Privacy Policy
Effective May 20, 2026 | Resh Consultancy LLC, Dallas, Texas
The short version: We do not sell your data. We do not store your phone number. When you verify your identity, your phone number is hashed and the original is discarded immediately. We store the minimum required to run the service. That is the design — not a promise.
1. Who This Applies To
This policy applies to all users of R.ai at resh-ai.com, operated by Resh Consultancy LLC, Dallas, Texas.
2. What We Collect
We collect only what is necessary to operate the service:
- Phone hash — when you create an account, your phone number is verified via OTP, then hashed using SHA-256. The original number is discarded immediately. We store only the hash.
- Conversation history — if you have an account, your conversation history is stored in our database so you can access it across sessions. You can delete any or all of it at any time.
- Usage counts — we track how many messages you send per day, week, and month to enforce tier limits.
- Billing information — if you subscribe to a paid tier, billing is handled by Stripe. We store your Stripe customer ID and subscription status. We never see or store your full card number.
- Uploaded files — files you upload are processed in your browser or in the active session only. File contents are not stored on our servers after the session ends.
3. What We Do Not Collect
- Your raw phone number — it is discarded after hashing
- Your name, address, or government ID
- Biometric data of any kind
- Your location
- Browsing history outside of R.ai
- Any data from third-party sources
4. How We Use Your Data
- To operate and improve R.ai
- To enforce usage limits by tier
- To manage your subscription and billing
- To store and retrieve your conversation history
We do not sell your data. We do not share your data with advertisers. We do not use your data to train AI models.
5. Data Storage and Security
Your data is stored in Supabase, a PostgreSQL-based cloud database hosted in the United States. Row-level security is enabled on all tables. API keys are stored in encrypted server files with strict access controls. Redis session data expires after two hours of inactivity.
6. Your Rights
You have the right to:
- Delete your conversation history at any time from within R.ai
- Request deletion of your account and all associated data by emailing support@resh-ai.com
- Access a summary of what data we hold about you by emailing support@resh-ai.com
We will respond to data requests within 30 days.
7. Children
R.ai is not intended for users under the age of 13. We do not knowingly collect data from children under 13. If you believe a child has created an account, contact us at support@resh-ai.com.
8. Changes to This Policy
We may update this policy from time to time. We will post the updated policy at resh-ai.com/privacy with a new effective date. Continued use of R.ai after changes are posted constitutes acceptance.
9. Contact