Privacy Policy

How we collect, use, and protect your information

Last updated: April 19, 2026

Introduction

Regatta ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our process automation and document signing platform. Please read this policy carefully. By accessing or using Regatta, you agree to the terms of this Privacy Policy.

Information We Collect

Account Information

When you create an account, we collect your name, email address, organization name, and authentication credentials.

Process & Document Data

Information you provide when creating, completing, or signing documents through our platform, including form responses, uploaded files, and electronic signatures.

Contact & Profile Data

Personal information collected during processes such as name, address, phone number, Social Security number, date of birth, and financial information as required by the specific process.

Usage & Technical Data

Browser type, IP address, device information, pages visited, and interaction patterns to improve our services and maintain security.

How We Use Your Information

  • To provide, operate, and maintain the Regatta platform
  • To process documents, collect signatures, and manage workflows
  • To pre-fill forms and documents with previously collected data for your convenience
  • To communicate with you about your account, processes, and platform updates
  • To maintain audit trails for legal and compliance purposes
  • To improve and personalize your experience on our platform

AI-Assisted Processing

Regatta uses AI-powered tools to assist with data collection, form completion, and document workflows. When you interact with our conversational assistant, your messages are processed by our AI system. Our AI providers do not retain, store, or use your data for training purposes — all data is processed ephemerally and discarded after generating a response. Personally identifiable information (PII) is automatically redacted from conversation logs before storage. AI-collected data is stored securely in your contact profile and is subject to the same encryption and access controls as all other data.

Data Security

Encryption

Sensitive personal data is encrypted at rest using AWS Key Management Service (KMS). All data is encrypted in transit using TLS. Documents are stored securely in encrypted cloud storage.

Access Controls

Access to your data is restricted to authorized personnel within your organization. All data queries are scoped by organization, and we maintain strict role-based access controls.

Audit Trails

We maintain comprehensive audit trails of document signing activities, data collection events, and account actions, including timestamps and user identification.

Data Sharing & Disclosure

We do not sell your personal information. We may share your data only in the following circumstances:

  • With your organization: Data collected through processes is accessible to the organization that initiated the process.
  • Service providers: We use trusted third-party services (cloud hosting, email delivery, AI processing) that are contractually bound to protect your data.
  • Legal requirements: When required by law, regulation, legal process, or governmental request.
  • Business transfers: In connection with a merger, acquisition, or sale of assets, with appropriate notice.

Data Retention

We retain your data for as long as your account is active or as needed to provide services. Document submissions and audit trails are retained as required for legal compliance. When data is no longer needed, it is securely deleted or anonymized.

Your Rights

Access & Portability

You may request a copy of the personal data we hold about you in a portable format.

Correction

You may request that we correct inaccurate or incomplete personal data.

Deletion

You may request deletion of your personal data, subject to legal retention requirements and legitimate business needs.

Opt-Out

You may opt out of non-essential communications at any time by contacting us or using the unsubscribe link in our emails.

Children's Privacy

Regatta is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of Regatta after changes are posted constitutes acceptance of the revised policy.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

Email: privacy@regatta.run

By using Regatta, you acknowledge you have read, understood, and agree to the terms outlined in this Privacy Policy.