This Privacy Policy explains how Reer, Inc. ("Reer," "we," "us," or "our") collects, uses, and protects information when you use our website at reer.co (the "Site") and the Reer plug-in software (the "Software"). Together, the Site and Software are referred to as the "Services."

‍

By using our Services, you agree to the practices described in this Privacy Policy.

‍

‍

1. Information We Collect

‍

Information you provide directly:

• Account registration details (name, email address, company/firm name)
• Communications with our team (support requests, beta feedback, survey responses)
• Billing information (processed by our payment provider; we do not store card details)

Information collected automatically through the Software:

• Commands and prompts entered into the Reer AI agent
• CAD model context used to generate AI responses, which may include metadata such as layer names, object types, parameter names, and geometry descriptions — but not the full geometry or file content unless explicitly required by a feature
• Software version, plug-in configuration, and host application version (e.g., Rhino version)
• Feature usage telemetry (which tools are used, session duration, error logs)

Information collected through the Site:

• IP address, browser type, operating system, and referring URLs
• Pages visited and time spent on the Site
• Cookie and tracking data (see Section 6)

‍

‍

2. How We Use Your Information

‍

We use your information only for the purposes described below. For EEA and UK users, each purpose is matched to a lawful basis under GDPR.

To provide and operate the Services — processing commands, returning AI-generated responses, managing your account, and delivering the plug-in functionality you request. Lawful basis: performance of a contract.

To communicate with you — responding to support requests, sending product updates, release notes, and beta program communications. You may opt out of non-essential communications at any time. Lawful basis: legitimate interests (support and operations); consent (marketing communications).

To improve the product — analyzing aggregated and anonymized usage patterns to prioritize development, fix bugs, and improve AI response quality. We do not use personally identifiable data or your specific project files for this purpose without your explicit consent. Lawful basis: legitimate interests.

To ensure security and prevent abuse — monitoring for unauthorized access, fraud, and violations of our Terms of Service. Lawful basis: legitimate interests; legal obligation.

To comply with legal obligations — retaining records as required by applicable law, responding to lawful requests from authorities, and enforcing our agreements. Lawful basis: legal obligation; legitimate interests.

We will not use your information for any purpose materially different from those listed above without first notifying you and, where required, obtaining your consent. We do not sell your personal information to third parties, and we do not use it for automated decision-making that produces legal or similarly significant effects on you.

‍

‍

3. AI Processing and Your Design Data

‍

When you use Reer's AI features, portions of your active CAD session context are sent to Reer's servers (or third-party AI model providers) to generate responses. This may include structured descriptions or metadata about your model. We take the following measures to protect your design data:

‍

We do not claim ownership over your design files, geometry, or intellectual property. We do not use your specific project data to train our AI models without your explicit consent. Transmitted data is encrypted in transit (TLS 1.2 or higher) and at rest using industry-standard encryption. We retain session data for a limited period (currently [30/90] days) unless required for troubleshooting, legal compliance, or as otherwise described in this Policy.

We may use aggregated and anonymized usage data — with no personally identifiable or project-identifiable information — for model improvement purposes.

‍

For EEA and UK users: The transfer of your data to AI model providers or cloud infrastructure located outside the EEA is governed by appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent transfer mechanisms under UK law. You may request further information about these safeguards by contacting hello@reer.co.

‍

‍

4. How We Share Information

‍

We may share your information with:

• Service providers who assist in operating the Services (cloud hosting, analytics, email delivery, payment processing), under data processing agreements that restrict their use of your data
• AI model providers as necessary to process your in-Software queries (e.g., requests to large language model APIs). These providers are contractually bound to data confidentiality obligations
• Legal and regulatory authorities when required by law, court order, or to protect the rights, property, or safety of Reer or others
• Business successors in the event of a merger, acquisition, or sale of assets, with notice provided to you

‍

‍

5. Data Retention

‍

We retain personal information for as long as your account is active or as needed to provide Services, plus a reasonable period thereafter for legal and business purposes. You may request deletion of your account and associated data by contacting us at hello@reer.co.

‍

‍

6. Cookies and Tracking

‍

Our Site currently uses only strictly necessary cookies — small text files required for the Site to function, such as session and authentication cookies. We do not use analytics, advertising, or any other non-essential cookies at this time. No cookie consent is required for strictly necessary cookies under applicable law.

If we introduce non-essential cookies in the future, we will update this Policy and implement an appropriate consent mechanism before doing so.
‍

‍

7. Your Rights and Choices

‍

Depending on your location, you have the following rights regarding your personal data. To exercise any of these rights, contact us at hello@reer.co. We will respond within 30 days.

‍

All users: You may unsubscribe from marketing communications at any time using the link in any email we send.

EEA and UK users (GDPR / UK GDPR): You have the right to access a copy of your personal data; to correct inaccurate data; to request erasure of your data where there is no overriding legal reason for us to retain it; to restrict or object to our processing of your data; and to receive your data in a portable format. You also have the right to lodge a complaint with your local supervisory authority (e.g., your national Data Protection Authority, or the ICO in the UK).

‍

Our lawful bases for processing are: performance of a contract (to provide the Services); legitimate interests (to improve the product and ensure security, where these are not overridden by your interests); and consent (for non-essential cookies and marketing communications).

‍

California residents (CCPA): You have the right to know what personal information we collect, to request deletion, and to opt out of the sale of personal information. We do not sell personal information.

‍

‍

8. Data Security

‍

We implement technical and organizational measures appropriate to the risk level of the data we process. These include:

‍

In transit: All data transmitted between your device and our servers, and between our servers and third-party AI model providers, is encrypted using TLS 1.2 or higher.

At rest: Personal data and CAD session data stored on our servers is encrypted at rest using AES-256 or equivalent industry-standard encryption.

Access controls: Access to personal data is restricted to Reer employees and contractors who need it to perform their job functions. All staff with access to personal data are subject to confidentiality obligations.

Subprocessor security: We contractually require all third-party service providers who process personal data on our behalf to maintain security standards appropriate to the sensitivity of the data.

Vulnerability management: We conduct periodic security reviews of our infrastructure and apply security patches promptly. We maintain an internal process for identifying and responding to security vulnerabilities.

Incident response: In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of it, as required under GDPR. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.

While we maintain these safeguards, no system is completely secure. We cannot guarantee absolute security of data transmitted over the internet or stored on our systems. If you become aware of any security vulnerability or incident involving our Services, please notify us promptly at hello@reer.co.

‍

‍

9. Children's Privacy

‍

Our Services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us and we will promptly delete it.

‍

‍

10. Changes to This Policy

‍

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email or a prominent notice in the Software or on the Site. The "Last Updated" date at the top indicates when the most recent version took effect.

‍

‍

11. Contact Us

For privacy-related questions or requests:

hello@reer.co