Legal

Privacy Policy

How Rheo collects, uses, and protects personal information.

Last updated May 23, 2026

Introduction

Rheo ("Rheo," "we," "us," or "our") provides software that helps mobile teams design, deploy, and measure in-app onboarding and activation flows. This Privacy Policy explains how we collect, use, disclose, and protect information when you visit our marketing site, create an account, use our dashboard, integrate our SDKs, or otherwise interact with our services (collectively, the "Services").

By using the Services, you agree to the practices described in this policy. If you do not agree, please do not use the Services.

Information we collect

We collect information in three broad categories: information you provide, information generated through your use of the Services, and information from third parties.

  • Account and profile data, such as your name, email address, organization name, role, and authentication identifiers when you sign up or are invited to a workspace.
  • Billing and subscription data processed by our payment providers, including plan selection and transaction metadata (we do not store full payment card numbers).
  • Product usage data, such as flows you create, experiments you configure, dashboard actions, API calls, SDK and API traffic metadata (including environment, volume, and credential identifiers), and support communications.
  • End-user and device data sent by your mobile applications through our SDKs or APIs, which may include pseudonymous identifiers, device type, app version, flow events, and other properties you choose to collect in accordance with your own privacy notices.
  • Technical data from our websites and Services, including IP address, browser type, pages viewed, referral URLs, and cookies or similar technologies used for security, preferences, and analytics.

How we use information

We use the information we collect to:

  • Provide, operate, maintain, and improve the Services.
  • Authenticate users, enforce access controls, and protect against fraud and abuse, including monitoring usage patterns and account activity to detect circumvention of billing, misuse of credentials, or other fraudulent conduct.
  • Process subscriptions, send transactional messages, and provide customer support.
  • Generate analytics, diagnostics, and product insights for you and for Rheo.
  • Comply with legal obligations and respond to lawful requests.
  • Send product updates and marketing communications where permitted; you may opt out of promotional emails at any time.

Fraud monitoring and account integrity

To protect Rheo, our customers, and the integrity of our billing and usage limits, we analyze information associated with your account and workspace—including usage metrics, event volumes, API and SDK activity, subscription status, and related technical logs—for signs of fraudulent or abusive behavior.

Where we identify activity we reasonably believe is fraudulent, we may use this information to investigate, enforce our terms, suspend or terminate accounts, and take other steps described in our Terms and Conditions. We process this information based on our legitimate interests in preventing fraud and abuse, and where applicable, to perform our contract with you and comply with legal obligations.

How we share information

We do not sell your personal information. We may share information with service providers that help us run the Services (for example, cloud hosting, email delivery, payment processing, and analytics), subject to contractual confidentiality and security obligations. We may also disclose information if required by law, to protect rights and safety, or in connection with a merger, acquisition, or asset sale with appropriate notice where required.

When you use Rheo to deliver in-app experiences, you control what data your application sends to us. You are responsible for providing appropriate notices and obtaining any required consents from your end users.

Retention and security

We retain information for as long as needed to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods may vary based on account status, data type, and your configuration.

We implement administrative, technical, and organizational measures designed to protect information against unauthorized access, loss, or misuse. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

International transfers

We may process and store information in the United States and other countries where we or our service providers operate. When we transfer personal information across borders, we use appropriate safeguards as required by applicable law.

Your rights and choices

Depending on where you live, you may have rights to access, correct, delete, restrict, or port certain personal information, and to object to or withdraw consent for certain processing. You can update many account details in the dashboard or contact us to exercise your rights.

You may control cookies through your browser settings. Disabling cookies may affect some features of our websites.

Children

The Services are not directed to children under 16, and we do not knowingly collect personal information from children. If you believe we have collected such information, please contact us so we can delete it.

Changes and contact

We may update this Privacy Policy from time to time. We will post the revised version on this page and update the "Last updated" date. Material changes may be communicated through the Services or by email where appropriate.

Questions about this policy can be sent to legal@getrheo.io.

Questions? legal@getrheo.io · Back to home