Legal
Privacy
Last updated: 30 May 2026.
Who we are
reill is operated by Man-x Thats Limited, trading as reill — a company incorporated in the Isle of Man. We make software on the Isle of Man for IOM trade businesses.
For the personal data you give us about yourself — when you join the waitlist, sign up, or contact us — we are the data controller. For the personal data your company holds about its own customers inside the reill product, your company is the controller and we are the data processor, handling it on your instructions.
Questions, or to exercise any of the rights below: hello@reill.im.
The law we work under
We process personal data in line with the Data Protection Act 2018 (Isle of Man) and the Data Protection (Application of GDPR) Order 2018 — the Isle of Man’s applied GDPR. Where your company’s customers are in the UK or EU, the equivalent UK/EU GDPR principles apply too.
What we collect
- Account & marketing: your name, email, phone (if given), company name, trade type, and any free-text message you send.
- Product (your company’s data): the customers, jobs, quotes, invoices, payment records, photos, certificates and signatures your company enters into reill.
- Authentication: email and password (hashed — never stored in clear).
- Usage: pages visited, features used, and error diagnostics, to keep the product working and improve it. No advertising trackers.
Why we use it
- To provide the serviceyou’ve signed up for (performance of our contract with your company).
- Legitimate interests: securing the platform, preventing abuse, diagnosing errors, and understanding which features earn their place.
- Consent: waitlist and marketing contact, which you can withdraw at any time.
- Legal obligation: where we must keep records (for example, tax and accounting).
Where it lives
Production data is held in Supabase (PostgreSQL) in the EU (eu-west-2). Photos, certificates and signatures live in Supabase Storage in the same region. Tenant data is isolated per company at the database level (row-level security).
Who else processes it
We use a small set of sub-processors to run reill. We don’t sell, rent, or share personal data with anyone else.
- Supabase — database, authentication and file storage (EU).
- Resend — sending transactional and invoice emails on your behalf.
- PostHog (EU region) — privacy-conscious product analytics. No session recording, no advertising.
- Sentry — error monitoring. Customer personal data is scrubbed before any error report leaves the app.
- Google (Gemini API)— powers Reilly, the assistant. Prompts and tool results are sent to generate replies; they are not used to train Google’s models under the API terms.
- Stripe — card payments, where you enable the payments module (opt-in).
- Xero — accounting sync, where you connect it (opt-in).
- Telegram — only if you link the Telegram assistant (opt-in).
- Apple (APNs) and Google (FCM) — relaying push notifications to the mobile app.
Sending data outside the Island
Most processing stays in the EU. Some providers — Stripe and Google among them — process data in the UK or US. Where data leaves the Isle of Man or EEA, it’s protected by an adequacy decision or standard contractual clauses, as the applied GDPR requires.
Cookies
We use essential cookies to keep you signed in and to keep the app secure. We don’t use advertising or cross-site tracking cookies. Product analytics (PostHog) respects your browser’s “Do Not Track” setting.
How long we keep it
Your company’s data: for as long as you’re on reill, plus 90 days after cancellation (recoverable on request during that window, then deleted). Waitlist and marketing contacts: until acted on, or 24 months, whichever comes first. Security and audit logs: retained as long as needed for security and to meet legal obligations.
How we protect it
Data is encrypted in transit (TLS) and at rest. Each company’s data is isolated by row-level security so one tenant can never read another’s. Sensitive third-party tokens (for example, your Xero connection) are encrypted with AES-256-GCM before they’re stored.
Your rights
Under the Data Protection Act 2018 and the applied GDPR you can ask us to give you a copy of your personal data, correct it, delete it, restrict or object to how we use it, or port it elsewhere. Email hello@reill.imand we’ll respond within one month.
If you’re not happy with how we’ve handled your data, you can complain to the Isle of Man Information Commissioner at inforights.im.
Changes
If we change this policy we’ll update the date at the top and, for anything material, tell you in-app or by email before it takes effect.