Version 1.3
Last updated: 2026-05-06 Effective date: 2026-05-06 (contact-information update; no change to data-processing practices)
What changed in v1.3 (2026-05-06): Updated the company mailing address and added a contact phone number. No change to how we collect, use, share, or retain personal information.
What changed in v1.2 (2026-04-30): Added "Wallet ledger" to the categories of personal data we generate. Updated the purposes table and sub-processor list to reflect the prepaid-wallet billing model that replaces per-license / trial-budget. Added 7-year retention for wallet transactions and Stripe records (financial-records audit). Updated security section to describe per-org wallet isolation.
This Privacy Policy describes how Reactiphi LLC, a Delaware limited liability company with mailing address 68 Harrison Ave Ste 605 PMB 527052, Boston, MA 02111-1929, USA (phone: (508) 474-9425) ("reactiphi," "we," "us") collects, uses, stores, shares, and protects personal information in connection with the reactiphi synthetic-audience pre-testing platform (the "Service").
For the purposes of the EU General Data Protection Regulation ("GDPR") and the United Kingdom GDPR ("UK GDPR"), the controller of the personal data described in this policy is Reactiphi LLC, contactable at privacy@reactiphi.com.
For the purposes of the California Consumer Privacy Act ("CCPA" / "CPRA"), Reactiphi LLC is the business processing the personal information described herein.
We collect personal information in the following categories. We do not collect any category of personal information not listed here.
When you create an Account or use the Service:
| Category | Examples | Source |
|---|---|---|
| Identity data | Display name | You, during registration |
| Contact data | Email address | You / your administrator who invited you |
| Authentication data | Password (stored hashed via argon2id, never in plaintext) | You, during registration |
| Account preferences | Notification settings, saved demographic templates | You, in-app |
| Customer Inputs | Ad copy, scripts, demographic descriptions, audience filters you submit for testing | You, in-app |
| Category | Examples | Purpose |
|---|---|---|
| Usage data | Which features you use, when, frequency, per-campaign LLM-call records | Operate the Service, internal accounting |
| Wallet ledger | Every wallet credit (top-up, beta grant) and debit (campaign launch, refund) — amount, kind, timestamp, running balance | Show your balance, transaction history, and audit trail |
| Authentication metadata | Login timestamps, IP address (for security audit), user-agent string | Detect suspicious access |
| Session data | Active session tokens (hashed at rest), expiry timestamps | Maintain login state |
| Error logs | Stack traces and error context when something fails | Debug and improve the Service |
We do not purchase personal information from data brokers, social-media platforms, or any other third-party source.
If your administrator invites you to an Organization, we receive your email address from that administrator's submission to the invitation form.
If your Organization signs up via our website, we may receive contact information from your representative as part of the sales process.
We make a deliberate effort to minimize collection. We do not collect:
The Service uses no third-party advertising trackers, analytics pixels, or marketing cookies of any kind.
We process personal information for the following purposes only:
| Purpose | Legal basis (GDPR) | Categories used |
|---|---|---|
| Provide and operate the Service | Contract (Art. 6(1)(b)) | All categories |
| Authenticate users and maintain sessions | Contract; Legitimate interest in security (Art. 6(1)(b), (f)) | Identity, authentication, session |
| Process Customer Inputs through LLM APIs to generate Outputs | Contract (Art. 6(1)(b)) | Customer Inputs, account identifier |
| Send transactional emails (welcome, invitations, password resets, top-up receipts, low-balance notifications) | Contract (Art. 6(1)(b)) | Identity, contact |
| Process wallet top-ups, debit campaigns from balance, issue refunds | Contract (Art. 6(1)(b)); Legitimate interest in fraud prevention | Wallet ledger, payment records, contact |
| Improve the Service via aggregated, de-identified analytics | Legitimate interest (Art. 6(1)(f)) | Aggregated usage only |
| Comply with legal obligations | Legal obligation (Art. 6(1)(c)) | As required by law |
| Defend or assert legal claims | Legitimate interest (Art. 6(1)(f)) | As necessary |
| Notify you of material changes to the Terms or this Policy | Contract (Art. 6(1)(b)) | Identity, contact |
We do not use personal information for direct marketing, behavioral advertising, profiling decisions with legal effect, or training third-party AI models.
