Skip to main content
Effective Date: April 20, 2026 Last Updated: April 20, 2026 Version: 1.1

1. Scope and Applicability

This Privacy Policy describes how Regentra (“Regentra,” “we,” “us,” or “our”) collects, uses, discloses, and protects personal information when you:
  • Visit our websites, including regentra.io and docs.regentra.io (the “Websites”)
  • Register for, access, or use our platform at app.regentra.io (the “Platform”)
  • Interact with us through email, support channels, events, or sales engagements
  • Receive communications from us
This Privacy Policy does not apply to the extent that we process personal information in the role of a processor or service provider on behalf of our customers. Our processing of such data is governed by the applicable service agreement or Data Processing Agreement (DPA) between Regentra and the customer. If your personal information has been submitted to us by or on behalf of a Regentra customer, please direct your privacy inquiries to that organization. Additional information regarding our data protection obligations as a processor is set forth in our DPA, available upon request.

2. Personal Information We Collect

2.1 Information You Provide

CategoryExamples
Account & IdentityName, email address, phone number, job title, company name
Billing & FinancialPayment method details (processed by our payment provider — we do not store payment card numbers), billing address, transaction history
CommunicationsSupport requests, feedback, survey responses, correspondence with our team
ProfessionalIndustry, organization type, role within your organization

2.2 Information Collected Automatically

CategoryExamples
Device & TechnicalIP address, browser type and version, operating system, device identifiers
Usage DataPages visited, features used, timestamps of actions, referral URLs
Log DataAuthentication events, session metadata, access logs

2.3 Information from Third Parties

We may receive personal information from partners and resellers who refer you to our services, identity providers when you authenticate via Single Sign-On (SSO), and publicly available business contact sources for business-to-business engagement purposes.

2.4 Cookies and Similar Technologies

We use cookies that are strictly necessary for the operation of the Platform, including authentication, security, and user preference cookies. These cookies are essential for the Platform to function and cannot be disabled. We do not use advertising cookies, third-party tracking pixels, or behavioral analytics cookies. We do not participate in cross-context behavioral advertising.

3. How We Use Personal Information

We may use the personal information we collect for the following purposes:
  • Providing, maintaining, operating, and improving the Platform
  • Creating and managing your account and processing transactions
  • Communicating with you about your account, including transactional notifications, security alerts, and service updates
  • Providing customer support and responding to your inquiries
  • Enforcing security measures, detecting fraud, and protecting against abuse
  • Sending product updates, feature announcements, and educational content (with the ability to opt out)
  • Facilitating optional AI-powered features within the Platform
  • Conducting internal analytics to understand usage patterns and improve the Platform
  • Complying with applicable legal and regulatory obligations
Legal Bases (EEA/UK). Where required by applicable law, we process personal information on the basis of contractual necessity, our legitimate business interests (such as security, service improvement, and business-to-business communications), your consent, or compliance with legal obligations. Where we rely on legitimate interests, we balance our interests against your rights and freedoms.

4. Artificial Intelligence Features

Regentra offers optional AI-powered features, including assistance with support ticket responses, compliance analysis, and content classification. These features are powered by third-party AI service providers.
  • AI features process only data within the requesting organization’s tenant
  • Customer data processed by AI providers is not used to train or improve third-party models
  • AI-generated outputs are intended as suggestions and are subject to human review
  • AI features may be disabled at the organization level by an administrator
  • We do not currently engage in automated decision-making, including profiling, that produces legal or similarly significant effects on individuals

5. How We Share Personal Information

We do not sell, rent, or trade your personal information. We do not share personal information for cross-context behavioral advertising. We may disclose personal information to the following categories of recipients: Service Providers. We engage third-party service providers to perform functions on our behalf, including cloud hosting, database management, payment processing, email delivery, authentication services, AI processing, and real-time communications. These providers are contractually obligated to protect personal information and may only process it in accordance with our instructions. Our primary service infrastructure is located in the United States. We maintain an up-to-date list of subprocessors, available upon request by contacting privacy@regentra.io. Professional Advisors. We may share information with our legal, accounting, insurance, and other professional advisors as necessary. Business Transfers. In connection with a merger, acquisition, reorganization, bankruptcy, or sale of assets, personal information may be transferred as part of that transaction. We will provide notice of any such transfer via email and/or a prominent notice on the Platform. Legal Requirements. We may disclose personal information if required by law, regulation, legal process, or governmental request, or where we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, or to detect and prevent fraud. Where permitted by law, we will attempt to notify the affected party before making such disclosures. With Your Consent. We may share personal information with third parties when you have given us explicit consent to do so.

