Privacy Policy

1. Introduction

Welcome to Refineo. We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI text humanization service.

By using Refineo, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our service.

2. Information We Collect

2.1 Information You Provide

Account Information:

• Email address
• Name
• Password (encrypted)
• Profile information (if provided)

Payment Information:

• Payment card details (processed securely by Stripe - we do not store full card numbers)
• Billing address
• Payment history

Content Data:

• Text you submit for humanization
• Humanized output we generate
• Model selection preferences
• Request history

2.2 Automatically Collected Information

Usage Data:

• IP address (hashed for security)
• Browser type and version
• Device information
• Pages visited and features used
• Time and date of visits
• Time spent on pages
• Referral source

Cookies and Tracking Technologies:

• Session cookies (essential for functionality)
• Authentication tokens
• Analytics cookies (with consent)
• Preference cookies

2.3 Third-Party OAuth Data

When you sign in with Google:

• Email address
• Name
• Profile picture URL
• Google account ID

3. How We Use Your Information

3.1 Service Provision

• Process your text humanization requests
• Maintain your account and subscription
• Provide customer support
• Send service-related notifications
• Manage billing and payments

3.2 Service Improvement

• Analyze usage patterns to improve our algorithms
• Enhance user experience and features
• Develop new services and functionalities
• Monitor and prevent technical issues

3.3 Security and Fraud Prevention

• Detect and prevent fraudulent activity
• Enforce our Terms of Service
• Protect against unauthorized access
• Monitor for abuse of our service

3.4 Communications (with consent)

• Send product updates and new features
• Share relevant content and tips
• Notify you of promotions (you can opt out)
• Request feedback on our service

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your data based on:

• Contract Performance: Processing necessary to provide our service
• Legitimate Interests: Improving our service, security, and fraud prevention
• Consent: Marketing communications and analytics (you can withdraw anytime)
• Legal Obligations: Compliance with applicable laws

5. Data Sharing and Disclosure

5.1 Service Providers

We share data with trusted third-party service providers who assist us in operating our service:

• Stripe: Payment processing (PCI-DSS compliant)
• Google OAuth: Authentication services
• Supabase/Vercel: Database and hosting
• SendGrid/AWS SES: Email delivery
• Upstash Redis: Rate limiting and caching
• Plausible Analytics: Privacy-focused analytics (no cookies, GDPR compliant)

5.2 AI Service Providers

Your submitted text is processed by:

• AIHumanize.io: Text humanization processing

We do not share your identity or contact information with AI service providers.

5.3 Legal Requirements

We may disclose your information if required by law or in response to:

• Valid legal processes (subpoenas, court orders)
• Government requests
• Protection of our rights, property, or safety
• Prevention of fraud or illegal activities

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you via email and/or prominent notice on our website before any transfer.

6. Data Retention

6.1 Account Data

• Retained while your account is active
• Deleted within 30 days of account deletion request
• Some data retained longer for legal compliance (billing records: 7 years)

6.2 Request History

• Free Tier: 90 days (automatically deleted)
• Paid Tiers: Unlimited retention while subscription is active
• Deleted within 30 days after account closure

6.3 Anonymous Data

• Demo session data: 24 hours
• Anonymous analytics: Retained indefinitely (cannot be linked to you)

7. Data Security

We implement industry-standard security measures to protect your data:

7.1 Technical Safeguards

• HTTPS/TLS encryption for all data transmission
• Bcrypt password hashing (10 rounds)
• Database encryption at rest
• Secure session management with httpOnly cookies
• Rate limiting to prevent abuse

7.2 Organizational Safeguards

• Limited employee access on a need-to-know basis
• Regular security audits and updates
• Secure development practices
• Data breach response plan

Note: While we implement robust security measures, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

8. Your Rights and Choices

8.1 Access and Portability

• Request a copy of your personal data
• Export your request history
• View your account information in the dashboard

8.2 Correction and Update

• Update your account information anytime
• Correct inaccurate data
• Change your email address (requires re-verification)

8.3 Deletion (Right to be Forgotten)

• Delete your account and all associated data
• Request deletion of specific request history
• Deletion completed within 30 days

8.4 Opt-Out Rights

• Unsubscribe from marketing emails (link in every email)
• Disable non-essential cookies
• Opt out of analytics tracking

8.5 Additional Rights (GDPR/CCPA)

If you are in the EEA or California:

• Right to restrict processing
• Right to object to processing
• Right to lodge a complaint with supervisory authority
• Right to withdraw consent
• Right to know what data we sell (we do not sell your data)

9. Children's Privacy

Our service is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. We will delete such information within 30 days.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws.

For EEA Users: We rely on:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions
• Your explicit consent

11. Cookies and Tracking Technologies

11.1 Essential Cookies

Required for service functionality (cannot be disabled):

• Session authentication
• Security tokens
• Load balancing

11.2 Analytics Cookies (Optional)

Used with your consent:

• Plausible Analytics (privacy-focused, no personal data)
• Performance monitoring
• Feature usage tracking

11.3 Managing Cookies

You can control cookies through:

• Our cookie consent banner
• Your browser settings
• Account preferences

12. California Privacy Rights (CCPA)

California residents have additional rights:

12.1 Right to Know

• Categories of personal information collected
• Sources of data collection
• Business purposes for collection
• Third parties with whom we share data

12.2 Right to Delete

Request deletion of your personal information (subject to legal exceptions)

12.3 Right to Opt-Out of Sale

We do not sell your personal information.

12.4 Non-Discrimination

We will not discriminate against you for exercising your CCPA rights.

13. Do Not Track Signals

Our service does not respond to Do Not Track (DNT) browser signals. However, you can disable analytics through our cookie preferences or by using privacy-focused browsers.

14. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of material changes via:

• Email to your registered address
• Prominent notice on our website
• In-app notification

The "Last updated" date at the top indicates when the policy was last revised. Your continued use after changes constitutes acceptance of the updated policy.

15. Contact Us

For privacy-related questions or to exercise your rights, contact us:

16. Data Protection Officer (DPO)

For EEA users, you can contact our Data Protection Officer: