Privacy Policy

This Privacy Policy describes how Reter LLC ("Reter," "we," "us," or "our") collects, uses, stores, discloses, and protects personal information in connection with our cloud-based software platform at https://reter.io and any related services, tools, or applications (collectively, the "Services").

This Privacy Policy applies to all users of the Services, including individual users, organization administrators, and authorized representatives of customer organizations. By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy.

1. Updates to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated Privacy Policy on our website, sending you an email to the address associated with your account, or providing an in-application notification. The "Last Updated" date at the top of this document indicates when this Privacy Policy was most recently revised. Your continued use of the Services after any update constitutes your acceptance of the revised Privacy Policy.

2. Personal Information We Collect

We collect personal information in three ways: information you provide directly, information collected automatically, and information from third-party sources.

2.1 Information You Provide Directly

Account Information. When you create an account, we collect your email address, display name, and any other information you provide during registration. If you are an administrator creating an Organization Account, we also collect the names and email addresses of users you invite to the platform.

Profile and Preferences. We collect your preferences and settings within the Services, including display preferences (such as dark mode), workspace configurations, role assignments, and notification preferences.

Payment Information. If you purchase a subscription, we collect billing information. Payments are processed by third-party payment processors. We do not directly collect or store payment card numbers, but we may receive information associated with your payment (such as billing address, transaction amounts, and the last four digits of your card).

Communications. We collect information you provide when you communicate with us, including through email, support requests, feedback submissions, or any other correspondence.

Imported Data. You may import data into the Services from external files (such as XLSX and CSV files) or through API integrations. We collect and process this data as part of providing the Services.

2.2 Information Collected Automatically

Device and Browser Information. We may collect information about the device and browser you use to access the Services, including your IP address, browser type, operating system, device identifiers, and general location information derived from your IP address.

Usage Information. We collect information about how you interact with the Services, including pages visited, features used, actions taken, timestamps, frequency and duration of use, and navigation patterns.

Authentication Data. We collect login activity, session information, and authentication events through our authentication provider (Supabase Auth) to secure your account and detect unauthorized access.

Cookies and Similar Technologies. We and our service providers may use cookies, local storage, and similar technologies to collect information automatically. These technologies help us maintain your session, remember your preferences, and understand how the Services are used. See Section 11 for your choices regarding these technologies.

2.3 Information from Third-Party Sources

We may receive personal information from third-party sources in connection with integrations you enable, data you import, or services that connect to the Reter platform via API. We treat information received from third parties in accordance with this Privacy Policy.

3. Business Data Processed on Your Behalf

The primary function of the Services is to help you manage your business operations. In providing the Services, we process business data that you and your authorized users enter, upload, or import into the platform ("Customer Business Data"). This data typically includes, but is not limited to:

• Customer and Account Records: company names, business contact names, email addresses, phone numbers, mailing addresses, and other contact information for your customers, leads, and prospects;
• Sales and Revenue Data: opportunity and pipeline records, revenue figures, quotes, orders, pricing information, sales forecasts, territory assignments, and commission data;
• Product Information: product catalogs, pricing, specifications, and sales history;
• Organizational Data: buying group memberships, account tier classifications, account ownership assignments, and rep/employee performance data;
• Activity and Workflow Data: notes, follow-up tasks, next steps, activity logs, calendar entries, and collaboration records; and
• Reporting Snapshots: pulse report snapshots, dashboard configurations, exported reports, and historical analytics data.

Customer Business Data belongs to you. Reter processes Customer Business Data solely to provide and improve the Services, as described in this Privacy Policy and our Terms of Service. Customer Business Data may contain personal information about your customers, employees, or other individuals. You are responsible for ensuring that you have the appropriate legal basis and any necessary consents to provide such personal information to Reter through the Services.

