do not sell your personal information.

We may share information in the following cases:

6.1 Service providers (“processors”)

We use vendors to help run the Services (e.g., hosting, analytics, error monitoring, email delivery, payment processing). They may process data on our behalf under contractual obligations to protect it.

6.2 Integrations you enable

If you connect third-party systems, we will exchange data with them as necessary to provide the integration.

6.3 Business transfers

If we’re involved in a merger, acquisition, financing, or sale of assets, information may be transferred as part of the transaction, subject to standard confidentiality protections.

6.4 Legal requirements

We may disclose information if we believe disclosure is required by law or necessary to:

• Comply with legal processes;
• Protect rights, safety, and security; or
• Prevent fraud or abuse.

7. Data retention

We retain information only as long as necessary for:

• Providing the Services;
• Meeting legal and accounting obligations; and
• Resolving disputes and enforcing agreements.

Retention depends on the type of data, the purpose, and your plan.

Customer Content: We generally retain Customer Content for as long as your account is active (or as needed to provide professional services), and may retain limited backups for a reasonable period. You can request deletion subject to legal/contractual constraints.

8. Security

We take reasonable administrative, technical, and organizational measures to protect information, such as:

• Access controls and least-privilege practices;
• Encryption in transit (and, where appropriate, at rest);
• Monitoring and logging for security events; and
• Vendor risk management practices appropriate to our size and stage.

No system is perfectly secure. You are responsible for maintaining appropriate security on your side (e.g., using MFA, limiting repo access, and rotating credentials).

9. Cookies, analytics, and similar technologies

We may use cookies and similar technologies to:

• Keep you logged in;
• Remember preferences;
• Measure traffic and improve the Services; and
• Detect and prevent abuse.

Where required by law, we will offer consent controls. You can also control cookies through your browser settings, though some features may stop working.

Add your specific tooling here: e.g., Google Analytics, PostHog, Sentry, etc.

10. AI/automated processing

Some parts of the Services may use AI or automated methods to summarize, classify, or identify patterns in code and documents. These outputs:

• Are based on the information provided;
• May contain errors or omissions; and
• Should be reviewed by humans before making decisions.

We do not use Customer Content to train public AI models unless you explicitly opt in (or a separate written agreement says otherwise). (If you do plan to use data for model training, update this section.)

11. Your choices and rights

Depending on where you live, you may have rights to:

• Access, correct, or delete certain personal information;
• Object to or restrict certain processing;
• Opt out of marketing;
• Request a copy/portability of your data.

To exercise rights, contact us. We may need to verify your identity.

California/US state privacy laws

If applicable, we will honor required disclosures and opt-out mechanisms. As of this version, we do not sell personal information and do not knowingly share it for cross-context behavioral advertising as defined by some state laws. (If you run targeted ads, revisit this.)

Children

The Services are not intended for children under 13, and we do not knowingly collect information from children.

12. International users

If you access the Services from outside the United States, your information may be processed in the United States where data protection laws may differ.

13. Links to other sites

Our websites may link to third-party sites. We are not responsible for their privacy practices.

14. Changes to this Privacy Policy and versioning

We may update this policy from time to time. If changes are material, we will provide reasonable notice.

Version history

• v1.0.0 — Initial version (February 18, 2026).

15. Contact

For questions or requests about this policy: