This is a test environment
Rekindo
Get started

Privacy Policy

Last updated: February 2026

This document is only available in English.

1. Introduction

Rekindo ("we", "our", or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and protect your information when you use our Service.

Rekindo is operated by Johan van der Boog and Geert Tibosch, based in the Netherlands. We comply with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

2. Data We Collect

Account Information

When you create an account, we collect:

  • Email address
  • Name (if provided)
  • Profile photo (optional)

Business and Customer Data

When you use the Service, we process:

  • Business name and settings
  • Customer data you provide: names, email addresses, phone numbers, date of birth
  • Customer preferences: language and timezone settings
  • Event data (appointments, services, purchases)
  • Email layouts and templates
  • Images you upload for emails

Analytics Data (with consent)

If you accept analytics cookies, we may collect:

  • Pages visited and features used
  • Device type and browser information
  • General location (country/region)

3. How We Use Your Data

We use your data to:

  • Provide and maintain the Service
  • Generate personalized emails using AI
  • Manage your account and authenticate you
  • Send important service notifications
  • Improve the Service based on usage patterns (with consent)
  • Process payments for subscriptions
  • Comply with legal obligations

4. Legal Basis for Processing

We process your data based on:

  • Contract: To provide the Service you requested
  • Consent: For analytics and marketing communications
  • Legitimate interest: To improve our Service and prevent fraud
  • Legal obligation: To comply with applicable laws

5. Data Storage and Security

Your data is stored securely on servers located within the European Union. We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption of data in transit (HTTPS)
  • Secure authentication mechanisms
  • API key hashing
  • Regular security updates
  • Access controls and monitoring

6. Data Retention

We retain your data for as long as your account is active. When you delete your account:

  • Your account information is permanently deleted from Rekindo
  • All your business data and customer records are permanently deleted
  • All email history and uploaded images are permanently deleted

Payment data retained by third parties: Payment records, invoices, and billing history stored by Stripe are retained separately according to Stripe's data retention policies and legal requirements. This data is not deleted when you delete your Rekindo account, as it is required for financial compliance and record-keeping.

7. Your Rights

Under GDPR, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate personal data
  • Erasure: Delete your personal data
  • Portability: Receive your data in a portable format
  • Restriction: Limit how we process your data
  • Objection: Object to certain processing activities
  • Withdraw consent: Withdraw previously given consent at any time

To exercise these rights, please contact us at the email address below or use the relevant features in your account settings.

8. Cookies

We use cookies and similar technologies for:

  • Essential cookies: Required for the Service to function (authentication, security)
  • Analytics cookies: Help us understand how you use the Service (only with your consent)

You can manage your cookie preferences at any time through your browser settings or our cookie consent tool.

9. Third-Party Services

We use the following third-party services:

  • AI providers (OpenAI, Anthropic): For generating personalized email content
  • Email providers (Amazon SES): For sending emails on your behalf
  • Payment processors (Stripe): For handling payments securely
  • Cloud infrastructure (AWS, Cloudflare): For storing and serving your data

These services have their own privacy policies. We only share the minimum data necessary for them to provide their services.

10. Data Shared with AI Providers

To generate personalized emails, we share certain customer data with AI providers (such as OpenAI and Anthropic). This data is provided by our clients (businesses using Rekindo) who have accepted this Privacy Policy and are responsible for ensuring they have appropriate consent from their customers. We are transparent about what data is and is not shared:

Data we DO share with AI providers (when provided by our clients):

  • Customer first name and last name
  • Age (calculated from birth date, if provided)
  • Customer language and timezone preferences
  • Event details (type of service, appointment details, staff name if provided)
  • Previous email history (subjects, whether emails were opened or clicked)
  • Business name and context
  • Email template instructions and tone preferences

Data we do NOT share with AI providers:

  • Customer email addresses
  • Phone numbers
  • Physical addresses
  • Payment or financial information
  • Full birth dates (only age is derived)

AI providers process this data solely to generate email content. We use API endpoints that do not use customer data for model training, in accordance with the providers' API terms of service.

11. Data Shared with Payment Processors (Stripe)

We use Stripe to process payments. When you subscribe, the following data is shared with Stripe:

  • Your email address (for receipts and payment notifications)
  • Organisation name (for invoice display)
  • Payment method details (card number, expiry, CVC - entered directly on Stripe's secure checkout)
  • Invoice history and payment amounts

Any additional information you enter during checkout (such as billing address) is collected directly by Stripe and stored on their systems.

Stripe processes this data according to their Privacy Policy. We do not store your full payment card details on our servers.

12. Data Shared with Email Providers (Amazon SES)

We use Amazon Simple Email Service (SES) to send emails on your behalf. The following data is shared with Amazon SES:

  • Recipient email address (your customer's email)
  • Sender email address (your configured brand email)
  • Email content (subject, body text including customer name in greeting)

Amazon SES processes this data according to the AWS Privacy Policy. Email delivery data (opens, clicks, bounces) is returned to us for tracking purposes.

13. Data Shared with Analytics (Google Tag Manager)

With your consent, we use Google Tag Manager (GTM) for analytics. The following data may be collected:

  • Pages viewed and navigation patterns
  • Button clicks and feature usage
  • Device type, browser, and operating system
  • Approximate location (country/region based on IP)
  • Referrer information (how you found us)
  • Session duration and engagement metrics

Data we do NOT share with Google:

  • Your name or email address
  • Customer data or business information
  • Payment information
  • Any personally identifiable information (PII)

Analytics data is anonymized and used solely to improve the Service. You can opt out of analytics at any time through our cookie consent tool or browser settings. Google processes this data according to their Privacy Policy.

14. Image Storage and Processing (AWS, Cloudflare)

When you upload images (such as email headers, logos, or profile photos), we use cloud services to securely store and process them:

  • Processing (AWS): Images are temporarily uploaded to AWS where they are compressed, resized, and scanned for inappropriate content (NSFW detection)
  • Storage (Cloudflare R2): Processed images are permanently stored on Cloudflare R2 and served via their global CDN

Content moderation is fully automated and no human reviews your images. Images that do not pass moderation are rejected and not stored. Temporary files on AWS are automatically deleted after processing.

Images are deleted when you delete them from your account or when you delete your account entirely.

AWS processes data according to their Privacy Policy. Cloudflare processes data according to their Privacy Policy.

15. International Data Transfers

Some of our third-party service providers are based outside the European Economic Area (EEA). When we transfer your data outside the EEA, we ensure appropriate safeguards are in place:

  • AI providers (OpenAI, Anthropic): Based in the United States. Data transfers are covered by their commitment to Standard Contractual Clauses (SCCs) and their data processing agreements.
  • Stripe: Based in the United States. Stripe is certified under the EU-U.S. Data Privacy Framework and uses Standard Contractual Clauses.
  • Amazon Web Services: We use EU regions where possible. AWS offers Standard Contractual Clauses for international transfers.
  • Cloudflare: Global CDN with data centers worldwide. Cloudflare uses Standard Contractual Clauses and is certified under the EU-U.S. Data Privacy Framework.

By using the Service, you acknowledge that your data may be transferred to and processed in countries outside the EEA, subject to these safeguards.

16. Automated Decision-Making

We use automated processing in the following ways:

  • Email content generation: AI automatically generates email content based on customer and event data. You can review and edit all generated content before sending.
  • Content moderation: Uploaded images are automatically scanned for inappropriate content (NSFW detection). Images that do not pass moderation are automatically rejected. This is a fully automated process with no human review.

These automated processes do not produce legal or similarly significant effects on individuals. If you have concerns about automated processing, please contact us.

17. Children's Privacy

The Service is intended for business use and is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

18. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on the Service or by email. The "Last updated" date at the top indicates when the policy was last revised.

19. Contact Us

If you have any questions about this Privacy Policy or want to exercise your rights, please contact us:

Email: hello@rekindo.com

Data Controller: Johan van der Boog and Geert Tibosch

Location: Netherlands

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe your rights have been violated.

← Back to home

We value your privacy

We use cookies to improve your experience and analyze site traffic. By clicking Accept, you consent to our use of cookies.

Cookie Preferences

Essential

Required for the site to work

 Always on

Analytics

Help us improve the site

Marketing

Personalized ads