Privacy Policy

Reqly (“we,” “us,” or “our”) provides a web-based platform for collecting documents, forms, and signatures through secure, shareable links.

This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data. We believe in transparency, minimal data collection, and keeping things simple.

What we collect

Account information

When you create an account, we collect your name, email address, and password. If you subscribe to a paid plan, we also collect billing information through our payment processor, Stripe. We do not store your full credit card number.

Uploaded content

When you or your recipients use Reqly, files, form responses, and signatures may be uploaded through the platform. We store this content securely on your behalf and only to provide the service.

Usage data

We collect basic usage information such as pages visited, browser type, device type, and IP address. This helps us understand how the product is used and where we can improve it. We do not build advertising profiles from this data.

How we use your data

We use your information to:

• —Provide, maintain, and improve the Reqly service
• —Process transactions and manage your subscription
• —Send essential service communications (account updates, security alerts)
• —Respond to support requests
• —Monitor for abuse or violations of our terms

We do not sell your data. We do not use uploaded content for advertising, training models, or any purpose other than delivering the service to you.

How we handle uploaded documents

Documents, files, and signatures uploaded through Reqly are your data. We store them securely and only access them to provide the service — for example, to display them in your dashboard or deliver them to you.

We do not review, analyze, or share uploaded content unless required by law or necessary to protect the security of the platform.

Data ownership

You own your data. Reqly does not claim any ownership rights over the content you or your recipients upload. We hold it on your behalf, and you can export or delete it at any time.

Data sharing

We share your information only when necessary to operate the service:

• —Infrastructure providers to host and deliver the service (cloud hosting, database services)
• —Payment processing Stripe processes your billing information securely
• —Email delivery to send transactional emails (confirmations, notifications)
• —Legal requirements if required by law, regulation, or valid legal process

We do not sell, rent, or trade your personal information to third parties.

Security

We take the security of your data seriously. We use encryption in transit and at rest, maintain access controls, and follow industry-standard practices to protect your information.

No system is perfectly secure. While we work hard to protect your data, we cannot guarantee absolute security. If we become aware of a breach that affects your data, we will notify you promptly.

Data retention and deletion

We retain your data for as long as your account is active or as needed to provide the service. When you delete your account, we remove your personal information and uploaded content within 30 days, unless we are required by law to retain it longer.

You can delete individual intakes and their associated files at any time through your dashboard.

Cookies and analytics

We use essential cookies to keep you logged in and maintain your session. We may also use basic analytics tools to understand how the product is used.

We do not use cookies for advertising or cross-site tracking.

Your rights

You have the right to:

• —Access request a copy of the personal data we hold about you
• —Correction ask us to correct inaccurate information
• —Deletion ask us to delete your data and close your account
• —Export request your data in a portable format
• —Objection object to certain types of data processing

You also have the right to restrict processing of your data, withdraw consent at any time (where processing is based on consent), and lodge a complaint with your local data protection supervisory authority.

To exercise any of these rights, contact us at the email below. We will respond within 30 days.

Legal basis for processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data on the following legal bases:

• —Contract performance to provide the Service, manage your account, and process payments
• —Legitimate interests to improve the Service, prevent fraud, and ensure security
• —Legal obligation to comply with applicable laws, regulations, and legal processes
• —Consent where you have given explicit consent for a specific purpose, which you may withdraw at any time

International data transfers

Reqly is based in the United States, and your data is processed and stored on servers located in the United States. If you are accessing the Service from outside the United States, your information will be transferred to, stored, and processed in the United States.

Where we transfer personal data from the EEA, UK, or Switzerland to the United States, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission. By using the Service, you consent to the transfer of your information to the United States as described in this policy.

California privacy rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• —Right to know what personal information we collect, use, disclose, and sell
• —Right to delete your personal information, subject to certain exceptions
• —Right to opt out of the sale or sharing of your personal information
• —Right to non-discrimination for exercising your privacy rights

We do not sell or share your personal information as defined by the CCPA/CPRA. To exercise your rights, contact us at privacy@reqly.app. We will verify your identity before processing your request and respond within 45 days.

Children's privacy

The Service is not directed to children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information promptly.

If you believe a child has provided us with personal information, please contact us at privacy@reqly.app so we can take appropriate action.

Do Not Track

Some browsers send a “Do Not Track” (DNT) signal to websites. Because there is no accepted standard for how to respond to DNT signals, we do not currently respond to them. However, we do not engage in cross-site tracking or targeted advertising regardless of DNT settings.

Changes to this policy

We may update this Privacy Policy from time to time. When we make meaningful changes, we will notify you by email or through a notice in the product. The “Last updated” date at the top of this page reflects the most recent revision.

Contact

If you have questions about this Privacy Policy or how we handle your data, reach out to us:

privacy@reqly.app