Privacy Policy

Last updated: March 3, 2026

1. Information We Collect

Account Information

  • Email address (for account creation and communication)
  • Display name and pronouns (to personalize your experience)
  • Password (cryptographically hashed, never stored in plain text)

Profile & Onboarding Information

  • Values, goals, and interests (to help AI personas understand you)
  • Profession and location (optional, for contextual awareness)
  • Narrative responses from onboarding prompts (used to shape your persona experience)
  • Additional context you choose to share

Conversation & Usage Data

  • Conversation history with AI personas
  • Files and documents you upload to your library
  • Audio files you upload (MP3, WAV, and other supported formats)
  • Feature usage patterns (to improve the product)

Integration Data

  • OAuth tokens for connected services (Notion, Google, Hevy) — encrypted at rest
  • Data retrieved from connected services when your persona uses integration tools
  • API keys you provide under our Bring Your Own Key (BYOK) program — encrypted using AES-256-GCM

Device & Technical Data

  • IP address (for security, rate limiting, and abuse prevention)
  • Browser type and operating system (for compatibility)
  • Referral URLs and page visit timestamps

2. How We Use Your Information

We process your information on the following legal bases:

  • To fulfill our contract with you: Providing the ReGild service, processing your conversations, maintaining your persona memories, and managing your account
  • With your consent: Enabling voice synthesis, connecting third-party integrations, and processing optional profile information
  • For legitimate interests: Improving service quality, preventing fraud and abuse, ensuring platform security, and performing analytics
  • For legal compliance: Meeting regulatory obligations, responding to lawful requests, and enforcing our terms

3. AI Data Processing

ReGild uses third-party AI language models to power your persona conversations. Here is how your data flows through these systems:

  • Per-request processing: When you send a message, your conversation context is sent to the selected AI provider for that specific request. Data is not retained by the provider beyond the request.
  • No model training: Your conversations are never used to train, fine-tune, or improve third-party AI models. We use API tiers and agreements that explicitly prohibit training on user data.
  • Provider selection: Depending on your settings, conversations may be processed by leading AI providers such as Google, OpenAI, and Anthropic, among others. If you use BYOK, your chosen provider processes your data under your own API agreement with them.
  • Context window: To provide continuity, your persona may include relevant conversation history, profile information, and memory summaries in its context. This data is transmitted to the AI provider as part of the request.

4. Voice Synthesis

ReGild offers optional voice synthesis that converts your persona's text responses into spoken audio.

  • How it works: Text responses are sent to ElevenLabs, a third-party text-to-speech provider, which generates audio using pre-built synthetic voices. No user voice recordings are used as input.
  • Opt-in only: Voice synthesis is disabled by default. You must explicitly enable it in your settings and may disable it at any time.
  • No biometric collection: ReGild does not collect, store, or process biometric identifiers or voiceprints from you. The voice synthesis feature converts text to audio using pre-existing synthetic voice models — it does not clone, sample, or analyze your voice.
  • BYOK for voice: If you provide your own ElevenLabs API key, voice requests are processed under your direct agreement with ElevenLabs.
  • Data sent to ElevenLabs: Only the text content of persona responses and the selected voice ID are transmitted. No personal profile data, conversation history, or account information is shared with ElevenLabs.

5. Third-Party Integrations

You may choose to connect external services to enhance your persona experience. Each integration is optional and can be disconnected at any time.

  • What we access: When you connect a service (such as Notion, Google Calendar, or Hevy), we request only the permissions necessary to provide the integration. Your persona may search, read, or create content in these services on your behalf.
  • Token storage: OAuth access tokens are encrypted at rest using AES-256-GCM and stored in our secure vault. Tokens are never logged or exposed in plaintext.
  • Revocation: You can disconnect any integration at any time through your Settings page. Upon disconnection, we delete the stored tokens and cease all access to the connected service.
  • Third-party policies: Each connected service has its own privacy policy and terms. We encourage you to review them. ReGild is not responsible for the data practices of third-party services.

6. Sub-Processors & Data Sharing

We share your data only with the third-party service providers necessary to operate ReGild. We do not sell your personal information to anyone — ever.

The categories of sub-processors we use include:

  • AI language model providers — to process your persona conversations (conversation context is shared per-request)
  • Voice synthesis provider — to generate spoken audio from persona responses (opt-in only; response text is shared)
  • Cloud database & authentication provider — to store and secure your account and application data
  • Application & frontend hosting providers — to serve the ReGild application
  • Payment processor — to handle subscription billing (email and subscription status are shared)
  • Transactional email provider — to send account-related emails (email address is shared)
  • DDoS protection & CDN provider — to protect against attacks and deliver content efficiently
  • Document embedding provider — to enable semantic search across your library (document text is shared)

A complete list of our current sub-processors is available upon request by contacting us at hello@regild.ai. We will notify you of material changes to our sub-processors per Section 16 of this policy.

