Privacy Policy
This Privacy Policy explains how ReQL Innovations LLP ("ReQL", "we", "us", "our") collects, uses, discloses, and safeguards personal data when you use the ReQL website (reql.dev), the ReQL application at app.reql.dev, and any related services (together, the "Services"). ReQL is governed by the laws of India, including the Digital Personal Data Protection Act, 2023 ("DPDP Act").
1. Who we are
ReQL Innovations LLP is a limited liability partnership incorporated in India, with its registered office in Mumbai, Maharashtra. For any question about this policy or your personal data, write to aisha@reql.ai.
2. Data we collect
We collect only what we need to operate and improve the Services.
- Account data — name, work email, employer, role, and authentication credentials.
- Customer content — documents you upload for audit (policies, circulars, agreements, product docs), queries you run, and outputs the platform generates for you.
- Usage data — pages viewed, features used, device and browser type, IP address, and diagnostic logs.
- Communications — messages you send to us via email, forms, or support channels.
- Cookies and similar technologies — used for essential session management and, where enabled, product analytics. See section 8.
3. How we use personal data
- To provide, secure, and operate the Services.
- To generate the citations, gap analyses, and audit reports you request.
- To support you, respond to your enquiries, and communicate service updates.
- To improve accuracy of our regulatory small language model — using aggregated, de-identified signals from usage and, where you explicitly opt in, from your corrections.
- To meet legal, tax, audit, and regulatory obligations that apply to us.
- To detect, prevent, and respond to fraud, abuse, or security incidents.
We do not sell personal data. We do not train shared foundation models on your customer content.
4. Legal basis
We process personal data on the basis of your consent, your engagement of the Services under contract, our legitimate interests in operating a secure product, and to comply with applicable law — as recognised under the DPDP Act and other applicable laws.
5. Sharing personal data
- Service providers (data processors): cloud hosting, email, error monitoring, and analytics vendors that process data on our instructions under written agreements.
- Group companies: ReQL is a company within the CredAble group. We may share limited operational data with group entities on a need-to-know basis, subject to equivalent confidentiality and security controls.
- Legal and safety: where required by law, court order, or to protect the rights, property, or safety of ReQL, our customers, or others.
- Corporate transactions: in connection with a merger, acquisition, or sale of assets, with appropriate safeguards and notice.
6. Data retention
We retain personal data only as long as needed for the purposes above or as required by law. Customer content is retained for the term of your subscription plus a defined post-termination window, after which it is deleted or de-identified. You may request earlier deletion in accordance with section 9.
7. Security
We apply administrative, technical, and physical safeguards designed to protect personal data — including encryption in transit and at rest, role-based access controls, single sign-on, audit logging, and least-privilege service accounts. Enterprise customers may deploy ReQL entirely inside their own infrastructure so that no customer content leaves their perimeter. No system is perfectly secure; we work to promptly detect, contain, and notify affected parties if an incident occurs.
8. Cookies and analytics
We use strictly necessary cookies to keep you signed in and secure. Where enabled, we use privacy-preserving product analytics to understand aggregate usage. You can control non-essential cookies through your browser or by declining them in-product where a control is offered.
9. Your rights
Subject to the DPDP Act and other applicable law, you have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate or incomplete data.
- Request erasure of data we no longer need or that you have withdrawn consent for.
- Withdraw consent at any time (this does not affect processing already carried out).
- Nominate another person to exercise these rights in the event of your death or incapacity.
- Raise a grievance with our Grievance Officer.
To exercise any of these rights, write to aisha@reql.ai. We will respond within the timelines required by law.
10. Grievance Officer
Aisha Peenwal
ReQL Innovations LLP, Mumbai, Maharashtra, India
Email: aisha@reql.ai
11. International transfers
Personal data is primarily stored and processed in India. Where a sub-processor is located outside India, we transfer data only to jurisdictions permitted under the DPDP Act and only under appropriate safeguards.
12. Children
The Services are intended for business use and are not directed to individuals under 18. We do not knowingly collect personal data from children.
13. Changes to this policy
We may update this policy from time to time. If we make material changes, we will notify you by email or through the Services before the changes take effect. The "Last updated" date at the top reflects the most recent revision.
14. Contact
Questions or requests? Write to aisha@reql.ai.