Privacy Policy

01If you visit this website

We use Plausible Analytics to understand how the site is used. Plausible is cookieless and does not collect or store personal information; we receive only aggregated metrics like page views, referrers, and country-level location, derived without persistent identifiers. Plausible is operated by Plausible Insights OÜ in the EU. Their privacy notice is at plausible.io/privacy.

We do not set tracking cookies or run third-party advertising pixels. Standard server logs (IP address, user agent) may be retained for up to 30 days for security and abuse prevention.

Legal basis: our legitimate interest in operating and securing the site.

02If you join the waitlist

We collect only your email address. It is used solely to notify you when Reykur is generally available and to share occasional progress updates.

Legal basis: your consent. You can withdraw consent at any time by unsubscribing or emailing us.

Retention: we keep your email until you unsubscribe.

03If you request a demo

The demo request form collects your first name, last name, work email, company name, and (optionally) job title. We use this information to follow up about a product walkthrough and to understand the kind of organisation interested in Reykur.

If you tick the marketing-updates checkbox, we may also send you occasional product updates; if you leave it unticked we will only contact you about your demo request. You can change your mind at any time by emailing us or using the unsubscribe link in any email we send.

Legal basis: your consent for processing the form, and our legitimate interest in following up on your enquiry. Marketing updates rely on consent (the checkbox).

Retention: we keep your contact details for as long as we are in active conversation and for up to 24 months after the last interaction; ask us to delete them sooner and we will.

04Where these submissions are stored

Waitlist and demo-request data are stored in HubSpot, our CRM provider, on its EU infrastructure (Frankfurt). HubSpot processes data under its own GDPR-aligned privacy and security commitments. Their privacy notice is at legal.hubspot.com/privacy-policy. We will not share, sell, or rent your contact details. Every marketing email we send includes an unsubscribe link.

05If you use the Reykur platform (alpha)

Customer data is stored inside our AWS tenant in EU regions and is not exported outside the EU.

For AI inference we use AWS Bedrock in an EU region, with EU-hosted foundation models. Under Bedrock's terms, your data is not shared with model providers and is never used to train any model. Bedrock processes each request statelessly and returns the result; AWS does not retain it.

For product analytics inside the platform we use PostHog. It is configured to record only an anonymized user identifier and high-level usage events. We do not capture page content or form inputs, and we do not use session replay or screen recording. PostHog's privacy notice can be found at posthog.com/privacy.

Legal basis: performance of our customer agreement with you.

Retention: kept for the duration of the agreement and deleted within 90 days of termination, unless we are legally required to retain it longer.

When you use the platform as a business customer, our processing of personal data on your behalf is governed by our Data Processing Agreement.

06International transfers

HubSpot is headquartered in the United States. Although waitlist and demo-request data is stored on HubSpot's EU infrastructure (Frankfurt), US parent-company access is treated as an international transfer under EU and Swiss law. We rely on the European Commission's Standard Contractual Clauses and HubSpot's certification under the EU-US and Swiss-US Data Privacy Frameworks as the transfer mechanism.

Plausible Analytics, AWS Bedrock inference, and the rest of our infrastructure operate within the EU and do not involve a third-country transfer.

07Security

We encrypt data in transit (TLS) and at rest. Access to production systems is restricted to authorised personnel, audited, and follows the principle of least privilege. We review access regularly.

08Your rights

Under the EU GDPR and the Swiss Federal Act on Data Protection (FADP), you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Delete your data (the “right to be forgotten”).
• Restrict our processing of it.
• Object to our processing.
• Port your data, receiving it in a machine-readable format.
• Withdraw consent at any time, where processing is based on consent. This does not affect the lawfulness of processing carried out before the withdrawal.
• Lodge a complaint with a supervisory authority. In Switzerland, that is the Federal Data Protection and Information Commissioner (FDPIC), edoeb.admin.ch. EU residents can complain to their local data protection authority.

To exercise any of these rights, email hello@reykur.io. We will action the request within a reasonable timeframe.

09Minors

Reykur is a B2B service intended for organisations and their authorised representatives. It is not directed at children and is not designed for consumer use. We do not knowingly collect personal data from anyone under 16 except where a customer organisation has the lawful authority to enrol them (for example, an employer enrolling an apprentice or intern). If you believe we hold data about a minor that should not have been provided, contact us at hello@reykur.io and we will remove it.

10Changes to this policy

We will update the “Last updated” date at the top of this page when we make changes. Material changes affecting how we use your data will be communicated to waitlist subscribers and platform customers in advance.