RegPulse (reg-bot.ai) is an AI-powered compliance co-pilot for small businesses. This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights as a user.
Information We Collect
- Account and profile data: email address, password (hashed), business name, business type, street address, city, state, ZIP code, EIN, owner name, phone number, and other information you voluntarily enter.
- Coarse location:when you grant permission, we use your device's GPS to detect your approximate city and state so we can surface jurisdiction-specific compliance requirements. We do not store raw GPS coordinates — only the resolved city/state string.
- Uploaded documents and photos: you may upload permit documents, licenses, and photos of your business premises for AI-powered compliance analysis. These files are processed by our AI providers (see Sharing below) and, for authenticated users, stored in your private Supabase Storage bucket.
- Chat and form content: messages you send and form responses you submit are processed to generate compliance guidance and pre-fill forms. Chat history is stored per-session for context and may be saved to your account if you are signed in.
- Technical data: device type, operating system, IP address, and crash logs — used for security, fraud prevention, and improving reliability.
- Payment data: subscription and payment processing is handled entirely by Stripe. We never see or store your card number, CVV, or full billing address.
How We Use Your Information
- Deliver AI-powered, hyper-local compliance guidance tailored to your business type and jurisdiction
- Store your business profile and compliance checklist so they persist across sessions and devices
- Send renewal reminder emails and SMS notifications when permits are approaching expiration (only if you enable this)
- Analyze uploaded documents and photos to identify compliance status and risks
- Process your Pro subscription via Stripe
- Improve the service using anonymized, aggregated analytics
- Respond to support requests
Sharing and Third-Party Services
We share data only with the service providers necessary to operate RegPulse. We do not sell your data and do not use advertising or tracking SDKs.
- Anthropic (Claude): processes chat messages, compliance questions, and renewal reminder content generation. Data is sent per-request; Anthropic does not train on your data under our API agreement.
- OpenAI (GPT-4o): processes uploaded documents and photos for compliance analysis, and powers the AI Pre-Inspection Coach. Data is sent per-request; OpenAI does not train on API data by default.
- Supabase: stores your account, business profile, compliance checklist, uploaded documents, and chat history. Data is encrypted at rest and in transit.
- Stripe:processes subscription payments. Stripe's privacy policy governs payment data. We store only your Stripe customer ID and subscription status.
- Twilio: sends SMS renewal reminder notifications to the phone number you provide, if you enable SMS alerts.
- Resend: delivers transactional emails, including renewal reminders and account confirmation messages.
Location Data
We request access to your device's location solely to detect your city and state for compliance jurisdiction matching. The raw GPS coordinates are never transmitted to our servers or stored. You may deny location permission at any time — the app will prompt you to enter your location manually instead.
Photos and Documents
Photos taken or selected for the Photo Compliance Scan feature are sent directly to OpenAI for analysis and are not stored on our servers after the analysis completes. Documents you upload (PDFs, images of permits) are stored in your private, access-controlled Supabase Storage bucket and are not accessible by other users.
Data Retention and Deletion
- Your data is retained for as long as your account is active.
- You may request complete deletion of your account and all associated data at any time by emailing support@reg-bot.ai. Requests are processed within 30 days.
- Payment records may be retained longer where required by law or Stripe's policies.
Your Rights
Depending on your jurisdiction you may have the right to access, correct, port, or delete your personal data, and to opt out of certain processing. To exercise any of these rights email support@reg-bot.ai. We comply with CCPA/CPRA (California), GDPR (EU/UK), and applicable US state privacy laws.
Children
RegPulse is not directed at children under 13 and we do not knowingly collect data from anyone under 13. If you believe a child has provided us personal information, contact us immediately.
Changes to This Policy
We may update this policy as we add features. Material changes will be communicated via in-app notice or email. Continued use after the effective date constitutes acceptance of the updated policy.
Contact
Questions about this policy? Email support@reg-bot.ai
App Store Privacy Nutrition Label Summary
Use these answers when completing App Privacy in App Store Connect.
| Data Type | Collected | Linked to You | Used for Tracking |
|---|---|---|---|
| Email address | Yes | Yes | No |
| User ID | Yes | Yes | No |
| Name / phone number | Yes (optional) | Yes | No |
| Business profile data | Yes | Yes | No |
| Coarse location (city/state) | Yes | Yes | No |
| Photos (compliance scan) | Yes (user-initiated) | Yes | No |
| Uploaded documents | Yes (user-initiated) | Yes | No |
| User content (chat, forms) | Yes | Yes | No |
| App interactions / usage | Yes | No | No |
| Crash data | Yes | No | No |
| Precise GPS coordinates | No | — | — |
| Financial info (card numbers) | No | — | — |
| Health data | No | — | — |
| Contacts | No | — | — |
Does this app track users? No — answer “No” to “Does this app use data to track the user?” in App Store Connect. ATT prompt is not required.
Location permission purpose string: “RegPulse uses your location to identify the compliance requirements for your city and state. GPS coordinates are never stored.”
Google Play Data Safety Summary
- Data encrypted in transit: Yes (TLS)
- Data encrypted at rest: Yes (Supabase / AES-256)
- User can request data deletion: Yes — email support@reg-bot.ai
- Data collected: Email, User ID, name, phone (optional), business profile, coarse location, uploaded files (user-initiated), chat/form content, app interactions, crash logs
- Third-party data sharing: Anthropic (AI), OpenAI (AI), Supabase (auth/db/storage), Stripe (payments), Twilio (SMS), Resend (email)
- Data used to track users across apps or websites: No
- Data sold to third parties: No