4. How We Use Personal Information

4.1 To Provide and Maintain the Services

We use personal information to:

• Create and manage your account and authenticate your identity;
• Provide access to the features and functionality of the Services;
• Process your Customer Business Data as necessary to deliver CRM, analytics, reporting, and other platform capabilities;
• Process payments and manage your subscription;
• Communicate with you about your account, the Services, and support requests; and
• Enforce our Terms of Service and protect the security of the Services.

4.2 To Improve and Develop the Services

We use personal information to:

• Understand how users interact with the Services and identify areas for improvement;
• Develop new features, products, and services;
• Conduct internal analytics and research; and
• Generate Aggregate/Deidentified Data (as defined in our Terms of Service) for benchmarking, trend analysis, and product development.

4.3 To Operate Our Business

We use personal information to:

• Comply with legal obligations and respond to lawful requests;
• Protect our rights, property, and safety, and that of our users and others;
• Detect, prevent, and address fraud, abuse, and security issues; and
• Carry out accounting, auditing, and other internal business functions.

4.4 To Communicate with You

We may use your contact information to send you service-related notices (such as account verification, billing reminders, security alerts, and changes to our Terms or this Privacy Policy) and, where permitted, product updates and marketing communications. You can opt out of marketing communications as described in Section 11.

5. Artificial Intelligence and Automated Processing

The Services include artificial intelligence and machine learning features that process your data to deliver analytics, predictions, recommendations, and automated insights.

5.1 How AI Features Process Your Data

AI features within the Services may:

• Analyze your Customer Business Data to generate sales forecasts, revenue predictions, and performance insights;
• Provide recommendations for account prioritization, pipeline management, and workflow optimization;
• Process documents you upload (such as spreadsheets and reports) to extract, classify, and organize information;
• Enable natural language queries and interactions with your business data; and
• Automate routine tasks and workflows based on patterns identified in your data.

5.2 Third-Party AI Providers

We may use third-party AI service providers to power certain features of the Services. When we share your data with third-party AI providers, we do so under contractual terms that require these providers to process your data only for the purpose of providing the Services to you, and not for their own purposes including training their general-purpose models.

5.3 Data Training Practices

Your data is not used to train general-purpose AI models. Reter does not use your Customer Business Data or personal information to train AI or machine learning models that serve other customers or the general public. We may use Aggregate/Deidentified Data (which cannot reasonably identify you or any individual) to improve the overall quality and performance of the Services.

5.3.1 Machine Learning Models. The Services include proprietary machine learning models that may be trained using your Customer Business Data to provide customer-specific predictions, classifications, and recommendations. These trained models, including their architectures, parameters, and learned patterns, are the intellectual property of Reter. The predictions and recommendations generated by these models for your use are licensed to you under the Terms of Service for the duration of your subscription.

5.3.2 Anonymized Data Opt-Out. Enterprise customers operating under a Master Service Agreement may opt out of anonymized data derivation by providing written notice to Reter. If you wish to discuss opt-out options, please contact us at the address in Section 14.

5.4 Automated Decision-Making

AI-generated outputs within the Services, such as forecasts, scores, and recommendations, are provided as decision-support tools. They are not intended to be the sole basis for consequential decisions. You retain full control over how you act on AI-generated information. If you have concerns about how automated processing affects you, please contact us at the address provided in Section 14.

6. How We Disclose Personal Information

6.1 Service Providers

We share personal information with third-party service providers who perform services on our behalf, including hosting, database management, authentication, analytics, payment processing, customer support, and AI processing. These providers are contractually obligated to use personal information only as necessary to provide services to us and in accordance with this Privacy Policy.

6.2 Within Your Organization

If you use the Services through an Organization Account, personal information and Customer Business Data may be visible to other authorized users within your organization, subject to the role-based access controls configured by your organization's administrator(s). Administrators can view, manage, and control the data and activity of users within their organization.

6.3 Legal Requirements and Protection of Rights

We may disclose personal information if we believe in good faith that disclosure is necessary to: (a) comply with applicable law, regulation, legal process, or governmental request; (b) enforce our Terms of Service or other agreements; (c) protect the rights, property, or safety of Reter, our users, or others; or (d) detect, prevent, or address fraud, security, or technical issues.

