Privacy Policy
This Privacy Policy explains how we collect, use, and protect your data when you use our products. Last updated April 24, 2026.
Introduction
This Privacy Policy describes how Edirq Inc. ("Edirq," "we," "us," or "our") processes personal data in connection with the Re mobile application and any related services (collectively, the "Service"). It is intended to satisfy transparency obligations imposed by California's CCPA and CPRA, India's Digital Personal Data Protection Act 2023 (DPDPA) and DPDP Rules 2025, and other applicable data protection laws.
As we expand to new markets (including the EU/EEA, UK, and Japan), this policy will be supplemented by region-specific notices. Rights under those laws apply only to users in those respective jurisdictions once Re is available there.
Identity and Contact Details
Data Controller (worldwide): Edirq Inc., 3031 Tisch Way, 110 Plaza West, San Jose, CA 95128, USA — privacy@edirq.com
Grievance Officer (India — DPDPA Section 13): Kazuki Hayashi, Founder & CEO, Edirq Inc. — privacy@edirq.com. Acknowledgment within 48 hours; substantive response within 30 days.
Data Protection Officer: Not currently mandatory — our core activities do not consist of large-scale systematic monitoring or large-scale processing of special categories of data. This assessment is reviewed annually. Contact: privacy@edirq.com.
Note on EU/EEA and UK: Re is not currently available in the EU, EEA, or UK. When we launch in those regions, we will designate a GDPR Article 27 EU representative, appoint a UK representative, and update this policy before becoming accessible to users in those jurisdictions.
Age Requirement and Eligibility
Re is an 18-and-over platform. We do not knowingly collect or process personal data from individuals under 18. If we become aware that a user under 18 has registered, we will immediately suspend the account and delete all associated personal data.
In certain regions, age-group classification may follow academic-year cutoff systems to better align users with peers at similar life stages. This processing is carried out on the basis of our legitimate interests in providing meaningful peer connections. You may challenge this by contacting privacy@edirq.com.
Personal Data We Collect and Why
3.1 Account Information
Birth year range, country, and state at registration. A year range rather than exact date of birth minimises personal data held.
Purpose: Account creation, eligibility verification, age-group matching.
Legal basis: Performance of a contract; express consent (DPDPA).
Purpose: Account creation, eligibility verification, age-group matching.
Legal basis: Performance of a contract; express consent (DPDPA).
3.2 Authentication via Third-Party Login
If you register using Sign in with Apple or Sign in with Google, we receive your name and email as authorised by you.
Purpose: Account creation and authentication.
Legal basis: Performance of a contract; express consent (DPDPA).
Purpose: Account creation and authentication.
Legal basis: Performance of a contract; express consent (DPDPA).
3.3 User Content
Posts, comments, messages, profile information, photos, videos, stories, and in-app survey responses.
Purpose: Core Service operation; product improvement.
Legal basis: Performance of a contract; legitimate interests for feedback surveys; express consent (DPDPA).
Purpose: Core Service operation; product improvement.
Legal basis: Performance of a contract; legitimate interests for feedback surveys; express consent (DPDPA).
3.4 Device and Usage Data
IP address, persistent device identifiers (e.g., IDFA, Android Advertising ID), device model, OS version, local storage data, and app usage data.
Purpose: Security, fraud prevention, Service operation and stability.
Legal basis: Legitimate interests; express consent (DPDPA).
Purpose: Security, fraud prevention, Service operation and stability.
Legal basis: Legitimate interests; express consent (DPDPA).
3.5 Analytics Data
We use PostHog for product analytics under a Data Processing Agreement. PostHog automatically collects: OS name/version, device manufacturer/name/type, screen dimensions, app build number, locale, timezone; a persistent anonymous device-level identifier (pre-login) and your user ID (post-login); approximate city/country location derived from IP via GeoIP (precise GPS location is never collected); standard app lifecycle events; and voluntary in-app survey responses.
