Privacy Policy

Last Updated: 3 March 2026

This Privacy Policy explains how ReigniteMe (“we”, “us”, “our”) collects, uses, shares, and protects personal data when you visit reigniteme.io (the “Site”) or use the ReigniteMe platform (the “Service”).

ReigniteMe is operated by HotTable App Ltd trading as ReigniteMe.

If you do not agree with this Privacy Policy, please do not use the Site or Service.

1) Who we are and how to contact us

Data Controller (for most processing): HotTable App Ltd (trading as ReigniteMe)
Registered office: Suite 6149, 34-35 Hatton Garden, Unit 3a, London, England, EC1N 8DX
Contact: support@reigniteme.io

In some cases (especially where you use the Service to run campaigns involving prospect/contact data), you may be a data controller and we may act as a processor for you. Where applicable, the Data Processing Addendum (DPA) in our Terms of Service governs processor obligations.

2) Scope

This Privacy Policy applies to:

  • visitors to the Site,
  • users who create accounts or use the Service (“Customers”),
  • individuals whose data may be processed through a Customer's connected accounts (e.g., prospects/contacts).

If you are a prospect/contact whose data is processed by one of our Customers, that Customer is typically the controller of your data. You may need to contact them directly to exercise certain rights, though we will assist where legally required.

3) Personal data we collect

A) Information you provide

  • Account data: name, email address, profile picture, and (if using email/password login) password (hashed). If you sign in via Google OAuth, we receive your name, email, and profile picture from Google.
  • Settings and preferences: campaign configuration, templates, prompts you save, digest/notification preferences
  • Support communications: messages and information you share with support
  • User Content: drafts, scheduled posts/messages, campaign names, and related inputs

B) Data from connected accounts and integrations

If you connect third-party accounts (e.g., LinkedIn) via our integrations (including Unipile), we may process:

  • connection metadata and identifiers needed to operate the integration,
  • profile identifiers and publicly available profile fields as returned by the platform/integration (including name, headline, location, profile picture, experience, education, skills, endorsement counts, connections count, followers count),
  • LinkedIn feed content (posts from your connections) accessed for engagement and commenting features,
  • activity metadata (e.g., message attempted/sent, connection request initiated, engagement event, post published, skill endorsed, post liked/commented),
  • post performance metrics (impressions, reactions, comments, views) for analytics and profile scoring,
  • the content you create/schedule/send through the Service.

C) Public web data (Apify)

We may use Apify to retrieve data from public pages only (no login/authenticated access), where enabled in the product. This may include public profile information or public web content relevant to your configured workflows.

You are responsible for ensuring your use of public web data complies with applicable laws and platform terms, and that you have a lawful basis for processing personal data where required.

D) Billing, subscription, and referral data

Payments are processed by Stripe. We may receive:

  • subscription status, plan, renewal dates, invoice/payment status,
  • limited payment metadata (e.g., card type, last 4 digits, billing country).

We do not store full card numbers.

Referral program data

If you participate in the Referral Program, we collect and store:

  • your unique referral code and referral history (who you referred, dates, reward choices),
  • your referral cash balance and credit balance,
  • PayPal email address you provide when submitting a withdrawal request,
  • withdrawal request details (amount, status, timestamps).

Your PayPal email is used solely for processing referral cash withdrawals and is shared with PayPal for that purpose. We do not use it for marketing or other purposes.

E) Technical, usage, and device data

  • IP address, device/browser information, timestamps
  • usage events (features used, pages visited, performance metrics)
  • security logs and anti-fraud signals
  • cookie and similar identifier data (see Cookies section)

F) Error and performance monitoring

We use Sentry to identify and fix crashes/performance issues. This may collect error logs, stack traces, device/browser info, and limited identifiers needed for diagnostics. We aim to minimise collection and avoid collecting message/post content unless you explicitly include it in a support request.

G) AI-generated content and images

When you use AI features (e.g., post generation, banner creation), your prompts, profile context, and related inputs are sent to third-party AI providers (OpenAI, Google Gemini, Perplexity) for processing. Generated images (such as LinkedIn banners) are stored in AWS S3 under your user-specific path. AI-generated images from Google Gemini may contain invisible digital watermarks (SynthID).

