Legal

Privacy Policy

Last updated: April 27, 2026 · Effective date: April 27, 2026

Pre-incorporation notice. Reera is currently operating as a working name; the legal entity is in the process of being incorporated. For all data-protection inquiries during this period, contact ali@reera.io. This document will be reviewed and updated by counsel before any commercial contract is signed.

1. Who we are

"Reera" refers to the operating name of an early-stage AI service for IT service management, based in Barcelona, Spain. For privacy matters, including any request to exercise the rights described below, contact ali@reera.io.

2. What this policy covers

This Privacy Policy describes how Reera collects, uses, stores, and shares personal data in connection with our website (reera.io) and our AI-native ITSM service (the "Service"). It applies to website visitors, demo prospects, and end users of customer organizations who interact with the Service.

3. The data we process

We process the minimum data required to operate the Service.

From website visitors

Information you submit voluntarily (e.g. email address when booking a demo).
Aggregate, cookieless analytics: pages viewed, country, referrer, and screen size. We do not place tracking cookies, do not collect IP addresses, and do not build user profiles.

From customer organizations using the Service

Account data: contact name, business email, role, company.
Ticket metadata: ticket title, category, priority, assignment group, status, timestamps. We do not ingest ticket attachments, screenshots, credentials, or free-form personally identifiable information beyond what is required to perform classification and routing.
Model corrections: when an agent overrides an AI suggestion, we record the correction to fine-tune the customer's tenant-scoped model. Corrections never train shared or external models.

4. Why we process it

Provide the Service (legal basis: contractual necessity).
Improve the customer's tenant-scoped model (legal basis: legitimate interest).
Respond to support and sales inquiries (legal basis: legitimate interest).
Comply with legal obligations (legal basis: legal obligation).

5. Where data is stored

All customer data is processed and stored in the European Union, on Google Cloud Platform, with default residency in Frankfurt or Belgium. We do not transfer customer data outside the EU. Inference traffic to LLM providers (OpenAI, Anthropic) is metadata-only and runs through zero-retention endpoints. See the Subprocessors page for details.

6. How long we retain data

Customer ticket data is retained for the duration of the contract plus 30 days, after which it is permanently deleted from production systems. Backups are rotated within 35 days. Account and billing records are retained for as long as required by Spanish tax and accounting law (currently 6 years). Website analytics are retained for 24 months in aggregate, anonymous form.

7. Who we share it with

We share data only with the subprocessors listed on our Subprocessors page, each under a written data-processing agreement. We do not sell personal data and do not share it for advertising.

8. Your rights (under GDPR)

You have the right to:

Access the personal data we hold about you;
Have inaccurate data corrected;
Have your data deleted (right to be forgotten);
Restrict or object to processing;
Receive your data in a portable, machine-readable format;
Lodge a complaint with the Spanish Data Protection Authority (Agencia Española de Protección de Datos, aepd.es).

To exercise any of these rights, email ali@reera.io. We respond within 30 days as required by GDPR Article 12. No special form or API is required.

9. Security

All data is encrypted in transit with TLS 1.3 and at rest with AES-256. Production systems are hosted on Google Cloud Platform with role-based access control, audit logging, and least-privilege service accounts. We follow an information-security management system modeled on ISO/IEC 27001. See Security & Trust for details.

10. Children's data

Reera is a B2B service. We do not knowingly collect data from anyone under the age of 16. If you believe a child has provided us with data, contact us and we will delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email to customer contacts at least 30 days before they take effect. The "Last updated" date at the top reflects the current version.

12. Contact

For any privacy-related question or to exercise the rights above:

Data Protection Contact: ali@reera.io
Postal: Barcelona, Spain (full registered address will be added once incorporation is complete)