6.4 Business Transfers

In connection with any merger, acquisition, reorganization, sale of assets, or similar transaction, personal information may be transferred to the successor entity. We will notify you of any such transfer and any choices you may have regarding your personal information.

6.5 With Your Consent

We may disclose personal information for other purposes with your explicit consent.

We do not sell personal information. Reter does not sell, rent, or trade your personal information to third parties for their own commercial purposes.

7. Our Service Providers and Infrastructure

The Services are built on and delivered through the following core infrastructure providers. Each provider maintains its own security practices and certifications:

• Supabase. Provides database hosting (PostgreSQL), user authentication, real-time data subscriptions, and related backend services. Supabase runs on Amazon Web Services (AWS) infrastructure. Supabase's security practices are described at supabase.com/security. AWS security information is available at aws.amazon.com/security.
• Vercel. Provides application hosting, deployment, and content delivery network (CDN) services. Vercel's security practices are described at vercel.com/security.
• Cloudflare. Provides DNS management, domain registration, CDN, and network security services, including DDoS protection and SSL/TLS encryption. Cloudflare's security practices are described at cloudflare.com/trust-hub/security.
• GitHub. Provides source code hosting and the deployment pipeline. GitHub does not have access to your Customer Business Data in production. No customer-identifiable data is stored in source code repositories.
• Anthropic. May be used to provide AI-powered features within the Services, including natural language processing and intelligent recommendations. Anthropic processes data only as necessary to deliver the Services and does not use your data for training its general-purpose models. Anthropic's usage policy is described at anthropic.com/policies.

As we develop the Services, we may engage additional service providers. Enterprise customers operating under a Master Service Agreement will receive at least thirty (30) days advance notice before any new subprocessor with access to Customer Business Data is engaged. We will update this Privacy Policy to reflect material changes in our service provider relationships.

8. Data Retention

8.1 Active Accounts

We retain personal information and Customer Business Data for as long as your account is active or as needed to provide the Services. The Services include a soft-delete system, meaning that deleted records are moved to a trash state and retained for thirty (30) days before permanent deletion, allowing for recovery of accidentally deleted data.

8.2 After Termination

Upon termination or cancellation of your account, we will make your data available for export for thirty (30) days. After this export period, we will delete your personal information and Customer Business Data from production systems within sixty (60) days, except to the extent we are required to retain certain information by applicable law or for legitimate business purposes.

8.3 Aggregate/Deidentified Data

Aggregate/Deidentified Data, which cannot reasonably be used to identify you or any individual, may be retained and used indefinitely, subject to any opt-out exercised by enterprise customers under Section 5.3.2.

9. Data Security

We implement commercially reasonable administrative, technical, and physical safeguards designed to protect the security, confidentiality, and integrity of your personal information and Customer Business Data. These measures include:

• Encryption of data in transit using SSL/TLS protocols;
• Encryption of data at rest using AES-256;
• Authentication and role-based access controls, including row-level security, to limit data access to authorized users;
• Logical isolation of each customer's data in dedicated database instances (Customer Business Data is never commingled across customers);
• Use of infrastructure providers that maintain industry-standard security certifications and practices;
• Regular review of our data collection, storage, and processing practices; and
• Limiting access to personal information to employees, contractors, and service providers who need it to operate, develop, or improve the Services.

While we take reasonable precautions, no method of electronic transmission or storage is completely secure. We cannot guarantee the absolute security of your data. If you become aware of any security incident affecting your account, please contact us immediately at the address provided in Section 14.

10. International Data Transfers

Reter is based in the United States, and your data is primarily processed and stored on servers located in the United States. If you access the Services from outside the United States, your personal information will be transferred to the United States, where data protection laws may differ from those in your jurisdiction.