H) Knowledge hub data

If you use knowledge hub features, research insights, content context, and related data are stored as vector embeddings in Pinecone (a third-party vector database) under user-specific namespaces. This data is used to improve content relevance and AI personalisation within the Service.

I) Gamification and activity data

The Service tracks XP (experience points), levels, achievements, and activity scores based on your use of features (e.g., creating campaigns, scheduling posts, connecting your LinkedIn account). This data is stored in our database and used to power gamification features within the platform.

4) AWS S3 storage

We use Amazon Web Services S3 to store ReigniteMe assets (e.g., product/static assets) and AI-generated content created through the Service, such as LinkedIn banner images generated by the banner creation feature. Banner images are stored in S3 under user-specific paths and may be accessed via time-limited signed URLs.

We do not store other customer-generated content (such as posts, messages, or comments) in S3 as part of normal operation.

If this changes, we will update this Privacy Policy.

5) How we use personal data

We use personal data to:

  1. Provide and operate the Service
    Account creation, authentication, integrations, campaign execution per your settings, LinkedIn profile analysis and scoring, AI content and image generation, knowledge hub operations, reporting, gamification, and feature delivery.
  2. Improve reliability and performance
    Diagnostics, monitoring, testing, quality assurance, and feature improvement.
  3. AI processing and content generation
    Generating personalised posts, comments, messages, and banner images using AI providers (OpenAI, Google Gemini, Perplexity). Inputs such as profile data, prompts, and context may be sent to these providers for processing.
  4. Knowledge hub and content context
    Storing and retrieving research insights, content context, and meeting outcomes in vector form (via Pinecone) to improve content relevance and personalisation.
  5. Security and fraud prevention
    Access control, abuse detection, enforcing our Terms, and protecting users and the platform.
  6. Customer support and communications
    Support responses, operational notices (billing, security, downtime), onboarding guidance.
  7. Billing, account administration, and referral payouts
    Trials, renewals, referral discounts, referral cash reward processing, PayPal withdrawal fulfilment, invoicing, dispute handling.
  8. Legal compliance
    Meeting legal obligations, responding to lawful requests, resolving disputes.

6) Legal bases (UK GDPR / EU GDPR)

Where UK GDPR/EU GDPR applies, we rely on:

  • Contract: to provide the Service you request (account, billing, core features)
  • Legitimate interests: to secure, maintain, and improve the Service; prevent fraud; ensure reliability
  • Consent: for non-essential cookies where required; optional marketing communications
  • Legal obligation: tax/accounting, compliance, and lawful requests

Where you process prospect/contact data, you are typically responsible for selecting the lawful basis (e.g., legitimate interests, consent, contractual necessity) and for providing required notices.

7) Cookies and similar technologies (EU/UK ePrivacy-friendly)

We use cookies/local storage and similar technologies for:

  • Strictly necessary cookies: login sessions, security, fraud prevention
  • Functional cookies: preferences and settings
  • Analytics/performance cookies: product usage measurement and stability

Where required (e.g., UK/EU), we will request consent for non-essential cookies via a cookie banner or preference controls.

You can also manage cookies via your browser settings. Disabling cookies may impact functionality.

8) Sharing and disclosures (subprocessors/service providers)

We share personal data only as necessary to operate the Service.

ProviderPurpose
HerokuHosting / operations
OpenAIAI text generation (posts, comments, messages, profile analysis)
Google GeminiAI image generation (LinkedIn banners)
PerplexityAI-powered content research and web search
StripePayments and subscription management
PayPalReferral cash reward payouts (PayPal email shared for withdrawal processing)
UnipileLinkedIn account connectivity and orchestration
SentryError monitoring
ApifyPublic web automation (public pages only)
PineconeVector database for knowledge hub features
Google (OAuth)Authentication
Redis / UpstashCaching, background job processing
Amazon Web Services (S3)Asset and AI-generated image storage

We may also share information:

  • if required by law, court order, or lawful request,
  • to prevent fraud/security incidents,
  • to enforce our Terms and protect rights, safety, and property,
  • during a corporate transaction (merger, acquisition, asset sale), subject to safeguards.

