Skip to main content
reinx
All policies

Privacy Policy

Effective date: March 30, 2026 · Last updated: March 30, 2026

1. Introduction

Reinx, Inc. (“Reinx,” “we,” “us,” or “our”) operates the Reinx platform at reinx.ai and app.reinx.ai, including our dashboard, mobile apps, APIs, MCP servers, and related services (“Services”). Reinx is a fintech platform where humans create and manage virtual cards and crypto wallets for AI agents with spending limits, real-time controls, expense tracking, and analytics.

This Privacy Policy describes how we collect, use, disclose, store, and protect your information. By using our Services, you acknowledge that you have read and understood this Privacy Policy.

2. Information we collect

2.1 Information you provide

  • Account information: Name, email, phone number, password, company/organisation name.
  • Identity verification (KYC/KYB): Government-issued ID numbers (SSN, EIN), date of birth, address, and other verification data collected via Stripe Connect Custom onboarding.
  • Financial information: Financial account details (via Stripe Financial Connections), payment card info for funding (processed by Stripe; we do not store full card numbers), billing data.
  • Agent configuration: Agent names, spending limits, merchant restrictions, budget rules, approval thresholds, project/team assignments.
  • Communications: Support messages, feedback, and attachments.
  • Transaction instructions: Agent transaction details including amount, recipient, chain, purpose, and reason metadata.

2.2 Information collected automatically

  • Usage data: IP address, browser type, OS, device type, pages visited, actions, referring URLs, timestamps.
  • Device information: Device identifiers, screen resolution, language, carrier info.
  • Transaction data: All card and wallet transactions including merchant details, amounts, timestamps, approval status, and MCCs.
  • Agent activity data: Transaction patterns, spending velocity, approval rates, denial feedback, Agent Health Score metrics.
  • Location data: General location (city, state, country) from IP address for fraud prevention. No precise GPS.
  • Cookies: See Section 8 for details.

2.3 Information from third parties

  • Payment processors: Transaction confirmations, card authorisations, fraud signals from Stripe/Stripe Radar.
  • Identity verification: Results and risk assessments from Stripe Identity/Connect.
  • Blockchain data: Publicly available on-chain data for agent wallets (EVM and Solana).
  • Authentication providers: Basic profile info from OAuth providers (Google, GitHub).
  • Analytics: Aggregated/de-identified data from PostHog and similar services.

3. How we use your information

3.1 Providing Services

  • Creating/maintaining accounts and agent accounts
  • Processing financial transactions (card and wallet)
  • Enforcing spending limits and policies at the network level
  • Processing account funding, withdrawals, and stablecoin conversions
  • Generating scoped API tokens for agent MCP integration
  • Calculating Agent Health Scores
  • Delivering dashboard updates, notifications, and approval requests

3.2 Security and fraud prevention

  • Detecting and preventing fraud and unauthorised transactions
  • Monitoring transaction velocity and anomaly detection
  • Enforcing six layers of platform security
  • Verifying identity and preventing unauthorised account access

3.3 Improvement

  • Analysing usage to improve features and UX
  • Improving AI copilot and onboarding
  • Developing new products and features

3.4 Communications

  • Transactional notifications (approvals, denials, alerts)
  • Push, email, or SMS for approval requests
  • Support responses and marketing (with consent where required)

3.5 Legal compliance

  • Complying with AML, KYC, tax, and other regulations
  • Enforcing Terms of Service
  • Responding to lawful government/law enforcement requests

4. How we share your information

We do not sell your personal information. We share information only as follows:

4.1 Service providers

  • Stripe: Payment processing, card issuance, financial accounts, KYC/KYB, billing, and fraud detection.
  • Bridge: Stablecoin conversion and fiat off-ramp (OCC-approved trust bank charter).
  • Privy: Agent crypto wallets (custodial wallets backed by Bridge, a licensed custodian).
  • Supabase: Database, authentication, real-time sync.
  • AWS: Backend hosting (ECS Fargate), rate limiting (DynamoDB), monitoring (CloudWatch).
  • Communications: Firebase (push), Resend (email), Cloudflare (DNS/CDN/security).
  • Analytics: PostHog (product analytics), Sentry (error tracking).

4.2 Legal disclosures

We may disclose information to comply with law, enforce our Terms, detect fraud, or protect rights and safety.

4.3 Business transfers

In a merger, acquisition, or asset sale, your information may transfer. We will notify you before your information becomes subject to a different privacy policy.

5. Blockchain and cryptocurrency disclosures

  • Public transparency: On-chain wallet holdings and transactions are publicly visible on blockchain networks.
  • Wallet addresses: Public by design (like mailing addresses). Private keys held exclusively by the licensed custodian (Bridge) through Privy’s wallet infrastructure.
  • Stablecoin balances: Held as USDB/USDC, NOT FDIC insured. USDB backed by US Treasuries/BlackRock funds. USDC backed by cash equivalents (Circle). Not guaranteed by any government agency.
  • Irreversibility: Confirmed blockchain transactions cannot be reversed by Reinx.

6. AI agent data practices

  • Credential isolation: Agents never hold card numbers, CVCs, or wallet keys. They use scoped API tokens via MCP.
  • Transaction metadata: We collect structured metadata (amount, recipient, chain, purpose) for analytics and Agent Health Scores.
  • Agent Health Scores: Proprietary 300–850 scores based on behavioural metrics. Visible on your dashboard.
  • Shared Payment Tokens: SPTs generated through Stripe are scoped by merchant, amount, and time. Real card numbers never exposed.

7. Data retention

  • Account info: Duration of account plus reasonable period for legal compliance.
  • Transaction records: Minimum 7 years (financial/tax/AML regulations).
  • Agent data and Health Scores: Duration of account.
  • Usage/analytics data: May be retained in aggregated/de-identified form indefinitely.
  • Support records: Up to 3 years after resolution.

When no longer needed, data is securely deleted or anonymised.

8. Cookies and tracking technologies

  • Essential cookies: Authentication, session management, security. Cannot be disabled.
  • Analytics cookies: Usage patterns via PostHog.
  • Preference cookies: Dashboard settings and notification preferences.

Manage preferences via browser settings or our Cookie Policy. Disabling some cookies may affect functionality.

9. Data security

  • Encryption: TLS/HTTPS in transit, AES-256 at rest.
  • Authentication: Supabase Auth with MFA. Backend-only API keys.
  • Access controls: PostgreSQL RLS. Scoped tokens enforce least-privilege.
  • PCI compliance: Card data handled entirely by Stripe. Reinx out of PCI scope.
  • Wallet security: Private keys held by licensed custodian (Bridge) through Privy’s wallet infrastructure. All transactions policy-validated.
  • Infrastructure: Cloudflare DDoS/WAF. AWS monitoring. Sentry error tracking.
  • Fraud prevention: Stripe Radar tuned for agentic traffic. Velocity controls with auto-freeze.

No method of transmission or storage is 100% secure, but we are committed to promptly addressing security incidents.

10. Your rights and choices

10.1 General rights

Depending on jurisdiction, you may: access, correct, delete, port, restrict, or object to processing of your data, and withdraw consent.

10.2 California residents (CCPA/CPRA)

California residents have rights to know, delete, correct, and opt out. We do not sell or share personal information for cross-context behavioural advertising. Contact privacy@reinx.ai. Response within 45 days.

10.3 EEA/UK/Swiss residents (GDPR)

Legal bases: contract performance, legal obligations, legitimate interests, and consent. Contact privacy@reinx.ai for inquiries.

10.4 Account controls

Via your dashboard: view/update/delete account info, manage agents, regenerate tokens, export data, deactivate account.

10.5 Communications

Manage notification preferences in settings. Opt out of marketing anytime. Transactional notifications cannot be disabled while your account is active.

11. Third-party services

Our Services link to and integrate with third-party services not operated by Reinx. Review their privacy policies. Key integrations: Stripe, Privy, Bridge, Supabase, AWS, PostHog, Sentry.

12. Children’s privacy

Services are not for individuals under 18. We do not knowingly collect information from children. Contact privacy@reinx.ai if you believe a child has provided information.

13. International data transfers

Reinx is US-based. Data may be transferred to/stored in the US or other countries. Where required, we use Standard Contractual Clauses or other recognised transfer mechanisms.

14. Data breach notification

We will notify affected users and authorities in accordance with applicable law, disclosing the nature and scope of the breach, information affected, remedial measures, and protective steps you can take.

15. Changes to this Privacy Policy

Material changes: reasonable prior notice (including email), updated policy posted with revised date, consent obtained where required. Continued use constitutes acceptance.

16. Contact us

Reinx, Inc.
3009 Hawksdale Dr, Unit #332
Las Vegas, NV 89134, United States
Email: privacy@reinx.ai
Website: reinx.ai

For data access, correction, or deletion requests, email privacy@reinx.ai with subject “Privacy Request.” Response within 30 days (45 for CCPA).

Related policies

Terms of ServiceCookie PolicyAcceptable Use