7. How We Store Your Data

  • Database: Your data is stored in a secure cloud database with encryption at rest and database-level access controls ensuring you can only access your own data
  • API keys & tokens: Encrypted using AES-256-GCM before storage. Keys are never logged or exposed in plaintext.
  • Files: Uploaded documents are stored in secure cloud storage with access controls scoped to your account
  • Backups: We maintain encrypted daily backups with continuous recovery capabilities to prevent data loss

8. Data Retention & Your Controls

  • Default retention: Your conversation history and account data are retained for as long as your account is active
  • Configurable retention: You may set a custom conversation retention period in your Settings (e.g., 30, 90, or 365 days). Conversations older than your chosen period are automatically and permanently deleted via a daily process.
  • Persona memory: Synthesized persona memories (topic summaries and insights) are retained independently of raw conversation logs. Deleting conversations does not erase the distilled knowledge your personas have built — this preserves continuity while respecting your retention preferences.
  • Account deletion: Upon account deletion, all data — including conversations, persona configurations, uploaded files, stored keys, and memories — is permanently removed within 30 days
  • Anonymized analytics: We may retain anonymized, aggregated usage statistics that cannot be linked back to you
  • Legal holds: We may be required to retain certain records to comply with legal obligations, resolve disputes, or enforce our agreements

9. Cross-Border Data Transfers

ReGild is based in the United States, and your data is processed and stored on servers located in the United States. If you access ReGild from outside the US, your information will be transferred to and processed in the US.

For users in the European Economic Area (EEA), United Kingdom, or Switzerland: we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or other lawful transfer mechanisms, to ensure adequate protection for your data when it is transferred outside your jurisdiction. You may request a copy of the applicable SCCs by contacting us.

10. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights:

All Users

  • Access: Request a copy of all data we hold about you (available via Settings > Data Zone > Export)
  • Correction: Update inaccurate information through your profile settings
  • Deletion: Request complete deletion of your account and data
  • Portability: Download your data in a machine-readable JSON format
  • Withdraw consent: Disable optional features (voice synthesis, integrations) at any time

European Economic Area, UK & Switzerland (GDPR)

  • Right to restrict processing
  • Right to object to processing based on legitimate interests
  • Right to lodge a complaint with your local data protection authority

California Residents (CCPA/CPRA)

  • Do Not Sell or Share: We do not sell or share your personal information for cross-context behavioral advertising. No opt-out is necessary because we never engage in these practices.
  • Right to limit: You may limit the use of sensitive personal information to what is necessary to provide the service
  • Non-discrimination: We will not discriminate against you for exercising your privacy rights
  • Categories of PI collected: Identifiers, profile information, commercial information (subscription), internet activity, and inferences drawn from conversations

To exercise any of these rights, contact us at hello@regild.ai. We will respond within 30 days (or sooner where required by law).

11. Automated Decision-Making

ReGild uses AI to generate persona responses, synthesize conversation memories, and personalize your experience. These processes are automated but do not produce legally binding decisions or decisions that significantly affect your rights. All AI-generated content is provided for informational and conversational purposes only. You always retain full control over your account, data, and how you use persona outputs.

12. Security

We implement industry-standard and defense-in-depth security measures:

  • HTTPS/TLS encryption for all data in transit
  • Encryption at rest for all stored data (database, files, backups)
  • AES-256-GCM encryption for sensitive credentials
  • DDoS protection, web application firewall, and multi-tier rate limiting
  • Database-level access controls ensuring strict data isolation between users
  • Secure password hashing using industry-standard algorithms
  • Security headers, strict CORS policies, and request size limits
  • Sanitized error responses that never expose internal system details

13. Cookies & Local Storage

We use only essential cookies and browser storage mechanisms required to operate the service:

  • Authentication tokens: Secure tokens stored in your browser to maintain your logged-in session
  • Session cookies: Used for CSRF protection and session management
  • Preference storage: Theme, layout, and feature preferences stored locally in your browser

We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

14. Children's Privacy

ReGild is not intended for users under 18 years of age. We do not knowingly collect personal information from minors. If we learn that we have collected data from a user under 18, we will promptly delete that information and terminate the associated account. If you believe a minor is using ReGild, please contact us immediately.

15. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected users via email without undue delay and no later than 72 hours after becoming aware of the breach (as required by GDPR). We will also notify relevant supervisory authorities as required by applicable law. The notification will include the nature of the breach, likely consequences, measures taken to address it, and steps you can take to protect yourself.

16. Changes to This Policy

We may update this policy periodically. For material changes — such as new categories of data collection, new sub-processors, or changes to your rights — we will notify you via email or in-app notification at least 30 days before they take effect. Non-material changes (such as formatting or clarifications) may be made without notice. The “Last updated” date at the top of this page reflects the most recent revision.

17. Contact

For privacy-related questions, data requests, or concerns, contact us at: hello@regild.ai

If you are located in the EEA and have concerns about our data practices that we have not resolved to your satisfaction, you have the right to lodge a complaint with your local data protection supervisory authority.