Privacy Policy

Last updated: June 8, 2026

1. Who we are

Recon (“we”, “us”, “our”) operates reconapp.io, a competitor intelligence platform. Our contact email is privacy@reconapp.io.

2. Data we collect

  • Account data — name, email address, company name, hashed password.
  • Usage data — markets and competitors you add, alert preferences, digest settings.
  • Payment data — billing is handled by Stripe. We never store card numbers.
  • Log data — IP address, browser type, pages visited, timestamps.
  • Competitor data — publicly available web content scraped on your behalf.

3. How we use your data

  • To provide and improve the Recon service.
  • To send weekly digest emails and alert notifications you have opted into.
  • To process payments via Stripe.
  • To detect and prevent abuse or security incidents.
  • To comply with legal obligations.

We do not sell your personal data to third parties.

4. Legal basis (GDPR)

If you are in the European Economic Area, we process your data under the following bases:

  • Contract — processing necessary to deliver the service you signed up for.
  • Legitimate interests — security monitoring, fraud prevention, service improvement.
  • Consent — marketing emails (you may withdraw consent at any time).
  • Legal obligation — where required by law.

5. Data retention

We retain account data for as long as your account is active. After deletion, data is purged within 30 days. Backups are purged within 90 days. You may request earlier deletion at any time.

6. Your rights (GDPR & CCPA)

Depending on your location, you have the right to:

  • Access — request a copy of the data we hold about you.
  • Rectification — correct inaccurate data.
  • Erasure — request deletion of your account and data.
  • Portability — receive your data in a machine-readable format.
  • Object — opt out of processing based on legitimate interests.
  • Restrict processing — limit how we use your data.

To exercise any right, email privacy@reconapp.io. We will respond within 30 days.

7. Cookies

We use a single essential cookie (recon_token) to keep you logged in. We do not use advertising or tracking cookies.

8. Third-party services

  • Stripe — payment processing (PCI-DSS compliant)
  • Resend — transactional email delivery
  • Anthropic — AI analysis of competitor changes
  • Railway — cloud hosting (servers in the United States)
  • AWS S3 — storage of scraped HTML snapshots

All providers are contractually bound to process data only as instructed and to implement appropriate security measures.

9. International transfers

Our servers are located in the United States. If you are in the EEA, data is transferred under Standard Contractual Clauses (SCCs) or equivalent safeguards.

10. Security

We use bcrypt password hashing, HTTPS everywhere, httpOnly cookies, and regular security audits. Despite these measures, no system is 100% secure. Please use a strong unique password.

11. Changes to this policy

We will notify you by email of material changes at least 14 days before they take effect. Continued use after that date constitutes acceptance.

12. Contact

Questions or requests: privacy@reconapp.io

If you are in the EU and believe we have not addressed your concern, you have the right to lodge a complaint with your local supervisory authority.