REILO

Privacy Policy

Effective date: March 27, 2026

REILO Technologies LLC ("REILO," "we," "us," or "our") operates the REILO platform at reilo.io. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By using REILO, you consent to the practices described in this policy.

1. Information We Collect

1.1 Account Information

When you create an account, we collect your name and email address through our authentication provider (Clerk). If you sign up via Google OAuth, we receive your name, email, and profile picture from Google.

1.2 Workspace & Business Information

During onboarding, you may provide your business role, target markets, investment strategies, outreach channel preferences, and third-party API keys (e.g., Lob, BatchData, Street View). API keys are encrypted with AES-256-GCM before storage.

1.3 Property & Contact Data

You upload or create records including property addresses, owner names, phone numbers, email addresses, and mailing addresses. This data may come from CSV imports, manual entry, skip trace API results, or public records.

1.4 Communication Content

We store the content of SMS messages, emails, and call logs sent and received through the Service. This includes messages sent via Telnyx, the REILO Gateway iMessage bridge, and integrated email providers.

1.5 Usage Data

We automatically collect usage metrics including pages visited, features used, outreach volume (SMS, mail, calls), and actions taken within your workspace. We use Vercel Web Analytics for aggregate traffic insights.

1.6 Cookies & Tracking

We use essential cookies for authentication and session management (via Clerk). We use Vercel Web Analytics for privacy-friendly traffic analysis. We may use additional tracking pixels for marketing analytics. See Section 9 for details.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the REILO platform
  • Process and deliver outreach (SMS, email, direct mail) on your behalf
  • Score leads, classify situations, and generate recommendations
  • Enforce usage limits and subscription billing
  • Send transactional communications (account alerts, billing notices)
  • Provide customer support
  • Detect and prevent fraud, abuse, and terms violations
  • Comply with legal obligations

We do not use your property or contact data to train machine learning models or for any purpose other than providing the Service to you.

3. How We Share Your Information

We do not sell your personal information. We share data only with the following categories of service providers, solely to operate the Service:

  • Clerk — Authentication and identity management
  • Supabase — Database hosting (AWS us-west-2, Oregon)
  • Vercel — Application hosting and analytics
  • Stripe — Payment processing and subscription billing
  • Telnyx — SMS and MMS messaging
  • Lob — Direct mail printing and delivery
  • BatchData — Skip tracing and contact enrichment
  • Google Maps — Geocoding and property location services
  • Inngest — Background job processing

Each sub-processor processes data only as necessary to provide their service. We maintain Data Processing Agreements with our sub-processors. We will notify users before adding new sub-processors that handle personal data.

We may also disclose information when required by law, court order, or governmental regulation, or to protect our rights, safety, or property.

4. Data Security

We implement multiple layers of security to protect your data:

  • Encryption in transit: All data transmitted between your browser and our servers is encrypted via TLS
  • Encryption at rest: Sensitive API keys are encrypted with AES-256-GCM before database storage
  • Workspace isolation: Every database query is filtered by workspace ID, preventing cross-tenant data access
  • Token security: Gateway tokens are HMAC-SHA256 signed; webhook signatures are verified
  • Access controls: Role-based permissions within workspaces (owner, admin, analyst, VA, read-only)

No system is 100% secure. While we take reasonable measures to protect your data, we cannot guarantee absolute security. If we discover a data breach affecting your personal information, we will notify you within 72 hours.

5. Data Retention

We retain your data for as long as your account is active. Upon account cancellation, we retain your data for 90 days to allow reactivation. After 90 days, data may be permanently deleted.

You may request immediate deletion at any time by emailing privacy@reilo.io. We will process deletion requests within 30 days. Certain data may be retained longer if required by law (e.g., billing records, TCPA consent records).

6. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your personal data
  • Export: Request a machine-readable export (CSV) of your data
  • Opt out of marketing: Unsubscribe from marketing emails at any time
  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, contact us at privacy@reilo.io. We will respond within 30 days (or 45 days for CCPA requests, with notice of extension if needed).

7. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to Know: You may request that we disclose what personal information we have collected, used, disclosed, and sold (we do not sell personal information) in the preceding 12 months
  • Right to Delete: You may request deletion of your personal information, subject to certain exceptions
  • Right to Opt Out of Sale: We do not sell personal information. If this changes, we will provide a "Do Not Sell My Personal Information" link
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To submit a CCPA request, email privacy@reilo.io with the subject line "CCPA Request."

8. Data Processing for Customers' Contacts

REILO processes personal data (names, phone numbers, addresses) of your contacts (property owners and leads) on your behalf. In this context, you are the data controller and REILO is the data processor. You are responsible for ensuring you have a lawful basis to collect and process this data, including obtaining TCPA consent before sending communications.

We process your contacts' data only as instructed by you through the Service. We do not independently use, sell, or share your contacts' personal information.

9. Cookies & Tracking Technologies

We use the following cookies and tracking technologies:

  • Essential cookies: Clerk authentication session cookies — required for the Service to function. Cannot be disabled.
  • Analytics: Vercel Web Analytics — privacy-friendly, cookie-less traffic analytics. No personal data is collected.
  • Marketing pixels: We may use third-party pixels for advertising attribution. These can be managed through your browser settings.

You can control cookies through your browser settings. Disabling essential cookies will prevent you from using the Service.

10. Children's Privacy

REILO is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected information from a child under 18, we will promptly delete it.

11. International Data Transfers

REILO is operated from the United States. Your data is stored in the United States (AWS us-west-2 region via Supabase, Vercel Edge network). If you access the Service from outside the United States, your data will be transferred to and processed in the United States.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email at least 30 days before they take effect. The "Effective date" at the top of this page indicates when this policy was last revised.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, contact us at:

REILO Technologies LLC
Email: privacy@reilo.io
General inquiries: hello@reilo.io