Purpose: Product analytics and Service improvement.
Legal basis: Your consent; express consent (DPDPA). Withdraw at any time via Settings > Privacy > Data Collection.
Purpose: Product analytics and Service improvement.
Legal basis: Your consent; express consent (DPDPA). Withdraw at any time via Settings > Privacy > Data Collection.
3.6 SMS Communications
If you provide your phone number, we may send SMS for account authentication (OTP) only. We do not send promotional SMS. Reply STOP to opt out; reply HELP for help. Standard message and data rates may apply.
3.7 Special Categories of Data
We do not intentionally collect special category data. If you voluntarily include such information in posts or your profile, we do not use it for profiling or targeted processing.
How We Use Personal Data
We use personal data to:
- Verify eligibility and enforce the age requirement.
- Create and administer your account.
- Operate, maintain, personalise, and improve the Service.
- Match users with peers at similar life stages.
- Detect and prevent fraud, abuse, and security threats.
- Respond to enquiries and support requests.
- Send service-related communications.
- Comply with legal obligations.
Advertising: We do not currently run advertising on Re. If we introduce advertising, we will update this Policy, provide at least 30 days' advance notice, and obtain any required consent.
AI Training: We do not use the content of private messages to train AI models.
AI Training: We do not use the content of private messages to train AI models.
Your Consent and How to Manage It
- 5.1 Consent at Signup: Before creating your account you will be shown an unchecked checkbox: "By registering, you agree to Re's Terms of Use and Privacy Policy, including the collection of app usage data and device information for analytics purposes." Registration cannot be completed without actively checking this box. We record the timestamp, policy version, language, and scope of your consent.
- 5.2 Withdrawing Consent: Withdraw analytics consent at any time via Settings > Privacy > Data Collection. Withdrawal does not affect the lawfulness of prior processing.
- 5.3 Do Not Sell or Share (US Users): We do not sell or share personal information for cross-context behavioural advertising. Exercise this right via Settings > Privacy > "Do Not Sell or Share My Personal Information" or email privacy@edirq.com. We honour Global Privacy Control (GPC) signals automatically.
- 5.4 Sensitive Personal Information (California / CPRA): California residents may direct us to limit use of sensitive personal information. Contact privacy@edirq.com or use Settings > Privacy.
- 5.5 Consent Records: We maintain a consent record for each user comprising: date/time; policy version; language; and specific purposes consented to. Retained for three years from consent or withdrawal, whichever is later.
Sharing and Disclosure of Personal Data
We do not sell your personal data to any third party. We may disclose your personal data to: service providers and sub-processors under written Data Processing Agreements; competent authorities, courts, or regulators where required by law; and a successor entity in the event of a merger or acquisition (with notice before transfer under materially different terms).
6.1 Sub-Processors
| Sub-Processor | Purpose | Data Processed | Location |
|---|---|---|---|
| Supabase | Database and backend infrastructure | Account data, user content, app data | United States |
| Cloudflare R2 | Media storage | Photos, videos, and other media files | United States / Global CDN |
| Railway | Server hosting and deployment | App traffic, server logs | United States |
| PostHog | Product analytics | Usage events, device info, IP-derived location | United States / EU |
We will update this table when sub-processors are added or changed.
International Data Transfers
Edirq is based in the United States. Your information is processed and stored on servers located in the United States or as described in the sub-processor table above.
India: Personal data transferred to PostHog's US/EU servers is covered by the DPDPA's cross-border transfer framework under a Data Processing Agreement. We will update practices in line with any transfer restrictions as DPDPA Stage 3 obligations take effect (expected May 13, 2027).
EU/EEA and UK (future): We will implement Standard Contractual Clauses or other appropriate transfer mechanisms before processing EU or UK personal data.
