Your privacy, plainly explained.
We collect only what we need to run Rstructure. We don't sell your data. We don't share it with advertisers. You can export or delete everything at any time. The full legal details follow — but that's the short version.
Introduction
Rstructure ("Rstructure", "we", "us", or "our") operates rstructure.app and related services. This Privacy Policy explains how we collect, use, disclose, and protect information about you when you use our platform.
By using Rstructure, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of our services.
Information We Collect
We collect information you provide directly, information collected automatically, and information from third parties.
Information you provide
- Account data: email address, display name, and profile photo when you register or update your profile.
- Payment data: billing information is processed by Paddle. We do not store full card numbers or sensitive payment details. Paddle acts as Merchant of Record for all transactions.
- Content you create: rules, run history, and any text you process through the platform.
- Communications: messages you send us via support channels or email.
Information collected automatically
- Usage data: pages visited, features used, run counts, timestamps, and interaction patterns.
- Device & log data: IP address, browser type, operating system, referring URLs, and error logs.
- Cookies & similar technologies: session tokens, preference storage, and analytics identifiers. See Section 05.
Information from third parties
- Authentication providers: if you sign in via Google or another OAuth provider, we receive your name, email, and profile picture as permitted by your settings with that provider.
- Paddle: may share subscription status, renewal dates, and billing cycle with us after a successful transaction.
How We Use Your Information
We use the information we collect to:
- Provide, operate, and improve the Rstructure platform and its features.
- Process transactions and manage your subscription via Paddle.
- Authenticate your identity and maintain account security.
- Send transactional emails (account confirmations, password resets, billing receipts).
- Send product updates and feature announcements — you may opt out at any time.
- Analyze usage patterns to improve performance and prioritize new features.
- Detect, investigate, and prevent fraudulent or abusive activity.
- Comply with legal obligations.
We do not use your rule content or processed text to train machine learning models, and we do not sell your data to third parties for advertising purposes.
Sharing & Disclosure
We do not sell, rent, or trade your personal information. We may share data only in these limited circumstances:
| Recipient | Purpose | Data shared |
|---|---|---|
| Supabase | Database & authentication infrastructure | All account and usage data |
| Paddle | Payment processing & subscription management (Merchant of Record) | Email, billing details, subscription status |
| Vercel | Application hosting & edge delivery | Request logs, IP addresses |
| Anthropic API | AI text processing (when you run a rule) | Text content you submit for processing |
| Resend | Transactional email delivery | Email address, email content |
| Legal & safety | Compliance with law or court orders | As required by applicable law |
In the event of a merger, acquisition, or sale of assets, we will notify you before personal information is transferred and becomes subject to a different privacy policy.
Cookies & Tracking
We use essential cookies necessary to operate the service, as well as optional analytics cookies to understand how the platform is used.
- Essential cookies: session tokens, authentication state, CSRF protection. These cannot be disabled without breaking the service.
- Preference cookies: store your UI settings and preferences across sessions.
- Analytics cookies: aggregate, anonymized usage statistics to understand feature adoption and performance.
We do not use third-party advertising cookies or cross-site tracking pixels.
Data Retention
We retain your data for as long as your account is active or as needed to provide services. Specifically:
- Account data: retained until you delete your account.
- Run history: retained for your active account period; you may clear it at any time from Settings → Danger Zone.
- Billing records: retained for 7 years as required by applicable financial regulations.
- Server logs: automatically purged after 90 days.
When you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it by law.
Security
We implement industry-standard technical and organizational measures to protect your information, including:
- TLS encryption for all data in transit.
- AES-256 encryption for sensitive data at rest via Supabase.
- Row-level security policies ensuring users can only access their own data.
- Regular security reviews and dependency audits.
- Limited employee access on a need-to-know basis.
No method of transmission over the internet is 100% secure. If you believe your account has been compromised, contact us immediately at privacy@rstructure.app.
Your Rights
You have the following rights with respect to your personal data:
- Access: request a copy of the personal data we hold about you.
- Rectification: correct inaccurate or incomplete data via Settings → Profile.
- Erasure: request deletion of your account and associated data via Settings → Danger Zone or by emailing us.
- Portability: export your rules and run history as JSON via Settings → Danger Zone → Export all data.
- Restriction: request that we limit processing of your data in certain circumstances.
- Objection: object to processing based on legitimate interests.
- Withdraw consent: where processing is based on consent, you may withdraw it at any time.
To exercise any of these rights, use the in-app controls in Settings or contact us at privacy@rstructure.app. We will respond within 30 days.
GDPR & CCPA
For EEA & UK users (GDPR)
We process personal data under the following legal bases:
- Contract performance: providing the service you signed up for.
- Legitimate interests: security, fraud prevention, service improvement.
- Legal obligation: compliance with applicable law.
- Consent: optional communications such as newsletters, which you may withdraw at any time.
Our data processors (Supabase, Vercel, Paddle, Resend) are bound by GDPR-compliant data processing agreements. Data may be transferred outside the EEA under Standard Contractual Clauses or equivalent safeguards.
For California residents (CCPA)
Under the California Consumer Privacy Act, you have the right to:
- Know what personal information we collect, use, disclose, and sell.
- Delete personal information we have collected from you.
- Opt out of the sale of personal information. We do not sell personal information.
- Non-discrimination for exercising your CCPA rights.
To submit a verifiable CCPA request, email privacy@rstructure.app with the subject line "CCPA Request".
Children's Privacy
Rstructure is not directed at or intended for use by children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.
Policy Changes
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and/or by displaying a prominent notice in the app at least 14 days before the changes take effect.
Your continued use of Rstructure after the effective date constitutes acceptance of the updated policy. Previous versions will be archived and available upon request.
Contact Us
For privacy-related questions, requests, or complaints:
Rstructure Privacy
Email: privacy@rstructure.app
Website: rstructure.app
We aim to respond to all privacy requests within 5 business days and to fully resolve them within 30 days.