We share personal information only as described below.
To operate the Service, we share certain data with the following categories of vendors. Each is bound by a written data-processing agreement and is permitted to process your data only on our documented instructions.
| Vendor | Role | Data shared | Location |
|---|---|---|---|
| Amazon Web Services, Inc. | Application hosting + managed PostgreSQL (Aurora) + container orchestration (ECS) | All hosted data: account, campaign, run, persona, response, score, insight, brief, share-link, usage records | United States — us-east-2 (Ohio) region |
| Resend, Inc. | Transactional email delivery | Email address + message content for welcome, invitations, password resets, top-up receipts, low-balance notifications | United States |
| Anthropic PBC | Large-language-model inference | Customer Inputs (in transit) for the duration of each API call | United States |
| Stripe, Inc. | Payment processing for wallet top-ups | Billing contact, payment-method tokens (last-four digits + brand only — full card numbers never reach our servers), top-up amount, transaction timestamps | United States |
We will update this list when material changes occur. The current vendor list is also available on request to privacy@reactiphi.com.
Customer Inputs are transmitted to Anthropic's API for processing by the underlying language models. Anthropic operates under its own privacy policy and commercial terms (anthropic.com/legal/privacy, anthropic.com/legal/commercial-terms). Per Anthropic's commercial-API terms in effect at the time of this Policy, Customer Inputs and Outputs transmitted via the API are not used by Anthropic for training their models. We do not separately authorize the use of Customer Inputs for any training or fine-tuning purpose by any third party.
Each Organization's data is strictly isolated from every other Organization's data. The Service architecture enforces tenant separation at the database query layer: every read and write of campaign, run, script, persona, response, score, insight, brief, and usage data filters by organization_id. There is no scenario in which one Customer can view, list, or modify another Customer's data through the Service.
The single exception is share links: when you, as the Customer, explicitly generate a share link for a brief or report, anyone in possession of the share-link URL can view that specific brief/report. Share links use unguessable cryptographic tokens (24 bytes of entropy) and are only generated on your explicit action. You can revoke a share link at any time.
We will disclose personal information when required by valid legal process (subpoena, court order, statutory production order). Where lawful, we will notify the affected Customer before disclosure. We do not voluntarily share personal data with law enforcement absent legal compulsion.
If Reactiphi LLC is involved in a merger, acquisition, financing transaction, or sale of substantially all of its assets, personal information may be transferred to the acquiring entity, subject to commercially standard confidentiality protections. We will provide notice via email and an in-app banner before the transfer takes effect, and the acquiring entity will be bound by terms no less protective than this Policy (or you will be given the option to delete your data).
We do not sell personal information for monetary or other valuable consideration, as those terms are defined under CCPA, CPRA, or similar laws. We have not sold personal information in the past twelve months and have no intention to do so.
The Service is hosted in the United States, in the AWS us-east-2 (Ohio) region. All Customer data — including the PostgreSQL database (Aurora), application containers (ECS), and managed backups — resides in the United States.
If you are located in the European Economic Area, the United Kingdom, or Switzerland, by using the Service you consent to the transfer of your personal data to the United States. Where required by law, such transfers are made under the European Commission's Standard Contractual Clauses (Module 1 or Module 2 as applicable), the UK International Data Transfer Addendum, or an equivalent valid transfer mechanism. A copy of our SCC documentation is available on request to privacy@reactiphi.com, or under our separate Data Processing Agreement on request.
| Data type | Retention period |
|---|---|
| Account data (identity, contact, authentication) | For the duration of your Account, plus 30 days after closure to handle disputes |
| Customer Inputs and Outputs (campaigns, runs, scripts, briefs, share links) | While your Organization's Account is active. After deletion (or Account closure): 30-day soft-delete window during which the data can be restored on request, then permanently hard-deleted from active systems |
| Wallet transactions (top-ups, charges, refunds, beta grants) | Seven (7) years for tax / accounting audit purposes (financial records) |
| Stripe payment records (linked to wallet top-ups) | Seven (7) years for tax / accounting audit purposes (financial records) |
| Usage records (per-LLM-call internal audit) | Seven (7) years for internal accounting; never user-visible |
| Authentication / administrative audit logs (login timestamps, IP, role changes, invitation accepts) | 90 days |
| Error logs (stack traces, request context) | 30 days |
| Session tokens | Until session expiry (24 hours after issuance), then immediately purged |
| Database backup snapshots (managed by AWS Aurora) | 35 days (matches the AWS Aurora default backup retention window). Deletion requests propagate to backup-restored systems within this window. |
When the retention period expires, personal information is hard-deleted from our active systems and propagated to backups within the backup retention window above.