9) International data transfers (global-ready)

Because we operate globally and use international providers, your data may be processed in countries outside your own.

Where UK/EU rules apply and data is transferred outside the UK/EEA, we use appropriate safeguards such as:

  • EU Standard Contractual Clauses (SCCs),
  • the UK IDTA / UK Addendum,
  • and other lawful mechanisms as applicable.

For MENA customers, cross-border transfers may require additional conditions depending on jurisdiction; we implement contractual and security safeguards and can support enterprise requests via the DPA.

10) Data retention

We keep data only as long as necessary to:

  • provide the Service,
  • meet legal/accounting obligations,
  • prevent fraud/abuse,
  • resolve disputes,
  • maintain security and backups.

When you cancel or delete your account, we delete or anonymise data within a commercially reasonable period, except where retention is legally required or necessary for legitimate purposes (e.g., tax records, fraud prevention). Backups may persist for a limited time.

11) Security

We implement reasonable technical and organisational measures designed to protect data (access controls, encryption in transit where supported, monitoring/logging, secure credential practices). No system is perfectly secure, and we cannot guarantee absolute security.

12) Your rights — UK/EU, USA, and MENA

A) UK/EU (GDPR/UK GDPR rights)

Where applicable, you may have rights to:

  • access your data,
  • correct inaccurate data,
  • delete data (subject to exceptions),
  • restrict/object to processing,
  • data portability,
  • withdraw consent (where processing is based on consent),
  • complain to a supervisory authority.

B) USA (state privacy laws, including California)

Depending on your state, you may have rights to:

  • know/access what we collect and why,
  • delete (subject to exceptions),
  • correct inaccuracies,
  • opt out of certain targeted advertising/sharing (where applicable),
  • limit use of sensitive personal information (where applicable).

We do not sell personal information for money. If we ever enable advertising-style “sharing” that triggers opt-out rights, we'll provide controls (e.g., cookie preferences).

We honour Global Privacy Control (GPC) signals where required and technically feasible.

C) MENA (practical privacy alignment)

MENA privacy laws vary (e.g., UAE, KSA, Bahrain, Qatar, Oman). Common expectations include transparency, lawful basis/permission where required, purpose limitation, security safeguards, and in some cases restrictions on cross-border transfers. We align with these principles and support enterprise/customer requests through contractual terms and the DPA where applicable.

How to exercise rights: email support@reigniteme.io. We may ask for verification. If you are a prospect/contact processed by a Customer, we may direct you to that Customer as controller.

13) Marketing communications

If we send marketing emails:

  • you can opt out at any time via the unsubscribe link or by contacting us,
  • service/operational messages (billing, security, outages) are not marketing and may still be sent,
  • activity summary and digest emails (e.g., daily/weekly summaries of your scheduled LinkedIn actions) are operational communications tied to the Service. You can adjust their frequency in your account settings, but they are not classified as marketing.

14) Sensitive data

Please do not upload or process sensitive personal data through the Service unless you have a clear lawful basis and it is strictly necessary. We do not intentionally require sensitive categories of data to provide the Service.

15) Automated decision-making and profiling

ReigniteMe may provide recommendations or automation based on your settings (including AI suggestions). The Service also includes:

  • LinkedIn profile scoring: a deterministic algorithm that analyses your profile completeness, network size, content activity, and engagement metrics to generate an improvement score and suggestions. This is informational only and does not restrict access to features.
  • AI-generated content: posts, comments, messages, and banner images are generated using AI based on your profile data, preferences, and prompts. All AI output is presented for your review before publishing.
  • Engagement scheduling: automated timing and sequencing of actions (connection requests, comments, endorsements) based on your campaign configuration and safety limits.

We do not make legally significant automated decisions about you without human involvement, but you remain responsible for approving and publishing content/actions.

16) Children

The Service is not intended for anyone under 18, and we do not knowingly collect children's personal data.

17) Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Changes take effect when posted on the Site. Continued use after posting means you accept the updated policy.

18) Contact

support@reigniteme.io

If you are in the UK/EU, you may also complain to your local data protection authority.