Privacy Policy

1. What We Collect

Account information: When you register, we collect your name, email address, and a hashed password. If you sign in with Google, we receive your name and email address from Google.

Session metadata: When you use Rellio to write, we collect writing timing patterns (inter-keystroke intervals, session duration), session identifiers, and cryptographic hash records. We do not collect or store the characters you type, the content of your document, clipboard contents, or screenshots.

Technical data: We collect standard server log data including IP addresses (hashed for audit logs), browser type, and access timestamps. We may collect approximate location data (country and city) derived from your IP address at signup for fraud prevention purposes.

Analytics: We use privacy-focused analytics to understand how the Service is used. Analytics data does not include personally identifiable information.

2. What We Never Collect

• The text, content, or drafts of your documents
• Typed characters or keystrokes
• Screen recordings or screenshots
• Browser history or other website activity
• Clipboard contents
• Biometric data

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Generate and issue authorship certificates
• Authenticate you and protect your account
• Detect and prevent fraud and abuse
• Send transactional emails (account creation, password reset)
• Comply with legal obligations

We do not sell your personal information to third parties. We do not use your data for advertising.

4. Data Storage and Security

Session metadata and certificates are stored in an encrypted database. Passwords are stored securely and never in plaintext. Authentication tokens are short-lived and stored using industry-standard secure methods. We use HTTPS for all data in transit.

Your writing session data is processed in your browser and only the derived proof metadata (not your text) is transmitted to our servers.

5. Data Retention

We retain your account data and session metadata for as long as your account is active. You may request deletion of your account and associated data at any time by contacting privacy@rellio.app. Issued certificates that have been publicly shared may remain verifiable after account deletion.

6. Third-Party Services

We use a limited set of third-party services to operate Rellio:

• Google Sign In: Optional. If you use Google Sign In, your name and email are shared with us under Google's Privacy Policy.
• Email provider: Used to send transactional emails (welcome, password reset). Email addresses are shared only as needed to deliver messages.
• Analytics: Privacy-focused, GDPR-compliant analytics with no third-party advertising.

7. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, port, or delete your personal data. To exercise these rights, contact us at privacy@rellio.app. We will respond within 30 days.

8. Cookies

We use strictly necessary HttpOnly cookies to maintain your authentication session. These cookies cannot be accessed by JavaScript and are not used for tracking or advertising. We do not use third-party tracking cookies.

9. Children

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes by email at least 14 days in advance. Continued use of the Service after changes take effect constitutes your acceptance of the revised policy.

11. Contact

Questions or concerns about this Privacy Policy should be directed to privacy@rellio.app.