Privacy Policy

Effective Date: 07/24/2025

Last Updated: 07/24/2025

1. Introduction

Mohenara LLC (“Reason Rail”) (“we,” “our,” or “us”) operates an AI-powered workflow automation platform (the “Service”) that helps small and medium businesses automate repetitive tasks through natural language commands and artificial intelligence.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service, particularly when integrating with third-party services like Google Workspace, Microsoft 365, and other business applications.

This service is currently available only to non-EEA residents. By using our platform, you confirm you are not located within the European Economic Area.

By using our Service, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Information You Provide Directly

• Account Information: Name, email address, company name, billing information
• Workflow Descriptions: Natural language descriptions of business processes you want to automate
• Configuration Data: Settings, preferences, and custom workflow parameters
• Communication Data: Support tickets, feedback, and correspondence with our team

2.2 Information Collected Through Third-Party Integrations

When you connect third-party services to enable workflow automation, we may access:

Google Services Integration:

• Gmail: Email content, metadata, labels, and attachments (only for configured workflows)
• Google Drive: File names, content, folder structure, and sharing permissions
• Google Calendar: Event details, attendees, and scheduling information
• Google Sheets: Spreadsheet data and formulas (for data processing workflows)

Other Integrations:

• Accounting Software: Invoice data, client information, financial records
• Communication Tools: Message content, contact lists, conversation histories
• Document Management: File contents, metadata, version histories

2.3 Automatically Collected Information

• Usage Data: How you interact with our Service, feature usage, workflow execution logs
• Technical Data: IP address, browser type, device information, operating system
• Performance Data: Workflow execution times, error rates, system performance metrics
• Analytics Data: User behavior patterns, feature adoption, engagement metrics

2.4 Cookies and Tracking Technologies

We use the following cookies and similar technologies:

Essential Cookies (Required):

• Authentication: Session tokens, login state (expires after 30 days)
• Security: CSRF protection tokens, rate limiting counters
• Functionality: User preferences, dashboard settings, workflow configurations

Analytics Cookies (Optional):

• Posthog Analytics: User behavior tracking, feature usage statistics
• Performance Monitoring: Error tracking, page load times, API response times
• A/B Testing: Feature experiment participation, conversion tracking

Cookie Management: You can control cookie preferences in your browser settings. Essential cookies cannot be disabled without affecting Service functionality. Analytics cookies can be opted out through your account settings. We respect “Do Not Track” browser signals for non-essential tracking.

Cookie Retention: Session cookies are deleted when the browser closes; persistent cookies last 30 days for authentication and 1 year for analytics; local storage is cleared when the account is deleted.

2.5 AI Processing Data

• Workflow Execution Logs: Records of automated tasks and their outcomes
• AI Training Data: Anonymized patterns from successful workflows (with your consent)
• Error Logs: Information about failed automations for debugging purposes

3. How We Use Your Information

3.1 Primary Service Delivery

• Workflow Automation: Execute automated tasks as configured by you
• AI Processing: Analyze your natural language descriptions to create workflows
• Integration Management: Connect and maintain access to your third-party services
• Data Synchronization: Keep information current across integrated platforms

3.2 Service Improvement

• Platform Enhancement: Improve AI accuracy and workflow reliability
• Feature Development: Build new integrations and automation capabilities
• Performance Optimization: Monitor and enhance system performance
• Quality Assurance: Test and validate workflow executions

3.3 Communication and Support

• Customer Support: Respond to your questions and troubleshoot issues
• Service Updates: Notify you about new features, maintenance, or policy changes
• Billing and Account Management: Process payments and manage subscriptions
• Security Alerts: Inform you about potential security issues or unauthorized access

3.4 Legal and Compliance

• Legal Obligations: Comply with applicable laws and regulations
• Terms Enforcement: Ensure compliance with our Terms of Service
• Dispute Resolution: Address legal claims or disputes
• Audit and Compliance: Maintain records for regulatory requirements

4. Data Sharing and Disclosure

4.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4.2 Authorized Sharing

We may share your information only in these circumstances:

• Third-Party Service Providers: Cloud infrastructure, AI service providers, payment processors, analytics providers
• Business Transfers: Mergers, acquisitions, or asset sales under confidentiality agreements
• Legal Requirements: Court orders, government requests, fraud prevention, or to protect rights and safety

4.3 Data Processing Agreements

All third-party service providers are bound by agreements that limit data use, require security safeguards, prohibit unauthorized sharing, and ensure compliance with privacy laws.

