Privacy Policy

Effective Date: 30 December 2025
Version: 1.2
Controller: Reqme SAS
Address: Halle Héméra, 132 rue Fondaudège, 33000 Bordeaux, France
Email and Privacy Contact: hi@reqme.co

1. Introduction

At Reqme, we respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, and share your personal information through our platform and website in compliance with global privacy regulations including GDPR, CCPA/CPRA, and other applicable laws.

2. Who This Policy Applies To

This policy applies to the following types of users:

Visitors – Website browsers
Registered Users – Users with an account
Service Providers – Business users managing services
Clients – Customers requesting services
Event Participants – Webinar/demo registrants

3. Data We Collect

Category	Examples
Account Data	Name, email, company info, login details, user preferences
Payment Data	Billing details, transaction history (processed via Stripe/PayPal)
Service Data	Service requests, AI-generated documents, chat records
Signature Metadata	When you sign a contract through the platform, we store metadata related to the signature action (such as timestamp, user ID, IP address, and browser data) to support contractual evidence and legal validity. This data is retained securely and may be shared with involved parties in the event of a dispute.
Technical Data	IP address, device info, OS, browser, referrer, usage metrics
Marketing Data	Newsletter opt-in, campaign performance, feedback forms

We follow data minimization principles by collecting only the data necessary to provide and improve our services.

Bank Account Details for Service Providers

If you are registered as a Service Provider on our platform and provide bank account details (e.g., IBAN) for the purpose of receiving payments or tracking payment status, we will process and store this information as follows:

Purpose: To allow clients to view payment instructions and to support service tracking (e.g., using the “Mark as Paid” function).
Legal basis: Contractual necessity and legitimate interest under GDPR.
Storage: Bank details are stored securely and never shared with clients unless you explicitly include them in invoices or service pages.
Retention: This information will be kept for as long as your provider account is active and for up to 5 years after deactivation, unless you request earlier deletion and no legal retention obligation applies.
Access & Control: You may request access, update, or deletion of your stored bank account information at any time via hi@reqme.co.

4. Legal Bases for Processing (GDPR)

Purpose	Legal Basis
Account setup & feature access	Contractual necessity (includes free-tier use)
Delivering core services	Contractual necessity / Legitimate interest
Processing payments	Contractual necessity / Legal obligation
Improving platform performance	Legitimate interest
Marketing communications	Consent
AI-powered features	Consent / Legitimate interest

Note: Even if no formal contract is signed, using our platform constitutes an implied agreement when you request services or generate content.

5. Use of AI Technology

Our AI systems (OpenAI + custom models) support:

Smart service request handling
Document generation (contracts, invoices)
Predictive analytics and suggestions

Key Points:

No sensitive user data is used to train models
Outputs may require human review and are provided “as-is”
You can opt out of AI features by contacting hi@reqme.co
Automated decisions (e.g., pricing suggestions) use input tags, service type, and request data

Automated Processing & AI Features

We use AI‑powered functionality to assist in service management, including but not limited to document generation, request classification and quotes. This involves automated processing of your personal data.

Purpose: To improve platform efficiency, provide personalised suggestions and automate certain tasks.
Legal basis: Legitimate interest and consent (where required).
Your rights: You have the right to request human review of any decision based solely on automated processing that significantly affects you. You may withdraw consent or opt out of certain AI features at any time via hi@reqme.co.
Data used for model improvement: We may use aggregated, anonymised data derived from your platform usage for AI model training and improvement. No personal identifiers are retained for this purpose unless you separately consent.

6. How We Share Your Data

Service Provider	Role	Purpose
Stripe, PayPal	Data Processor	Secure payment processing
AWS	Data Processor	Hosting and infrastructure
Goocle Cloud	Data Processor	Hosting and infrastructure
OpenAI, Gemini Google	Data Processor	AI-powered feature delivery
Mailchimp, AWS Mail	Data Processor	Email communication and campaigns
Slack	Data Processor	User support and internal communication
Langfuse	Data Processor	AI monitoring and performance analytics
ipgeolocation.io	IP Data Processor	Security notifications

All third-party processors operate under strict Data Processing Agreements (DPAs) and confidentiality terms.