Data Retention
| Data Type | Retention Period |
|---|---|
| Account and profile data | Until account deletion or closure |
| User content (posts, messages) | Until account deletion |
| Analytics events | 12 months |
| Session data | 3 months |
| Crash and diagnostic data | 6 months |
| Consent records | 3 years from consent or withdrawal |
| Data subject to legal hold | Duration of legal obligation |
When data is no longer required, it is securely deleted or irreversibly anonymised.
How to Delete Your Account and Data
You may delete your account and all associated personal data via any of:
- Web form (recommended): Visit join-re.com/delete-account, enter your registered email or phone number, and verify via OTP. Works for all account types including Google/Apple.
- In-app: Go to Settings > Account > Delete My Account. Confirm when prompted. Deletion begins immediately.
- By email: Send a request to privacy@edirq.com with the subject line "Account Deletion Request."
Deletion covers all account data, profile information, posts, messages, analytics identifiers, and other personal data. Residual copies in encrypted backups will be purged within 30 days. We will process deletion requests within 7 days of identity verification.
Automated Decision-Making and Profiling
We use automated systems for content recommendations, content moderation, and fraud detection. None currently produce decisions with a legal or similarly significant effect. Contact privacy@edirq.com to request human review if you believe an automated decision has materially affected you.
We do not use the content of private messages to train AI models.
Security and Data Breach Notification
We implement administrative, technical, and organisational safeguards including encryption in transit (TLS) and at rest, access controls, and vendor security assessments. In the event of a personal data breach, we will notify affected users and relevant authorities within the timeframes required by applicable law.
To report a suspected security vulnerability, contact security@edirq.com.
To report a suspected security vulnerability, contact security@edirq.com.
Your Privacy Rights
12.1 California (CCPA / CPRA)
California residents have the right to: Know, Access, Delete, Correct, Opt out of sale/sharing, Limit use of sensitive personal information, and Non-discrimination. Email privacy@edirq.com or use in-app privacy settings. We will acknowledge within 10 business days and respond within 45 calendar days (extendable by 45 days with notice).
12.2 Other US States
Users in Virginia, Colorado, Connecticut, Texas, and other states with enacted privacy laws may have similar rights. Same contact and process applies: privacy@edirq.com.
12.3 India (DPDPA 2023 and DPDP Rules 2025)
Edirq Inc. acts as a Data Fiduciary. You have the right to: Access, Correct, Erase (processed within 7 days), and Withdraw consent. Multi-language consent is available in English and Hindi; contact privacy@edirq.com for other Scheduled languages (response within 7 business days). Unsatisfied users may escalate to the Data Protection Board of India when operational.
12.4 EU / EEA / UK (GDPR) — Future Markets
This section will be updated to reflect full GDPR and UK GDPR rights before we launch in those regions.
12.5 Japan (APPI) — Future Markets
This section will be updated to reflect APPI rights before we launch in Japan.
App Store Compliance
Re is distributed via the Apple App Store and Google Play Store. Apple and Google are not parties to this Privacy Policy. We comply with applicable app store review guidelines including data safety disclosures, privacy nutrition labels, and user-generated content moderation policies.
Children's Privacy
The Service is not directed to children under 18. We do not knowingly collect personal data from anyone under 18. Contact privacy@edirq.com immediately if you believe we have inadvertently collected data from a minor.
Changes to This Policy
We will notify you by in-app message or email at least 14 days before material changes take effect. Where changes require renewed consent, we will obtain it before the changes take effect.
Governing Law
This Privacy Policy is governed by the laws of the State of California, USA, without prejudice to any mandatory rights under the laws of your country of residence.
Contact
General enquiries: info@edirq.com
Privacy and data protection requests: privacy@edirq.com
Security vulnerabilities: security@edirq.com
India grievances (DPDPA — Kazuki Hayashi): privacy@edirq.com
Edirq Inc.
3031 Tisch Way,
110 Plaza West San Jose,
CA 95128
Download App
Your generation is here.
Are you?
Download the app and join them.
