Privacy
Privacy policy
How RSTR collects, uses, stores, secures, and shares personal information across the public site, the web workspace, and the mobile product.
Contact support
Review cookie policy
Last updated
April 8, 2026
Applies to
rstrapp.com, the web workspace, and the iOS and Android apps.
Contact
hello@rstrapp.com
Terms
Cookie policy
Support
Scope
This Privacy Policy applies to RSTR websites, authenticated workspaces, mobile applications, support interactions, and other services that link to it.
It explains what information we collect, how we use it, when we share it, how long we keep it, and the choices available to you. It is designed to be read alongside any product-specific disclosures we show at sign-up, checkout, connector setup, or in-app permissions prompts.
Information we collect
Account and profile data such as your email address, sign-in state, workspace membership, timezone, and account settings.
Project and collaboration data such as project names, agent assignments, chats, prompts, approvals, files, attachments, notes, and other content you choose to store or send through the service.
Integration and connection data such as the providers you authorize, the resources you bind, and metadata needed to keep those integrations working inside the permissions you grant.
Billing and transaction data such as plan status, credit balances, purchase records, and payment-related metadata. We do not store full payment card numbers ourselves when a payment processor handles them.
Device, log, and usage data such as IP address, app version, browser type, operating system, crash data, event logs, and feature usage needed for security, diagnostics, and product improvement.
Support and communications data such as support messages, bug reports, survey answers, and email preferences.
How we use information
Where applicable law requires a legal basis, we rely on bases such as performance of a contract, legitimate interests, consent, and compliance with legal obligations, depending on the context.
Provide, maintain, secure, and improve the service.
Authenticate users, manage accounts, and enforce permissions, scope boundaries, and approval controls.
Run requested workflows such as chats, automations, document generation, summaries, or connector actions.
Communicate with you about support issues, product changes, security matters, billing, and account activity.
Prevent fraud, abuse, unauthorized access, policy violations, and other harmful activity.
Comply with law, enforce our terms, and protect our users, business, and service providers.
AI systems, automation, and human review
When you ask RSTR to generate content, classify information, summarize documents, or take connector-driven actions, the data needed to complete that request may be processed by model providers, hosting vendors, or other service providers acting on our behalf.
We also may use trained staff, contractors, or controlled internal review workflows to investigate abuse, debug incidents, improve reliability, or respond to support and legal requests. We limit access to what is needed for those purposes.
We do not treat content submitted through the service as instructions that can override our security, privacy, or approval rules.
How we share information
We do not sell personal information in the ordinary meaning of that term. If a law treats a particular analytics or sharing practice differently, we will honor the rights and opt-out choices that law requires.
Service providers that help us deliver hosting, analytics, authentication, billing, infrastructure, customer support, communications, or security services.
Third-party services you choose to connect or use through the product, but only within the permissions and workflows you authorize.
Professional advisers, auditors, insurers, or acquirers where reasonably necessary for business operations, financing, or a corporate transaction.
Law enforcement, regulators, courts, or other third parties when we believe disclosure is required by law or necessary to protect rights, safety, property, or the integrity of the service.
Security
We use technical, organizational, and contractual safeguards designed to protect personal information. Those measures include access controls, scoped permissions, encrypted credential handling, operational logging, and other security practices that fit the sensitivity of the data and the nature of the system.
No service is perfectly secure. You should also protect your account by keeping your email account secure, using trusted devices, and notifying us promptly if you suspect unauthorized access.
Cookies and similar technologies
We use cookies, local storage, and similar technologies for sign-in, security, reliability, preferences, analytics, and related service functions. You can read more in our Cookie Policy.
Retention
We keep account, project, and connector data for as long as the account or project remains active and as needed to provide the service.
We may retain limited records longer for security, abuse prevention, billing, tax, financial reporting, dispute resolution, or legal compliance.
When you request deletion, we will delete or de-identify information unless we are required or permitted to keep it for the reasons above.
Backups and logs may take additional time to cycle out of operational systems.
Your choices and rights
To make a privacy request, contact hello@rstrapp.com.
You can access, update, or correct some account information directly in product settings.
You can request account deletion through the app or the public deletion flow.
You can manage browser cookies and related local storage controls, subject to the limits described in our Cookie Policy.
You can opt out of non-essential marketing emails using the unsubscribe link in the message.
Depending on where you live, you may have legal rights to access, delete, correct, restrict, object to, or receive a copy of certain personal information. We may ask you to verify your identity before acting on a request.
International transfers
RSTR and our service providers may process information in countries other than your own. Where required, we use reasonable safeguards for cross-border transfers, such as contractual protections or other lawful transfer mechanisms.
Children
RSTR is not directed to children, and we do not knowingly collect personal information from children under the age at which consent is required in the relevant jurisdiction. If you believe a child has provided us personal information, contact us so we can investigate and take appropriate action.
Changes and contact
We may update this Privacy Policy from time to time. If we make material changes, we will update the effective date and provide any additional notice or consent required by law before using information in a materially different way.
Questions about privacy or data requests can be sent to hello@rstrapp.com or started through the support page at https://rstrapp.com/support.
© 2026 RSTR. All rights reserved.
RSTR can make mistakes. Review AI-generated output before acting. Nothing in the product is legal, financial, medical, or tax advice.