Privacy Policy

Last updated: July 2026

Who we are

Reggie is the workspace for public affairs, communications, founders and C-suite working in regulated industries. We are the data controller for the personal data described below. For data protection enquiries: privacy@reggie.app.

Data we hold about you (the account holder)

  • Account: name, email, hashed password (or Google identifier), job title, company name, sector.
  • Usage: the briefings, threads, pinned items, Ask questions, source clicks and feedback you create.
  • Network: the contacts you add (name, role, public URLs, your notes) and the enrichment data we derive about them from public sources.
  • Technical: IP address, browser/device, and session cookies used for authentication.

Data we hold about third parties (people you add as contacts)

When you add someone to your Reggie network, we may search public sources — gov.uk, parliament.uk, BBC, public LinkedIn pages, Wikipedia and similar — to build a structured career profile. We process this under legitimate interest (helping policy professionals understand the public record of public-facing people) and only retain information that is already publicly accessible.

We do not scrape private profiles, send connection requests, or pretend to be you.

If you are a third party and want to know what we hold, correct it, object to processing, or have it deleted, please use the privacy request form.

How long we keep data

  • Account data: until you delete your account.
  • Briefings, Ask threads: kept indefinitely by default — per-user retention controls are on the roadmap.
  • Enriched contact data: until you forget the contact, or you delete your account.
  • Deleted accounts: 30-day soft-delete window for recovery, then irreversibly purged.
  • Audit & security logs (when enabled): 12 months.

Who we share data with

We share data only with the sub-processors listed on our Security page — managed Postgres/auth, our LLM gateway, Firecrawl for public web search, and Google for OAuth. We do not sell or rent personal data.

Your rights (UK & EU GDPR)

  • Access a copy of your data
  • Correct inaccurate data
  • Have your data erased
  • Object to processing based on legitimate interest
  • Withdraw consent where processing is based on it
  • Complain to your supervisory authority (ICO in the UK)

To exercise any of these, use the request form or email privacy@reggie.app.

International transfers

Our primary database is in the EU. Some sub-processors (LLM inference, Firecrawl) may process data in the US under appropriate safeguards (Standard Contractual Clauses). EU-only inference is on the roadmap.

Security

See our Security page for technical and organisational measures, sub-processor list, and current/planned controls.

Changes

We'll notify account holders by email for material changes. Minor updates will be reflected in the "Last updated" date above.