Privacy Policy

1. Information We Collect

1.1 Information You Provide

When you use ReleGuard, you provide us with information directly, including:

• Account Information: Name, email address, company name, job title
• Billing Information: Payment card details, billing address, VAT/tax ID (processed securely through Stripe)
• Search Provider Credentials: API keys, application IDs, index names, and endpoints for Algolia, Elasticsearch, or other search providers you connect
• Test Configurations: Search queries, expected results, quality thresholds, and notification preferences
• Communications: Messages you send to our support team or feedback you provide

1.2 Information We Collect Automatically

When you use our service, we automatically collect:

• Usage Data: Test execution history, search query performance, regression detection results
• Device & Browser Information: IP address, browser type, operating system, device identifiers
• Log Data: API request logs, error messages, performance metrics
• Cookies: Session identifiers and authentication tokens (see our Cookie Policy below)

1.3 Information from Third Parties

We receive limited data from:

• Search Providers: Search results and metadata from your configured providers (Algolia, Elasticsearch)
• Payment Processor: Transaction confirmations and subscription status from Stripe

2. How We Use Your Information

We use the information we collect to:

2.1 Provide the Service

• Execute automated search quality tests against your configured providers
• Detect and alert you to search relevance regressions
• Store test history according to your subscription tier retention limits
• Send email, Slack, webhook, or PagerDuty alerts based on your preferences

2.2 Maintain & Improve

• Monitor service performance, uptime, and reliability
• Diagnose technical issues and debug errors
• Analyze usage patterns to improve features and user experience
• Develop new capabilities based on customer feedback

2.3 Communicate

• Send transactional emails (test results, alerts, account notifications)
• Respond to support requests and customer inquiries
• Provide important service updates, security notices, and policy changes
• Send optional product updates and feature announcements (you can opt out anytime)

2.4 Secure & Protect

• Detect and prevent fraud, abuse, and security threats
• Enforce our Terms of Service and acceptable use policies
• Comply with legal obligations and law enforcement requests

3. Data Security

We implement industry-standard security measures to protect your data:

• Encryption at Rest: All API credentials and sensitive data are encrypted using AES-256
• Encryption in Transit: All data transmission uses TLS 1.2 or higher
• Multi-Tenancy Isolation: Account data is strictly isolated using row-level security
• Access Controls: Role-based permissions limit data access to authorized users only
• Regular Security Audits: We conduct periodic security reviews and vulnerability assessments
• Azure Infrastructure: Hosted on Microsoft Azure with enterprise-grade security and compliance

While we implement strong security measures, no system is completely secure. You are responsible for maintaining the confidentiality of your account credentials and for monitoring your account activity.

4. Data Retention

We retain your data according to the following policies:

When you close your account, we delete your personal data within 30 days, except where retention is required by law or to resolve disputes. Backup copies may persist for up to 90 days.

5. Data Sharing & Disclosure

We do not sell your personal data. We share information only in these limited circumstances:

5.1 Service Providers

We use trusted third-party services to operate ReleGuard:

5.2 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights, property, or safety, or that of others.

5.3 Business Transfers

If ReleGuard is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your data is transferred and subject to a different privacy policy.

6. Your Rights & Choices

You have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Update inaccurate or incomplete information through your account settings
• Deletion: Request deletion of your account and personal data (subject to legal retention requirements)
• Portability: Export your test configurations and results in a machine-readable format
• Restriction: Request limitation of processing in certain circumstances
• Objection: Object to processing of your data for marketing purposes
• Opt-Out: Unsubscribe from marketing emails using the link in any message

To exercise these rights, contact us at privacy@releguard.com. We will respond within 30 days.

7. International Data Transfers

ReleGuard is based in Romania (EU). If you access our service from outside the European Economic Area (EEA), your data may be transferred to and processed in the EEA. We use Standard Contractual Clauses approved by the European Commission to ensure adequate protection for international transfers.

8. GDPR Compliance

For EU residents, we process your personal data under the following legal bases:

• Contract Performance: Processing necessary to provide the service you subscribed to
• Legitimate Interests: Improving our service, fraud prevention, and security
• Consent: Marketing communications (you can withdraw consent anytime)
• Legal Obligation: Compliance with tax, accounting, and legal requirements

You have the right to lodge a complaint with your local data protection authority if you believe we are not complying with GDPR.

9. Cookies & Tracking

We use cookies for:

• Essential Cookies: Authentication, session management, security (required for service operation)
• Analytics: Understanding usage patterns to improve the service

We do not use third-party advertising or tracking cookies. You can control cookie preferences through your browser settings, though disabling essential cookies may affect service functionality.

10. Children's Privacy

ReleGuard is a B2B service not intended for children under 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such data, contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of material changes via email or prominent notice on our website at least 30 days before the changes take effect. Your continued use of ReleGuard after changes become effective constitutes acceptance of the updated policy.