6. Data Security

We maintain a comprehensive security program that includes technical and organizational measures designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption in transit and at rest, multi-factor authentication, logical tenant isolation, role-based access controls, account lockout mechanisms, audit logging, vulnerability management, and industry-standard security headers and input validation. Regentra is currently pursuing SOC 2 Type II certification to further validate our security controls and practices. While we are committed to protecting your personal information, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee the absolute security of your information.

7. Data Retention

We retain personal information for as long as reasonably necessary to fulfill the purposes for which it was collected, to comply with our legal and regulatory obligations, to resolve disputes, and to enforce our agreements. When determining retention periods, we consider the nature and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process the information, applicable legal and regulatory requirements, and whether such purposes can be achieved through other means. When personal information is no longer required, we will delete or anonymize it. If deletion is not immediately possible (for example, because information is stored in backup archives), we will securely isolate the information from further processing until deletion is feasible.

8. International Data Transfers

Personal information may be transferred to, stored in, and processed in the United States or other countries where our service providers operate. These countries may have data protection laws that differ from those in your jurisdiction. Where we transfer personal information outside of the European Economic Area (EEA), the United Kingdom, or Switzerland, we rely on appropriate transfer mechanisms, including Standard Contractual Clauses approved by the European Commission and the UK International Data Transfer Agreement, as applicable.

9. Your Rights

Depending on your jurisdiction, you may have certain rights regarding your personal information. EEA and United Kingdom. If you are located in the EEA or UK, you may have the right to access, rectify, erase, restrict processing of, or port your personal information, as well as the right to object to processing and to withdraw consent. You also have the right to lodge a complaint with your local data protection authority. United States. Residents of California and other US states with comprehensive privacy laws may have the right to know, access, correct, delete, and opt out of the sale or sharing of personal information. We do not sell personal information as defined under the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), or any other applicable US state privacy law. We will not discriminate against you for exercising your privacy rights. Other Jurisdictions. We respect the privacy rights of individuals under applicable laws globally, including but not limited to the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), the Brazilian Lei Geral de Proteção de Dados (LGPD), and the Australian Privacy Principles (APPs). To exercise any of your rights, please contact us at privacy@regentra.io. We will verify your identity and respond within the timeframe required by applicable law.

10. Sensitive Personal Information

We do not collect sensitive personal information (as defined under applicable privacy laws, including the CCPA/CPRA) beyond what is necessary to provide our services — for example, account credentials for authentication purposes. We do not use or disclose sensitive personal information for purposes other than those permitted under applicable law, and we do not use sensitive personal information to infer characteristics about individuals.

11. Marketing Communications

We may send you product updates, feature announcements, and educational content related to the Platform. You may opt out of marketing communications at any time by clicking the “unsubscribe” link in any marketing email or by contacting privacy@regentra.io. Opting out of marketing communications does not affect transactional communications necessary for the operation of your account.

12. Multi-Tenant and Enterprise Data

Regentra provides a multi-tenant platform designed for organizations managing services across multiple client entities. The relationships and respective responsibilities between Regentra, our customers, and their end users are defined in the applicable service agreement and, where required, a Data Processing Agreement. To request a DPA, contact legal@regentra.io.

13. HIPAA

Regentra provides tools that assist organizations in managing their compliance programs. If your use of the Platform involves the storage or processing of protected health information (PHI) as defined under the Health Insurance Portability and Accountability Act (HIPAA), a Business Associate Agreement (BAA) must be executed prior to such use. Contact legal@regentra.io for BAA requests.

14. Children’s Privacy

The Platform is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information promptly.
The Platform may contain links to third-party websites, services, or applications that are not operated or controlled by us. This Privacy Policy does not apply to information collected by third parties through such links. We encourage you to review the privacy policies of any third-party services you access.

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will update the “Last Updated” date at the top of this page and provide appropriate notice, which may include posting a notice on the Platform or sending a notification to account administrators. Where required by applicable law, we will obtain your consent to material changes.

17. Contact Us

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about our data practices: Privacy Inquiries: privacy@regentra.io Legal, DPA, and BAA Requests: legal@regentra.io If you are not satisfied with our response to a privacy concern, you may have the right to lodge a complaint with your applicable data protection authority.