Privacy Policy
Effective date: June 5, 2026 · Last updated: June 5, 2026
1. Who We Are
Rejog ("we," "us," "our") operates rejogapp.com and the Rejog follow-up CRM service. Contact us at privacy@rejogapp.com with any privacy questions.
2. What Data We Collect
Account data
- Email address
- Full name (optional)
- Profile photo URL (Google OAuth only)
- Password hash (email/password signup — never stored in plain text)
Workspace and usage data
- Workspace name and sender identity (sender name, sender email, reply-to email)
- Follow-up emails you compose and send through Rejog
- Contact and lead data you import or create (names, emails, companies, phone numbers, notes)
- Delivery events for emails sent through Rejog (sent, delivered, opened, clicked, bounced, complained)
- Activity logs (follow-ups sent, AI generations used, imports run)
- Billing and subscription status
Technical data
- IP address and browser/device information (collected by our infrastructure provider)
- Session tokens (stored as SHA-256 hashes — never the raw token)
Waitlist data
If you joined the waitlist before signup, we collected your email address and optional plan interest.
3. How We Use Your Data
| Purpose | Legal basis |
|---|---|
| Deliver the service (auth, email sending, contact management) | Contract performance |
| Enforce plan limits and billing | Contract performance |
| Send transactional emails (verification, password reset, invite, billing alerts) | Contract performance |
| Detect and prevent abuse, spam, and compliance violations | Legitimate interest |
| Improve the service | Legitimate interest |
| Respond to support requests | Legitimate interest |
| Comply with legal obligations | Legal obligation |
We do not sell your data. We do not use your data or your contacts' data to train AI models.
4. Your Contacts' Data
When you import leads or contacts into Rejog, you become the data controller for that contact data. Rejog acts as a data processor on your behalf.
You are responsible for:
- Having a lawful basis to store and email your contacts
- Honoring unsubscribe requests (Rejog enforces this automatically via the suppression list)
- Complying with applicable laws (CAN-SPAM, GDPR, CASL, etc.) for your outbound emails
Rejog's built-in compliance features:
- Every outbound email includes a mandatory unsubscribe link
- Unsubscribes are honored immediately and permanently via the suppression list
- Hard bounces and spam complaints suppress future sends automatically
- Contact data supports soft delete and GDPR erasure workflows
5. Third-Party Services
We share data with the following processors to deliver the service:
| Provider | Purpose | Data shared |
|---|---|---|
| Supabase | Database and infrastructure | All application data |
| Resend | Transactional and follow-up email delivery | Sender details, recipient email, subject, body |
| Stripe / PayPal / Paddle | Payment processing | Email, billing details |
| Anthropic | AI-powered email draft generation | Email content you request AI assistance for |
| Inngest | Background job processing | Event data for scheduled follow-ups and workflows |
| OAuth authentication | OAuth token (no Google account data stored beyond email and name) | |
| Vercel | Hosting and CDN | Request logs, IP addresses |
We do not share your data with advertising networks or data brokers.
6. Data Retention
| Data type | Retention |
|---|---|
| Account data | Until account deletion + 30 days |
| Contact and follow-up data | Until workspace deletion + 30 days |
| Suppression list entries | Indefinitely (required for compliance) |
| Activity logs | 12 months rolling |
| Billing records | 7 years (legal/tax requirement) |
| Waitlist emails | Until signup or explicit deletion request |
7. Your Rights
Depending on your location, you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Delete your account and associated data
- Export your data
- Object to certain processing
- Withdraw consent where processing is based on consent
To exercise any of these rights, email privacy@rejogapp.com. We will respond within 30 days.
Note: Suppression list entries (unsubscribes, bounces, complaints) are retained even after account deletion to prevent accidental re-contact of opted-out individuals.
8. Cookies and Tracking
Rejog uses only functional cookies necessary to maintain your session. We do not use advertising or tracking cookies.
Follow-up emails sent through Rejog may include open and click tracking pixels. This is disclosed to recipients via the email footer. You can disable tracking per follow-up in send settings.
9. Security
- All data encrypted in transit (TLS 1.2+)
- Passwords stored as bcrypt hashes
- Session tokens stored as SHA-256 hashes
- Database credentials isolated per environment
- Tenant data strictly isolated by workspace ID
- Webhook signatures verified on all inbound webhooks
10. International Transfers
Rejog's infrastructure is hosted on AWS (via Supabase and Vercel). Data may be processed in the United States or other jurisdictions. We rely on standard contractual clauses and the data processing agreements of our sub-processors for international transfers.
11. Children
Rejog is not directed at children under 16. We do not knowingly collect data from anyone under 16. If you believe we have collected such data, contact us and we will delete it.
12. Changes to This Policy
We will notify you of material changes via email to your registered address and by updating the "Last updated" date at the top of this page. Continued use of the service after the effective date constitutes acceptance.
13. Contact
Email: privacy@rejogapp.com