Privacy policy

Reqio is operated by K S Poorvik, an individual trading as Reqio, based at #786, 1st stage, 2nd cross, Sangameshwara ext., Hassan, Karnataka, India. We can be reached at support@reqio.app.

This Privacy Policy explains what data we collect when you use the Reqio dashboard or when your end users interact with a Reqio widget embedded on your site, how we use that data, and your rights.

Account data: When you sign up, we collect your name, email address, and (if you use password authentication) a hashed password. If you sign in with Google or GitHub, we receive your name and email from those providers.

Project and feature data: The projects you create, the feature requests you manage, your widget configuration, developer notes, and team member records.

End-user data (collected via the widget on your site): Anonymous identifiers (randomly generated per browser), optional email addresses and external user IDs (only if you enable the identity feature and pass them from your server), feature request text, votes, comments, page URL at time of submission, optional context strings, browser and device diagnostics (browser name/version, OS, viewport size, screen resolution, language, timezone, connection type, JS errors) — collected only when a request is submitted.

Billing and payment data: We do not store your credit or debit card details. Payment data is collected and processed by Dodo Payments. We receive from Dodo Payments a record of your subscription status, plan, and billing period.

Usage and log data: Server logs, API request timestamps, and error traces. These are used for security and operations and are retained for a limited period.

Cookies and session data: We use a session cookie to keep you signed in to the dashboard. The embeddable widget does not set cookies on the host site; it uses browser localStorage scoped to the Shadow DOM.

To provide and operate the Service: authenticating you, storing your projects and requests, powering the widget on your site.

To process payments: we pass your subscription intent to Dodo Payments and receive back subscription status.

To communicate with you: transactional emails (password reset, invitation, receipts), and product updates where you have not opted out.

To secure the Service: detecting abuse, rate limiting, and fraud prevention.

To improve the Service: aggregate, anonymised analytics on feature usage. We do not sell your data or use it to train third-party AI models.

All payment processing for Reqio subscriptions is handled by Dodo Payments, acting as the Merchant of Record and authorized reseller. When you subscribe to a paid plan, you are transacting with Dodo Payments, who collects your payment details, processes the charge, handles tax, and issues receipts.

Reqio does not receive or store your card number, bank account details, or CVV. We receive only the subscription outcome (plan, status, next billing date) from Dodo Payments.

Dodo Payments' own privacy policy governs how they handle your payment data. By subscribing, you agree to Dodo Payments' terms.

We share data with the following sub-processors only to the extent necessary to operate the Service:

Dodo Payments — payment processing and billing. Data shared: subscription intent, customer email for receipts.

Vercel — hosting and serverless compute for the dashboard and API. Data shared: all request data passing through the application.

Neon — managed PostgreSQL database. Data shared: all structured application data (accounts, projects, features, widget submissions).

Resend — transactional email. Data shared: recipient email address and email content (password resets, invitations).

We do not sell data to any third party for marketing purposes.

Account data is retained while your account is active. If you delete your account, we remove your personal data within 30 days, except where retention is required by law.

End-user data (widget submissions) is stored for as long as your account is active and the project exists. Deleting a project permanently removes its associated requests, comments, and votes.

Server logs are retained for up to 90 days.

Billing records may be retained longer where required for tax or legal compliance.

Depending on your location, you may have rights to access, correct, or delete your personal data, or to restrict or object to its processing.

To exercise any of these rights, email us at support@reqio.app. We will respond within 30 days.

If you are in the European Economic Area or United Kingdom, you also have the right to lodge a complaint with your local data protection authority.

Note: Reqio dashboard users control the data their end users submit via the widget. If an end user of your product wants to exercise their privacy rights, that request should be directed to you as the data controller for that relationship. We will assist you in honoring such requests.

The Service is not directed to children under 13, and we do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, contact us at support@reqio.app and we will delete it promptly.

Reqio is operated from India. Our sub-processors (Vercel, Neon, Resend) may store and process data in the United States or other countries. By using the Service, you acknowledge that your data may be transferred to and processed in countries whose data protection laws may differ from those in your country.

We rely on our sub-processors' own compliance frameworks (including Standard Contractual Clauses where applicable) for cross-border transfers.

We implement industry-standard security measures: TLS in transit, AES-256-GCM encryption for sensitive stored secrets, hashed passwords (bcrypt), and rate limiting on authentication endpoints.

No method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we take reasonable steps to protect your data and will notify you of a breach as required by applicable law.

We may update this Privacy Policy from time to time. Material changes will be communicated by email or by a notice in the dashboard. The "last updated" date at the top of this page always reflects the most recent revision.

Continued use of the Service after a change takes effect constitutes acceptance of the revised policy.

Privacy questions or requests can be sent to support@reqio.app.

K S Poorvik, #786, 1st stage, 2nd cross, Sangameshwara ext., Hassan, Karnataka, India.