This document explains what data Reattend collects, why we collect it, how long we keep it, and the rights you have over it. We've tried to write it in plain English. Where the law requires specific phrasing, we use it — and link to the full text.
This policy applies to the Reattend website, the Reattend product (web app, browser extension, desktop client, and APIs), and any corporate communications you receive from us. It does not apply to third‑party integrations you connect to Reattend — those are governed by their own privacy policies.
For most data we handle, our customer (your employer, in most cases) is the controller and Reattend is the processor. For website analytics, marketing, and our own corporate operations, Reattend is the controller.
The documents, messages, calendar entries, and other content you or your administrator connects to Reattend. This is the most sensitive class of data we handle. It is encrypted with per‑tenant keys, never used to train any model, and never accessed by humans except in narrow break‑glass scenarios that produce an audit record visible to your administrator.
| Purpose | What we use | How long |
|---|---|---|
| Operate the product | Account, memory content, telemetry | Term of contract |
| Improve recall precision | Aggregated, de‑identified query patterns | 24 months |
| Detect abuse & fraud | IP, device, behavioural signals | 12 months |
| Customer support | Account + the specific record you reference | Lifetime of ticket + 6 months |
| Billing & tax | Company, billing contact, invoices | 7 years (tax law) |
| Marketing emails | Email, company, role | Until you unsubscribe |
We do not use customer memory content to train any model, ours or anyone else's. We do not sell personal data. We do not run programmatic advertising on the Reattend product or this website.
Where we rely on legitimate interest, we have completed a balancing test. You can request a copy from dpo@reattend.com.
Memory content is retained for the term of your employer's contract, plus the wind‑down period (default 30 days, configurable up to 180). On termination — or on a verified deletion request — we cryptographically erase the per‑tenant data‑encryption key, which renders all ciphertext unrecoverable within 72 hours.
Backups are retained for 35 days on a rolling window. If a deletion request lands during that window, the deleted records are excluded from any future restore.
The full security architecture is on the compliance page. The headlines: AES‑256 at rest with HSM‑backed keys, TLS 1.3 in transit, SAML/OIDC SSO required on Enterprise, RBAC + per‑memory ACLs, tamper‑evident audit log with daily Merkle digest, and a 24/7 on‑call security team. SOC 2 Type II, ISO 27001, HIPAA, GDPR, and DPDP aligned.
Depending on where you live, you may have the right to access, correct, port, delete, or object to the processing of your personal data. You can also withdraw consent at any time without affecting prior processing.
To exercise a right, write to privacy@reattend.com from the email address on file. We respond within 30 days (72 hours for a verified erasure request).
If your data leaves your home region, it does so under the EU Standard Contractual Clauses (SCCs), the UK International Data Transfer Agreement, or — for India — the conditions allowed by the DPDP Act. A list of the regions each customer's data is routed through is in the customer admin console under Settings → Data residency.
EU‑only and India‑only deployments are available on Enterprise; data never leaves the chosen region.
Reattend is a workplace product and is not directed to anyone under 18. We do not knowingly collect personal data from minors. If you believe we have, write to privacy@reattend.com and we will delete it.
We update this policy when the law changes, when we add a subprocessor, or when we ship a feature with new data‑handling implications. Material changes get 30 days' notice via email and an in‑product banner. The full revision history is at reattend.com/legal/privacy/history.
Our Data Protection Officer is Marie Dubois, based in our Berlin office. You can reach her at dpo@reattend.com.
For privacy questions of any kind: privacy@reattend.com. For postal mail: Reattend Technologies Pvt Ltd, 4th Floor, 12 Indiranagar, Bengaluru 560038, India — and our EU representative, Reattend EU GmbH, Torstrasse 19, 10119 Berlin, Germany.
If we don't resolve your concern, you may complain to your local supervisory authority. In India, that's the Data Protection Board; in the EU, your national DPA; in the UK, the ICO.
