Last updated: March 2026
Introduction
Rills ("we", "us", or "our") operates the rills.ai website and the Rills platform. This Privacy Policy explains what personal data we collect, how we use it, who we share it with, and your rights regarding your data.
We believe in transparency. This policy is written in plain language so you can understand exactly how your data is handled. If anything is unclear, please reach out to us at privacy@rills.ai.
Data We Collect
Account Information
When you create a Rills account, we collect your name, email address, and password. Your password is stored using a secure one-way hash and is never kept in plain text.
Workspace Data
When you use Rills, we store the content you create and configure within your workspace. This includes workflow definitions, trigger configurations, execution logs, and any associated content you provide.
Usage Data
We collect usage data such as page views, feature usage, and session recordings to improve the product experience. See the Cookies & Tracking section for details on how we handle this data.
Payment Information
Payment processing is handled by Polar, our merchant of record. We do not store credit card numbers or payment card details on our servers. Polar processes your payment information securely on our behalf.
How We Use Your Data
We use the data we collect to:
- Provide, maintain, and improve the Rills platform
- Process and execute your workflows
- Send transactional emails (account verification, password resets, important service updates)
- Analyze anonymous usage patterns to improve the product experience
- Prevent abuse and ensure the security of our platform
- Comply with legal obligations and enforce our Terms of Service
We do not sell your personal data. We do not share your data with third parties for their marketing purposes.
AI & Data Processing
Your workflow data is processed by AI models but is never used to train AI models.
Rills uses artificial intelligence to power some workflow features. When you use AI-powered capabilities, your workflow definitions, trigger data, and associated content may be sent to our AI providers for processing:
- Anthropic (Claude) — processes workflow data for AI-powered features
- OpenAI (GPT-4) — processes workflow data for AI-powered features
Under our agreements with both Anthropic and OpenAI, your data is not used to train, improve, or develop their AI models. Your data is processed solely to provide the features you requested and is not retained by these providers beyond what is necessary for processing.
All data sent to AI providers is encrypted in transit using HTTPS/TLS.
Third-Party Processors
We work with the following third-party service providers to operate Rills. Each processor only receives the data necessary for their specific function:
| Provider | Purpose | Location |
|---|---|---|
| Vercel | Infrastructure — hosting, compute, functions | US |
| Neon | Database — PostgreSQL data storage | US |
| Postmark | Email — transactional emails | US |
| PostHog | Analytics — usage data, session replay, product analytics | US/EU |
| Better Stack | Observability — error tracking, uptime monitoring, logs | US |
| Polar | Billing — payment processing, merchant of record | EU |
| Upstash | Infrastructure — rate limiting, workflow execution | US |
| Anthropic | AI — workflow actions, optimization, generation | US |
| OpenAI | AI — workflow actions, optimization, generation | US |
| Statsig | Feature flags — experiment assignments and feature rollouts | US |
Data Security
We take the security of your data seriously. Measures we employ include:
- Encryption in transit: All data transferred between your browser and our servers is encrypted using HTTPS/TLS.
- Encryption at rest: Your data is stored in encrypted databases.
- Sandboxed execution: Custom code runs in isolated sandbox environments and cannot access other users' data.
- Access controls: Multi-tenant architecture ensures your workspace data is isolated from other users.
- Regular reviews: We conduct regular security reviews of our infrastructure and codebase.
For more details about our security practices, see our Security page.
Data Retention
- Account data is retained while your account is active and for 30 days after account deletion, allowing you to recover your account if you change your mind.
- Execution logs are retained for 90 days from the date of execution, then automatically deleted.
- Anonymous analytics data is aggregated and non-identifiable. It does not contain any personal information and is retained indefinitely for product improvement purposes.
Your Rights
You have the right to:
- Access the personal data we hold about you
- Correct inaccurate or incomplete data
- Delete your personal data (right to erasure)
- Export your data in a portable format (data portability)
- Close your account at any time through your account settings
These rights apply to all users regardless of location, including rights provided under the GDPR for users in the European Union.
To exercise any of these rights, please contact us at privacy@rills.ai. We will respond to your request within 30 days.
Children's Privacy
Rills is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child under 16 has provided us with personal data, please contact us at privacy@rills.ai and we will promptly delete it.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. If we make material changes, we will notify you by email or through an in-app notice before the changes take effect.
Your continued use of Rills after any changes to this policy constitutes your acceptance of the updated terms.
Contact Us
If you have questions about this Privacy Policy or how we handle your data, please contact us:
- Email: privacy@rills.ai