Privacy Policy
Effective date: March 30, 2026 · Last updated: July 11, 2026
1. Introduction
Reinx, Inc. (“Reinx,” “we,” “us,” or “our”) operates the Reinx platform at reinx.ai and app.reinx.ai, including our web dashboard, APIs, MCP servers, and related services (“Services”). Native mobile apps and virtual cards are planned but are not currently active. Reinx is a fintech platform where humans create and manage agent wallets with spending limits, real-time controls, expense tracking, and analytics.
This Privacy Policy describes how we collect, use, disclose, store, and protect your information. By using our Services, you acknowledge that you have read and understood this Privacy Policy.
2. Information we collect
2.1 Information you provide
- Account information: Name, email, phone number, password, company/organisation name.
- Identity verification (KYC/KYB): Government-issued ID numbers (SSN, EIN), date of birth, address, and other verification data collected through Dakota and its verification providers.
- Financial information: Bank-account and transaction information needed for supported funding and withdrawal methods, processed by Dakota or its providers, plus subscription billing information processed by Stripe. We do not store complete bank-login or payment-card credentials.
- Agent configuration: Agent names, spending limits, merchant restrictions, budget rules, approval thresholds, project/team assignments.
- Communications: Support messages, feedback, and attachments.
- Transaction instructions: Agent transaction details including amount, recipient, chain, purpose, and reason metadata.
2.2 Information collected automatically
- Usage data: IP address, browser type, OS, device type, pages visited, actions, referring URLs, timestamps.
- Device information: Device identifiers, screen resolution, language, carrier info.
- Transaction data: Current wallet activity, including amount, recipient, chain, asset, purpose, timestamp, approval state, and transaction status. If virtual cards are activated, card-specific merchant and category data may also be collected as described in updated provider terms.
- Agent activity data: Spending velocity, budget utilization, approval activity, denial feedback, and agent status. Agent Health Score is planned and is not currently calculated.
- Location data: General location (city, state, country) from IP address for fraud prevention. No precise GPS.
- Cookies: See Section 8 for details.
2.3 Information from third parties
- Payment processors: Wallet transaction confirmations, funding and withdrawal status, and risk signals from Dakota and other providers used for the selected payment method.
- Identity verification: Verification results and risk assessments from Dakota and its verification providers.
- Blockchain data: Publicly available on-chain data for agent wallets (EVM and Solana).
- Authentication providers: Basic profile info from OAuth providers (Google, GitHub).
- Analytics: Aggregated/de-identified data from PostHog and similar services.
3. How we use your information
3.1 Providing Services
- Creating/maintaining accounts and agent accounts
- Processing wallet transactions and, if activated, card transactions
- Enforcing spending limits and policies in Reinx's server-side control plane
- Processing account funding, withdrawals, and stablecoin conversions
- Generating scoped API tokens for agent MCP integration
- Preparing or evaluating future Agent Health Score functionality if activated
- Delivering dashboard updates, notifications, and approval requests
3.2 Security and fraud prevention
- Detecting and preventing fraud and unauthorised transactions
- Monitoring transaction velocity and anomaly detection
- Enforcing six layers of platform security
- Verifying identity and preventing unauthorised account access
3.3 Improvement
- Analysing usage to improve features and UX
- Improving AI copilot and onboarding
- Developing new products and features
3.4 Communications
- Transactional notifications (approvals, denials, alerts)
- Push, email, or SMS for approval requests
- Support responses and marketing (with consent where required)
3.5 Legal compliance
- Complying with AML, KYC, tax, and other regulations
- Enforcing Terms of Service
- Responding to lawful government/law enforcement requests
4. How we share your information
We do not sell your personal information. We share information only as follows:
4.1 Service providers
- Stripe: Subscription billing. If virtual cards are activated, the applicable issuing provider and its data practices will be disclosed before use.
- Dakota:Agent crypto wallets, USD on-ramp/off-ramp, stablecoin conversion, and KYC/KYB onboarding (a FinCEN-registered Money Services Business). Wallets are non-custodial: Reinx holds the ECDSA P-256 signing keys; you can revoke Reinx’s signing authority at any time.
- Clerk: User authentication, session management, and organization management.
- Neon: Serverless PostgreSQL database. Real-time updates are delivered via Server-Sent Events from our backend (no third-party realtime service).
- AWS: Backend hosting (ECS Fargate), rate limiting (DynamoDB), monitoring (CloudWatch).
- Communications: Firebase (push), Resend (email), Cloudflare (DNS/CDN/security).
- Analytics: PostHog US Cloud for consented marketing analytics and client exception capture; Sentry for dashboard error tracking.
- AI providers: OpenAI generates Reinx Assistant responses using the GPT-5 model family. Inputs are normalized and gated locally; the generated response is sent to OpenAI's moderation service before display. When you use the Assistant, your message and the dashboard data it reads on your behalf (such as agent, transaction, and spending information) are sent to OpenAI to generate a response. A Google Gemini integration is retained as inactive configuration and does not receive Assistant data while inactive. Our Assistant runtime is self-hosted and is not routed through a third-party copilot cloud. See our AI and Automated Systems Disclosure for details.
4.2 Legal disclosures
We may disclose information to comply with law, enforce our Terms, detect fraud, or protect rights and safety.
4.3 Business transfers
In a merger, acquisition, or asset sale, your information may transfer. We will notify you before your information becomes subject to a different privacy policy.
5. Blockchain and cryptocurrency disclosures
- Public transparency: On-chain wallet holdings and transactions are publicly visible on blockchain networks.