4.4 Data Minimization Practices

• Integration Scope Limitation: Request only necessary API permissions, audit unused permissions regularly
• Data Collection Boundaries: Collect only fields needed for workflow execution, implement field-level encryption
• Automated Data Minimization: Use AI to identify minimal data requirements, delete temporary data within 24 hours

4.5 Anonymization and Pseudonymization

1. Data Classification: Separate workflow logic from personal identifiers
2. Extraction: Isolate personal data before processing
3. Transformation: Apply k-anonymity, differential privacy, hashing
4. Validation: Test anonymization effectiveness
5. Audit Trail: Log anonymization processes without storing original data

5. Data Security and Protection

5.1 Security Measures

• Technical Safeguards: End-to-end encryption, MFA, security audits, threat detection
• Administrative Safeguards: Employee background checks, training, incident response
• Physical Safeguards: Secure data centers, restricted access, environmental controls

5.2 Data Retention

• Active Account Data: Retained while account is active
• Workflow Logs: Kept for 90 days
• Backup Data: Retained 30 days after deletion
• Legal Hold Data: Retained as required by law

5.3 Data Breach Response

In the event of a data breach, we will investigate within 24 hours, notify affected users within 72 hours, report to authorities, and provide remediation steps.

6. Third-Party Integrations and Data Access

6.1 Google Services

When you connect Google services, we request minimum permissions, access data only during execution, store data temporarily (<24 hours), and do not share it without consent.

6.2 Other Third-Party Services

Similar principles apply: minimum necessary access, purpose-limited use, secure storage, and user control.

6.3 Revoking Access

You can revoke third-party access in account settings, via the third-party service’s permissions page, or by contacting support.

7. Your Privacy Rights and Choices

7.1 Access and Control

• Access: View personal information we hold
• Correct: Update inaccurate or incomplete information
• Delete: Request deletion of personal data
• Port: Export data in machine-readable format
• Restrict: Limit how we process your data

7.2 Communication Preferences

• Update email preferences in account settings
• Unsubscribe from marketing emails
• Opt out of non-essential notifications
• Contact support to adjust frequency

7.3 Analytics and Tracking

• Opt out of usage analytics and behavior tracking
• Opt out of performance monitoring (may affect service quality)
• Opt out of AI training data contribution
• Opt out of marketing-related data processing

7.4 Exercising Your Rights

To exercise rights, contact us at admin@reasonrail.com with your account details, request specifics, and identity verification.

8. International Data Transfers

8.1 Data Processing Locations

Data is processed primarily in the United States. We do not transfer data outside the U.S. unless required for integrations.

8.2 Transfer Safeguards

• Standard Contractual Clauses (SCCs)
• Adequacy decisions by relevant authorities
• Additional security measures as required
• Regular compliance monitoring and audits

9. Children's Privacy

Our Service is not intended for children under 13 (or 16 in the EU). We do not knowingly collect information from children. If discovered, we will delete it immediately.

10. California Privacy Rights (CCPA)

10.1 Right to Know

You can request details on categories, sources, purposes, and third-party sharing of your personal data.

10.2 Right to Delete

You can request deletion of personal data we collected about you.

10.3 Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights.

10.4 How to Exercise CCPA Rights

Submit requests to admin@reasonrail.com or call [phone number].

11. European Privacy Rights (GDPR)

11.1 Legal Basis for Processing

• Contract: Provide Service as agreed
• Legitimate Interest: Improve Service and prevent fraud
• Consent: When you specifically agree
• Legal Obligation: Comply with laws

11.2 EEA Exclusion

We currently do not serve or process data of EEA residents. If that changes, we will implement GDPR measures.

11.3 Supervisory Authority

You may lodge a complaint with your local data protection authority.

12. Updates to This Privacy Policy

12.1 Policy Changes

We may update this policy to reflect changes in data practices, laws, features, or user feedback.

12.2 Notification of Changes

• Email notification to your registered address
• Prominent in-app or website banner notices
• In-app notification on next login

12.3 Continued Use

Continued use after changes constitutes acceptance of the updated policy.

13. Contact Information

13.1 Privacy Questions

For privacy-related inquiries, email admin@reasonrail.com.

13.2 Response Time

• 5 business days for general questions
• 30 days for formal data requests
• 72 hours for security-related concerns

Last Reviewed: 07/24/2025

Next Review Date: 07/24/2026

*This Privacy Policy is effective as of the date listed above and applies to all users of our Service.*