RekiBack to Home

Privacy Policy

Reki App ("Reki", "we", "our", or "us") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect information when you use our AI Conversational Survey platform (the "Service").

This document covers two groups of users:

  • Creators – individuals or organisations who create and manage surveys on our platform.
  • Respondents – individuals who participate in surveys created and shared by Creators.

1. Information We Collect

1.1 From Creators

  • Account details: Email address, password (hashed), and login session data.
  • Survey content: Questions, survey metadata, and optional closing messages.
  • Billing data: Credit balance, transactions, and payment history (processed via Stripe).

1.2 From Respondents

  • Survey responses: Text responses entered during the survey conversation.
  • Session metadata: Timestamps of interactions and completion status.

We do not collect IP addresses, user-agent strings, device identifiers, location data, names, or emails from Respondents unless explicitly asked by a Creator inside a survey question.

2. How We Use Information

For Creators:

  • Provide, maintain, and improve the Service.
  • Process payments, track credit usage, and send relevant account notifications.
  • Offer analytics and reporting on survey results.

For Respondents:

  • Deliver survey sessions, maintain conversation context, and provide Creators with the responses.

3. Payment Processing

We use third-party payment processors, including Stripe, to handle payment transactions securely. We do not store or process your full payment card details on our servers. When you make a purchase, your payment information is provided directly to Stripe and processed in accordance with their own privacy policy, which can be found at: https://stripe.com/privacy. Stripe may collect and process personal information such as your name, billing address, and payment method details in order to complete the transaction.

4. Legal Roles

  • For Creator account data, Reki acts as a Data Controller.
  • For Respondent data collected through surveys, Reki acts as a Data Processor on behalf of the Creator.
    • Creators are responsible for ensuring that their surveys comply with applicable data protection laws (GDPR/CCPA/etc.).

5. Data Sharing and Subprocessors

We share data only with:

  • OpenAI – to generate conversational responses and closing messages.
  • Supabase – for database hosting and storage.
  • Vercel – for application hosting.
  • Stripe – for payment processing (Creators only).
  • PostHog – for analytics and product usage tracking.
  • Sentry – for error monitoring and performance.

We do not sell personal data.

6. Legal Bases (GDPR)

If you are in the European Economic Area or the UK, we process personal data based on:

  • Performance of a contract (providing the Service).
  • Legitimate interests (e.g., improving the Service).
  • Compliance with legal obligations.
  • Consent, where explicitly obtained.

7. Cookies, Analytics and Error Tracking

We use cookies and similar technologies to operate our Service and understand how it is used. These include:

  • Strictly necessary cookies for authentication and session management.
  • Analytics cookies and tools (PostHog) to understand usage, improve features, and monitor product performance. PostHog may collect information such as events within the application, browser/device information, and interactions (including session replays).
  • Error monitoring tools (Sentry) to capture technical errors and performance issues. This may include device/browser information, error details, and the page where an issue occurred.

We do not use advertising or marketing trackers. You can control cookie preferences through your browser settings.

For users in the European Economic Area (EEA) or UK, we rely on your consent to place analytics cookies. You may withdraw consent at any time through your browser or by contacting us.

8. Data Retention

  • Creators' data is retained for as long as the account is active or as required by law.
  • Respondents' data is retained until the Creator deletes it or requests deletion.
  • Supabase retains data while associated accounts remain active.

9. Security

We use:

  • HTTPS encryption for data in transit.
  • Supabase/Vercel encryption for data at rest.
  • Role-based access controls and row-level security in our database.

No system is 100% secure; we cannot guarantee absolute protection.

10. International Transfers

Data may be stored or processed in countries outside your own. We use reputable service providers (OpenAI, Supabase, Vercel) that implement adequate data protection.

11. Your Rights

If you are in certain jurisdictions (e.g., EU/UK/California), you may:

  • Request access, correction, or deletion of your data.
  • Object to processing or request data portability.
  • Exercise these rights by contacting us at support@reki.com.au.

Respondents wishing to exercise their rights should contact the Creator who collected their data. We will assist Creators in fulfilling such requests.

12. Children's Privacy

Our Service is not intended for children under 13 (or under 16 in the EU). We do not knowingly collect personal information from children.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If changes are material, we will notify Creators by email and update the "Effective Date" above.

14. Contact Us

Reki App (ABN: 93 884 450 713)

Email: support@reki.com.au