Depending on your jurisdiction, you may have the following rights regarding your personal information:
| Right | Description | How to exercise |
|---|---|---|
| Access | Receive a copy of the personal information we hold about you | Email privacy@reactiphi.com or use the in-app data-export tool (Settings → Account, when available) |
| Correction | Correct inaccurate personal information | Update directly in Settings → Account, or email us |
| Deletion (right to erasure) | Request deletion of your personal information | Email privacy@reactiphi.com or, for Organization-wide deletion, contact your administrator |
| Restriction of processing | Restrict how we process your information | Email privacy@reactiphi.com |
| Data portability | Receive your data in a structured, machine-readable format | Email privacy@reactiphi.com for organization-wide JSON export |
| Objection | Object to processing based on legitimate interest | Email privacy@reactiphi.com |
| Withdraw consent | Where processing is based on consent, withdraw at any time | Email privacy@reactiphi.com |
| Lodge a complaint | File a complaint with your supervisory authority | EEA users: your national DPA. UK users: ICO. California users: California Attorney General. |
We will respond to verifiable requests within thirty (30) days (or sixty (60) days for complex requests, with notice).
We do not discriminate against users who exercise their privacy rights.
Operator note (CCPA disclosure): in the past twelve months, the categories of personal information described in Section 2 have been collected, used, and disclosed for the purposes described in Sections 3 and 4. We have not sold or shared personal information for cross-context behavioral advertising in the past twelve months.
We protect personal information using a combination of technical and organizational measures, including:
none for cross-origin production deployments).organization_id. No cross-org joins exist in the API surface.No security measure is perfect. In the event of a breach involving your personal data, we will notify the relevant supervisory authority (where required by law) within 72 hours and notify affected users without undue delay.
The Service uses only one cookie: a session cookie required to maintain your login state. This cookie is HTTP-only, Secure (in production), and SameSite-restricted. It is automatically deleted when your session expires (24 hours).
We do not use cookies for tracking, analytics, advertising, A/B testing, or behavioral profiling.
We do not use third-party tracking pixels, fingerprinting, or any similar technique.
We do not honor Do Not Track signals because we do not track in the first place.
The Service is not intended for and is not directed at individuals under sixteen (16) years of age (or, where stricter, the minimum age required by your jurisdiction for processing personal data without parental consent). We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact privacy@reactiphi.com and we will take steps to delete the information.
We may update this Privacy Policy from time to time. When we do, we will:
Continued use of the Service after the effective date of an updated policy constitutes acceptance of the updated policy. If you do not agree to a material change, you may discontinue use and request deletion of your data.
For any privacy-related question or to exercise your rights, contact us:
If we are processing your personal data on behalf of an Organization (as a processor under GDPR or service provider under CCPA), please first contact that Organization's administrator. We will assist the Organization in responding to your request as required by our contract with them.
Document control
| Field | Value |
|---|---|
| Document version | 1.3 |
| Effective date | 2026-05-06 |
| Replaces | Version 1.2 (2026-04-30) |
| Owner | Reactiphi LLC |
| Privacy contact | privacy@reactiphi.com |
| Phone | (508) 474-9425 |
| GDPR / UK GDPR controller | Reactiphi LLC, 68 Harrison Ave Ste 605 PMB 527052, Boston, MA 02111-1929, USA |
| Hosting region | AWS us-east-2 (Ohio), United States |
| Cross-border transfer mechanism | EU/EEA → US: SCCs (Module 1 / Module 2) · UK → US: UK IDTA · Switzerland → US: Swiss FDPIC SCC addendum |
© 2026 Reactiphi LLC. All rights reserved.