7. International Data Transfers

If data is transferred outside the EU/EEA (e.g., to the U.S.), we rely on:

EU Standard Contractual Clauses (SCCs)
Data encryption and minimization
Binding third-party data protection commitments

8. Cookies & Tracking Technologies

We use cookies for:

Website performance
Analytics and behavior tracking
Marketing and personalization

You can adjust preferences in your browser or via our Cookie Policy.

9. Data Retention

Data Type	Retention Period
Account Data	While account is active + 6 months
Service Data	2 years after last activity or deletion request
Technical Logs	12 months
Backups	Up to 90 days (encrypted and secured)

You can request deletion of your data at any time.

10. Data Security Measures

We use enterprise-grade safeguards including:

AES-256 encryption at rest & TLS 1.3 in transit
Role-based access controls and 2FA
Logging, monitoring, and vulnerability scanning
Secure access policies and staff NDAs

11. Breach Notification

In case of a personal data breach affecting your rights, we will:

Notify impacted users and relevant authorities within 72 hours
Provide details of the breach, what data was affected, and mitigation steps
Offer guidance on how to protect yourself

12. Your Privacy Rights (EU/UK)

You have the right to:

Access your personal data
Rectify inaccurate or incomplete data
Request deletion (“right to be forgotten”)
Restrict or object to certain processing
Data portability
Withdraw consent at any time
File a complaint with the CNIL or your regional data authority

Contact: hi@reqme.co

EU/UK Representative: Please contact hi@reqme.co

13. U.S. State Privacy Rights (CCPA, CPRA, VCDPA, etc.)

If you’re a U.S. resident, your rights may include:

Right to know what data we collect and why
Right to delete your data
Right to access and receive your data in portable format
Right to opt out of data sale (we do not sell your data)
Right to non-discrimination for exercising your privacy rights
Right to opt out of automated decision-making
Right to file a complaint with the FTC

hi@reqme.co and select Privacy category during request creation— Response within 45 days.

14. Children’s Privacy

Our services are not directed at individuals under 16. We do not knowingly collect or process data from children. If you’re a parent or guardian and believe your child has shared data with us, please contact us for deletion.

15. Data Protection Impact Assessments

For high-risk processing activities (e.g., AI-driven decision-making), we conduct DPIAs (Data Protection Impact Assessments) as required by GDPR Article 35.

16. Changes to This Policy

We may update this policy due to:

Changes in law
New product features
Updated data practices

You will be notified of material changes via:

Email (if provided)
In-app notification
Updated “Effective Date” at the top of this page

17. Contact Us

For questions, complaints, or to exercise your rights:

📧 Support & General: hi@reqme.co
🔒 Privacy Inquiries: create Privacy request in https://reqme.co or send an e-mail hi@reqme.co

📍 Supervisory Authority:
CNIL – Commission Nationale de l’Informatique et des Libertés
3 Place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07
www.cnil.fr

Privacy Policy

Privacy Policy

1. Introduction

2. Who This Policy Applies To

3. Data We Collect

Bank Account Details for Service Providers

4. Legal Bases for Processing (GDPR)

5. Use of AI Technology

Automated Processing & AI Features

6. How We Share Your Data

7. International Data Transfers

8. Cookies & Tracking Technologies

9. Data Retention

10. Data Security Measures

11. Breach Notification

12. Your Privacy Rights (EU/UK)

13. U.S. State Privacy Rights (CCPA, CPRA, VCDPA, etc.)

14. Children’s Privacy

15. Data Protection Impact Assessments

16. Changes to This Policy

17. Contact Us

Check your email!

MFA Verification

Continue your
Onboarding

Reset password

Reset password

Reset password

Privacy Policy

1. Introduction

2. Who This Policy Applies To

3. Data We Collect

Bank Account Details for Service Providers

4. Legal Bases for Processing (GDPR)

5. Use of AI Technology

Automated Processing & AI Features

6. How We Share Your Data

7. International Data Transfers

8. Cookies & Tracking Technologies

9. Data Retention

10. Data Security Measures

11. Breach Notification

12. Your Privacy Rights (EU/UK)

13. U.S. State Privacy Rights (CCPA, CPRA, VCDPA, etc.)

14. Children’s Privacy

15. Data Protection Impact Assessments

16. Changes to This Policy

17. Contact Us

Create an account

Check your email!

MFA Verification

Continue yourOnboarding

Sign in

Reset password

Reset password

Reset password

Continue your
Onboarding