10.1 European Economic Area, United Kingdom, and Switzerland (GDPR / UK GDPR)

If you are located in the European Economic Area ("EEA"), the United Kingdom ("UK"), or Switzerland, Reter processes your personal data in accordance with the General Data Protection Regulation ("GDPR") and the UK GDPR, as applicable. You have the right to: (a) access and obtain a copy of your personal data; (b) rectify inaccurate personal data; (c) request erasure of your personal data; (d) restrict processing of your personal data; (e) data portability; (f) object to processing of your personal data; and (g) withdraw consent at any time where processing is based on consent. To exercise these rights, contact us at the address in Section 14. Where we transfer personal data from the EEA, UK, or Switzerland to the United States, we rely on applicable transfer mechanisms, including standard contractual clauses approved by the European Commission or the UK Information Commissioner's Office, as appropriate.

10.2 Brazil (LGPD)

If you are located in Brazil, Reter processes your personal data in accordance with the Lei Geral de Proteção de Dados ("LGPD"), as applicable. You have the right to: (a) confirmation of processing; (b) access to your data; (c) correction of inaccurate data; (d) anonymization, blocking, or deletion of unnecessary or excessive data; (e) data portability; (f) information about third parties with whom your data is shared; (g) information about the possibility of denying consent and the consequences thereof; and (h) revocation of consent. To exercise these rights, contact us at the address in Section 14.

10.3 Canada (PIPEDA)

If you are located in Canada, Reter processes your personal information in accordance with the Personal Information Protection and Electronic Documents Act ("PIPEDA"), as applicable. You have the right to access your personal information held by Reter and to challenge its accuracy. To exercise these rights, contact us at the address in Section 14.

10.4 Other Jurisdictions

If you are located in a jurisdiction with data protection laws that grant you specific rights regarding your personal information, Reter will comply with those laws as applicable. To the extent additional terms are required for compliance with local data protection regulations, they will be set forth in a supplemental addendum to this Privacy Policy. To exercise any rights under your local law, contact us at the address in Section 14.

10.5 Transfer Mechanisms

When we transfer personal information across borders, we ensure that appropriate safeguards are in place, including standard contractual clauses, contractual protections with our service providers, and compliance with applicable data transfer requirements under the laws of the originating jurisdiction.

11. Your Privacy Rights and Choices

11.1 Account Information

You may access, update, or correct your account information at any time by logging into the Services. If you wish to delete your account entirely, please contact us at the address in Section 14. Organization administrators may manage user accounts and data within their organization.

11.2 Data Export

The Services provide data export capabilities. You may export your Customer Business Data at any time during the term of your subscription.

11.3 Marketing Communications

You may opt out of marketing communications by following the unsubscribe instructions in any marketing email we send, or by contacting us directly. Even if you opt out of marketing communications, we will continue to send you service-related notices that are necessary for the operation of your account.

11.4 Cookies and Tracking

Most web browsers allow you to control cookies through browser settings. You may configure your browser to refuse cookies or to alert you when cookies are being sent. Please note that disabling cookies may affect the functionality of the Services.

11.5 Do Not Track

The Services do not currently respond to "Do Not Track" browser signals. We will update this Privacy Policy if our practices change in this regard.

11.6 Data Subject Rights

Depending on your jurisdiction, you may have the right to: (a) access the personal information we hold about you; (b) request correction of inaccurate personal information; (c) request deletion of your personal information; (d) object to or restrict certain processing of your personal information; (e) request portability of your personal information; and (f) withdraw consent where processing is based on consent. To exercise any of these rights, please contact us at the address in Section 14.

12. Children's Privacy

The Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us at the address in Section 14, and we will take steps to delete such information.

13. Third-Party Links and Integrations

The Services may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to the practices of third parties. We encourage you to review the privacy policies of any third-party services you access through or in connection with the Services. Reter is not responsible for the privacy practices of third-party websites or services.

14. Contact Us

If you have any questions about this Privacy Policy, want to exercise your privacy rights, or have concerns about how we handle your data, please contact us:

Reter LLC
220 Fairfield Road
Painesville, OH 44077
Email: privacy@reter.io