Privacy Policy

ReinGate is a service operated by Lighten Apps Ltd.("we", "us", or "our").ReinGate operates reingate.com and the ReinGateMCP server (the "Service"). The Service provides a human-approval layer for AI agent actions — when an AI agent requests a sensitive action (such as sending an email or processing a refund), ReinGate notifies the account owner via Telegram and only executes the action if approved.

This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

We collect the following categories of data:

• Account information: Your email address and a hashed password, used to authenticate you to the dashboard.
• Integration credentials: API keys and OAuth tokens for connected services (e.g. Stripe, Gmail, Slack). These are stored encrypted at rest.
• Telegram connection: Your Telegram chat ID, used exclusively to deliver approval notifications to you.
• Approval log metadata: For each action requested by an AI agent, we log the action type, a timestamp, and the decision (approved / blocked / timeout). We do not store the full content of emails, messages, or other payloads beyond what is necessary to display the approval notification.

When you connect Gmail, we request the https://www.googleapis.com/auth/gmail.send scope. This scope is used solely to send emails on your behalf after you have explicitly approved the send action via a Telegram notification.

We do not read, index, or store your Gmail inbox or any existing emails. We do not use Gmail data to train models or for advertising. Email content submitted for approval is held in memory only for the duration of the approval window (up to 5 minutes) and is never written to persistent storage.

Our use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements.

We use the data described above to:

• Authenticate you and operate your account.
• Execute actions on connected services (Stripe, Gmail, Slack) after receiving your Telegram approval.
• Deliver approval notifications to your Telegram account.
• Maintain an audit log of approved and blocked actions visible in your dashboard.

We do not sell your data. We do not share your data with third parties except as described in Section 7 (Third-Party Services) or as required by law.

We process your personal data on the following legal bases:

• Contract performance: Processing is necessary to provide the Service you signed up for — authenticating your account, storing your integration credentials, and executing approved agent actions.
• Legitimate interest: Maintaining approval logs to provide you with an audit trail and to resolve disputes.
• Legal obligation: Where required by applicable law.

• OAuth tokens and API keys: Retained while your account is active. Deleted immediately upon account deletion.
• Approval logs: Retained for 90 days, then automatically purged.
• Account information: Retained until you delete your account.

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request that we correct inaccurate or incomplete data.
• Deletion: Delete your account and all associated data at any time from your dashboard under Settings → Danger Zone → Delete Account. This is irreversible and immediately removes your account, credentials, Telegram connection, and approval logs.
• Portability: Request an export of your approval log data. Contact us at hello@reingate.com to request this.
• Objection: Object to processing based on legitimate interest (e.g. audit logs). We will assess whether our legitimate interest overrides your objection.
• Restriction: Request that we restrict processing of your data while a dispute is resolved.

To exercise any of these rights, use the dashboard or email hello@reingate.com. We will respond within 30 days.

The Service is built on the following third-party infrastructure:

• Supabase — authentication and database hosting. Your account data and approval logs are stored in Supabase.
• Railway — cloud hosting for the MCP server.
• Telegram — delivery of approval notifications. Your Telegram chat ID is shared with the Telegram Bot API solely for this purpose.

Integration credentials (API keys, OAuth tokens) are encrypted at rest. All data in transit is protected by TLS. We enforce authentication on all dashboard and API routes.

We may update this Privacy Policy from time to time. We will notify you of material changes via email. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

For privacy questions or data deletion requests, contact us at hello@reingate.com.