Privacy Policy

Regent Technologies, Inc. ("Regent," "we," "us," or "our") operates the Regent AI executive assistant platform. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our services.

1. What We Collect

Account Information

When you register, we collect your name, email address, and authentication credentials through Supabase Auth. If you sign in via Google or Microsoft OAuth, we receive your profile information and authorized scopes (including email access).

Email Data

When you connect email accounts, we sync your emails via IMAP or Gmail API. This includes message headers (sender, recipient, subject, date), message bodies, thread information, and attachment metadata. We store this data in our database to provide AI-powered categorization, summarization, and draft reply generation.

IMAP Credentials

If you connect via IMAP, we store your IMAP credentials (server, port, username, password). These credentials are encrypted using AES-256-GCM with per-tenant encryption keys derived via HKDF from a master key that is never stored in the database.

Usage Data

We collect information about how you interact with Regent, including AI feature usage, token consumption, preference signals (e.g., when you approve or modify a draft reply), and platform activity logs.

Payment Information

Billing is processed through Stripe. We do not store your credit card number, CVV, or full card details. We retain your Stripe customer ID, subscription status, and invoice history.

2. How We Use Your Data

• Providing the Regent AI assistant service, including email categorization, summarization, and draft reply generation
• Learning your communication preferences to improve AI accuracy over time
• Generating behavior intelligence reports (communication patterns, work-life balance, productivity metrics)
• Delivering private briefings via your configured notification channels
• Processing subscription payments and enforcing plan-based feature limits
• Monitoring service health, performance, and security
• Complying with legal obligations

3. AI Processing

Regent uses AI models to process your email content. This processing occurs on private infrastructure through Ollama Cloud, which is our primary AI provider. Your email data is not sent to OpenAI, Google, or any third-party AI provider under normal operation. In rare fallback scenarios (if our primary infrastructure is unavailable), we may use Google Gemini Flash with minimal data.

AI processing includes:

• Categorization -- classifying emails into categories (work, personal, finance, urgent, etc.)
• Summarization -- generating concise executive briefs of email content
• Draft Replies -- generating suggested responses based on your communication style
• Behavior Analysis -- identifying communication patterns, tone distribution, and productivity metrics

Every AI decision is logged in our AI audit log, including the model used, input/output token counts, confidence scores, and timestamps. You can review this audit trail within the platform.

4. Data Storage and Security

Your data is stored in Supabase PostgreSQL, hosted on AWS infrastructure in the us-east-1 region.

• Encryption at rest: All stored credentials (IMAP passwords, OAuth tokens) are encrypted with AES-256-GCM using per-tenant keys derived via HKDF
• Encryption in transit: All communications use TLS 1.3
• Multi-tenant isolation: PostgreSQL Row-Level Security (RLS) policies enforce strict data isolation between tenants. Every database query is scoped to your tenant, preventing cross-tenant data access at the database level
• Authentication: Supabase Auth with PKCE flow, JWT/JWKS validation, secure cookie handling (HttpOnly, Secure, SameSite=Strict)
• Master encryption key: Stored exclusively in environment variables, never in the database

5. Third-Party Services

We use the following third-party services to operate Regent:

• Supabase -- Database hosting (PostgreSQL), authentication, and real-time subscriptions. Data is stored on AWS us-east-1.
• Stripe -- Payment processing. Stripe handles all credit card data directly; we never see or store your full card details.
• Ollama Cloud -- AI inference on private infrastructure. Email content is processed through Ollama Cloud models for categorization, summarization, and draft generation.
• Upstash (Redis) -- Caching and job queuing. No personally identifiable information (PII) is stored in Redis.
• Cloudflare -- CDN and DDoS protection.
• Twilio / WhatsApp / FCM -- Notification delivery for private briefings, if configured by you.

6. Data Retention

We retain your data for as long as your account is active and as needed to provide our services. Specific retention periods:

• Email data: Retained while your account is active. Deleted within 72 hours of account deletion.
• AI audit logs: Retained for 12 months (partitioned monthly), then automatically purged.
• Usage and billing data: Retained for 24 months for legal and accounting purposes.
• Backup data: Removed from all backups within 30 days of account deletion.

7. Your Rights

You have the following rights regarding your personal data:

• Access: Request a copy of all personal data we hold about you.
• Export: Download your complete data in a portable format (JSON) at any time from your account settings.
• Delete: Request complete deletion of your account and all associated data. We will process deletion requests within 72 hours.
• Restrict: Request that we limit how we process your data.
• Rectification: Request correction of inaccurate personal data.
• Object: Object to processing of your data for specific purposes.

To exercise any of these rights, contact us at privacy@regent.ai or use the data management tools in your account settings.

8. Cookies

Regent uses essential cookies required for authentication and session management. These cookies are:

• Authentication cookies: HttpOnly, Secure, SameSite=Strict. Used to maintain your session.
• Theme preference: Stores your dark/light mode selection locally.

We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

9. Children

Regent is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will delete that information promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a prominent notice on our platform at least 30 days before the changes take effect. Your continued use of Regent after the effective date constitutes acceptance of the updated policy.

11. Contact

For questions about this Privacy Policy or to exercise your data rights, contact us at: