SECURITY & PRIVACY

Sign-in is handled by our managed authentication provider. You can protect the app on your device with a 4-digit App Lock passcode and optional Face ID / fingerprint unlock from Settings → Security.

Sensitive actions — revealing an SSN or account number, exporting data, or deleting your account — can be gated behind a re-prompt for your passcode.

REYES stores your account data in a managed Postgres database hosted on the Lovable Cloud platform. Database access is restricted by row-level rules so that each signed-in user can only read and write their own rows.

Uploaded documents (IDs, tax forms, receipts, insurance policies) are stored in private object storage buckets and are not publicly listable.

Privileged operations (background automation, daily briefings, regulatory scans, dispute escalations, privacy sweeps, quarterly estimate drafting) run only from server endpoints that require a service-role credential. They are not callable from the browser.

The in-app AI assistant requires a valid signed-in session, and the user's subscription plan is read from the server — it cannot be elevated by the client.

REYES's Privacy section helps you opt out of data brokers and re-scans on a schedule. The data you provide for those removals (name, addresses, prior addresses, phone, email) is used only to submit opt-out requests on your behalf.

We do not sell personal information.

To understand which parts of the app are useful and where people get stuck, REYES records anonymous, aggregate usage events — for example, "a privacy sweep was started" or "a tax document was uploaded." Events are tied to a random session id, not to your name, email, or any identifying profile data.

Analytics are off by default. They turn on only after you explicitly accept the in-app analytics banner, and you can turn them back off at any time from Privacy → Help improve REYES. We honor the browser's Do Not Track signal, and we do not sell or share analytics data with third parties.

Aggregate analytics are visible only to the REYES admin team and are used to improve product quality, performance, and compliance — never to target individual users.

REYES is the app you interact with. The underlying hosting, database, auth, and file storage are provided by the Lovable Cloud platform. Platform-level features (encryption in transit, encryption at rest for managed storage, regional hosting) are operated by that provider; app-level controls (which data is collected, who can see it, how long it is kept) are operated by the REYES team.

Security or privacy questions, vulnerability reports, or data-access requests: please reach out from inside the app under Settings → Help, and we will route it to the right person.