rye.ai
Get started

Legal

Privacy Policy

Last updated: April 29, 2026

Thank you for your interest in Reframe AI, Inc. ("Rye", "we", "our", or "us"). Rye provides commerce infrastructure for agentic checkout, product discovery, merchant connectivity, order execution, and related developer tools.

This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use our websites, dashboards, APIs, documentation, support channels, and related services (collectively, the "Service"). This policy does not apply to employee or contractor data, or to customer data that we process only as a service provider under a separate customer agreement.

Region-specific disclosures

  • California. California residents may have rights to know, access, correct, delete, and limit certain uses of personal information. We do not sell personal information as that term is commonly used in privacy laws.
  • Nevada. Nevada residents may submit opt-out requests for covered information. Rye does not sell covered information under Nevada law.
  • European Economic Area, United Kingdom, and Switzerland. Additional disclosures for these regions are included below, including legal bases for processing and rights available under applicable privacy laws.

1. Information we collect

We collect information that you provide directly, information generated through use of the Service, information from third parties, and information collected automatically through cookies, logs, and similar technologies.

Information you provide

  • Account and registration information. Name, business name, email address, password or SSO profile, workspace details, role, and authentication metadata.
  • Commerce and checkout information. Product identifiers, cart contents, buyer-provided shipping details, order metadata, merchant details, payment processor status, fulfillment information, refunds, and support context.
  • Developer and integration information. API keys, webhook endpoints, environment settings, request IDs, test payloads, logs, and documentation feedback.
  • Communications. Messages sent to sales, support, trust and safety, or legal teams, including contact details and the contents of the communication.
  • Payment information. We may receive billing metadata from payment processors. We do not intentionally store full payment card numbers on our systems.

Information from third-party sources

  • Single sign-on. If you sign in with a provider such as Google, we receive information made available by that provider, such as your name, email address, profile picture, and account identifier.
  • Merchants, marketplaces, and logistics providers. We may receive product, inventory, pricing, order, shipping, cancellation, return, and fulfillment updates needed to operate checkout flows.
  • Service providers and partners. We may receive fraud, compliance, analytics, marketing, and support information from vendors that help us provide the Service.

Automatically collected information

  • Log data, including IP address, browser type, operating system, referring pages, timestamps, request IDs, API paths, status codes, and diagnostic details.
  • Device and usage data, including pages viewed, dashboard actions, documentation activity, feature usage, and session events.
  • Approximate location derived from IP address, which may be used for security, fraud prevention, localization, and compliance.
  • Cookie and similar technology data used for authentication, security, analytics, preferences, and service reliability.

2. How we use information

  • To create accounts, authenticate users, provide dashboards, issue API keys, and maintain access controls.
  • To route checkout requests, coordinate merchant interactions, process order states, facilitate fulfillment, and support refunds or cancellations.
  • To detect fraud, abuse, sanctions risk, prohibited goods, security incidents, and violations of our agreements or policies.
  • To monitor reliability, debug API errors, improve documentation, analyze usage, and develop new features.
  • To communicate with you about the Service, support requests, billing, security notices, product updates, and legal changes.
  • To comply with legal obligations, enforce agreements, resolve disputes, and protect Rye, our customers, buyers, merchants, and the public.

3. How we share information

We disclose personal information only as needed to operate the Service, meet legal obligations, and protect legitimate business interests.

  • Service providers. Hosting, infrastructure, analytics, support, communications, billing, security, and compliance vendors may process information for us.
  • Merchants, marketplaces, payment processors, and logistics providers. We share checkout and order details needed to complete purchases, fulfill orders, process payments, handle returns, or resolve disputes.
  • Customers and workspace administrators. Account owners may access workspace activity, user roles, integration settings, logs, and billing information.
  • Legal and safety disclosures. We may disclose information to comply with law, respond to lawful requests, enforce agreements, prevent harm, or protect rights and safety.
  • Business transfers. Information may be disclosed or transferred in connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets.

4. Your choices and controls

  • You may update account information through the Service or by contacting support.
  • You may unsubscribe from marketing emails by using the instructions in those emails. We may still send transactional or service messages.
  • You may manage cookies through browser settings, though blocking some cookies may affect authentication or core functionality.
  • Depending on your location, you may request access, correction, deletion, portability, restriction, objection, or withdrawal of consent.

5. Cookies and tracking technologies

We use cookies and similar technologies for authentication, security, session management, preferences, analytics, and performance. Some cookies are necessary for the Service to work, while others help us understand usage and improve the product.

CategoryPurposeExamples
Strictly necessaryAuthenticate users, maintain sessions, protect accounts, and route requests.Session, CSRF, SSO state, and security cookies.
Analytics and performanceUnderstand page usage, API behavior, reliability, and product adoption.Event, device, and usage analytics.
PreferenceRemember workspace, language, region, and display settings.Dashboard and documentation preferences.

6. Retention and security

We retain personal information for as long as needed to provide the Service, comply with legal obligations, resolve disputes, enforce agreements, maintain security, and preserve legitimate business records.

We use administrative, technical, and organizational safeguards designed to protect personal information. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

7. International transfers

The Service is operated primarily from the United States. Personal information may be transferred to, stored in, or processed in countries other than the country where it was collected. Where required, we use appropriate transfer safeguards.

8. Children's privacy

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child provided personal information to us, contact privacy@rye.com.

9. EEA, UK, and Switzerland disclosures

Where applicable, our legal bases for processing include performance of a contract, legitimate interests, compliance with legal obligations, and consent. Legitimate interests include operating and improving the Service, securing our systems, preventing fraud, communicating with customers, and developing our business.

InformationUseLegal basisRecipients
Account and contact informationCreate accounts, authenticate users, provide support, and send service notices.Contract, legitimate interests, legal obligations.Infrastructure, authentication, support, and communications providers.
Checkout, order, and merchant informationFacilitate checkout, order status, fulfillment, refunds, fraud review, and dispute handling.Contract, legitimate interests, legal obligations.Merchants, marketplaces, payment processors, logistics providers, compliance vendors.
Usage, log, and device informationSecure the Service, debug issues, monitor performance, and improve product experience.Legitimate interests, legal obligations.Hosting, observability, analytics, security, and data processing providers.
Marketing and preference informationSend updates, manage preferences, and measure engagement.Consent where required, legitimate interests.Communications, CRM, and analytics providers.

10. Changes and contact

We may update this Privacy Policy from time to time. If changes are material, we will provide notice through the Service or another reasonable method.

Questions or requests may be sent to privacy@rye.com.