- Wallet addresses: Public by design (like mailing addresses). Wallets are non-custodial and are run on Dakota's infrastructure (a FinCEN-registered MSB). Reinx holds the ECDSA P-256 signing keys that authorize each transaction in AWS KMS-backed infrastructure; the keys are never exposed through any API. Customers can revoke Reinx's signing authority at any time via Dakota's signer-group management.
- Stablecoin balances: Held as canonical RD and, where applicable, supported stablecoins such as USDC. These balances are NOT FDIC insured or guaranteed by any government agency.
- Irreversibility: Confirmed blockchain transactions cannot be reversed by Reinx.
6. AI agent data practices
- Credential isolation: Agents never hold card numbers, CVCs, or wallet keys. They use scoped API tokens via MCP.
- Transaction metadata: We collect structured metadata (amount, recipient, chain, purpose) for analytics, audit, policy evaluation, and potential future health-score functionality.
- Agent Health Scores: Agent Health Score is a planned capability. Reinx does not currently calculate or display a score. If introduced, we will disclose the factors and data uses before activation.
- Shared Payment Tokens: Shared Payment Tokens are a deferred capability and are not currently generated. If introduced, their provider, scope, and data handling will be disclosed before use.
7. Data retention
- Account info: Duration of account plus reasonable period for legal compliance.
- Transaction records: Minimum 7 years (financial/tax/AML regulations).
- Agent data and Health Scores: Duration of account.
- Usage/analytics data: May be retained in aggregated/de-identified form indefinitely.
- Support records: Up to 3 years after resolution.
When no longer needed, data is securely deleted or anonymised.
8. Cookies and tracking technologies
- Essential cookies: Authentication, session management, security. Cannot be disabled.
- Analytics cookies: Consented marketing-site usage and client exceptions through PostHog. PostHog is not initialized before analytics consent and also respects DNT and Global Privacy Control.
- Preference cookies: Dashboard settings and notification preferences.
Manage preferences via browser settings or our Cookie Policy. Disabling some cookies may affect functionality.
9. Data security
- Encryption: TLS/HTTPS in transit, AES-256 at rest.
- Authentication: Clerk with MFA support. Scoped API tokens for agent access. Backend-only secret keys stored in AWS Secrets Manager.
- Access controls: PostgreSQL RLS. Scoped tokens enforce least-privilege.
- Future card boundary: If virtual cards are activated, card data will be rendered through secure issuing-provider elements rather than stored by Reinx.
- Wallet security: Non-custodial wallets on Dakota infrastructure. Signing keys held by Reinx in AWS KMS, never exposed through any API. All transactions policy-validated by both Reinx’s policy engine and Dakota’s native default-deny policy engine (defense in depth).
- Infrastructure: Cloudflare DDoS/WAF. AWS monitoring. Sentry error tracking.
- Fraud prevention: Server-side policy checks, transaction monitoring, velocity controls, and agent pause controls. Any future card-provider fraud tooling will be disclosed with the card service.
No method of transmission or storage is 100% secure, but we are committed to promptly addressing security incidents.
10. Your rights and choices
10.1 General rights
Depending on jurisdiction, you may: access, correct, delete, port, restrict, or object to processing of your data, and withdraw consent.
10.2 California residents (CCPA/CPRA)
California residents have rights to know, delete, correct, and opt out. We do not sell or share personal information for cross-context behavioural advertising. Contact [email protected]. Response within 45 days.
10.3 Colorado residents (CPA)
Under the Colorado Privacy Act, Colorado residents have the right to access, correct, and delete their personal data, obtain a portable copy of their data, and opt out of targeted advertising, sale of personal data, and profiling in furtherance of decisions that produce legal or similarly significant effects. You may also opt out of processing of your personal data by automated decision-making systems, including the transaction policy engine described in Section 6. To exercise these rights or to appeal a denied request, contact [email protected]. We will respond within 45 days.
10.4 EEA/UK/Swiss residents (GDPR)
Legal bases: contract performance, legal obligations, legitimate interests, and consent. Contact [email protected] for inquiries.
10.5 Account controls
Via your dashboard: view/update/delete account info, manage agents, regenerate tokens, export data, deactivate account.
10.6 Communications
Manage notification preferences in settings. Opt out of marketing anytime. Transactional notifications cannot be disabled while your account is active.
11. Third-party services
Our Services link to and integrate with third-party services not operated by Reinx. Review their privacy policies. Key integrations include Stripe, Dakota, Clerk, Neon, AWS, OpenAI, PostHog, and Sentry.
12. Children’s privacy
Services are not for individuals under 18. We do not knowingly collect information from children. Contact [email protected] if you believe a child has provided information.
13. International data transfers
Reinx is US-based. Data may be transferred to/stored in the US or other countries. Where required, we use Standard Contractual Clauses or other recognised transfer mechanisms.
14. Data breach notification
We will notify affected users and authorities in accordance with applicable law, disclosing the nature and scope of the breach, information affected, remedial measures, and protective steps you can take.
15. Changes to this Privacy Policy
Material changes: reasonable prior notice (including email), updated policy posted with revised date, consent obtained where required. Continued use constitutes acceptance.
16. Contact us
Reinx, Inc.
3009 Hawksdale Dr, Unit #332
Las Vegas, NV 89134, United States
Email: [email protected]
Website: reinx.ai
For data access, correction, or deletion requests, email [email protected] with subject “Privacy Request.” Response within 30 days (45 for CCPA).