Rallyve
Start free

Legal

Privacy Policy

Last updated: May 13, 2026

Draft — pending legal review

This is an interim template prepared by the engineering team. The final language must be reviewed by qualified counsel under Israeli and applicable foreign law before it is treated as binding.

This Privacy Policy explains how Rallyve ("we", "us") collects, uses, discloses, and protects personal information in connection with the Rallyve task-management platform at task.rallyve.com (the "Service"). We process personal data in accordance with the Israeli Protection of Privacy Law, 5741-1981 and, where applicable, the EU General Data Protection Regulation (GDPR).

1. Who We Are

The data controller is Rallyve. For privacy inquiries, contact privacy@rallyve.com.

2. Information We Collect

2.1 Information you provide

  • Account data: name, email address, password (hashed by Supabase Auth), company name, role.
  • Profile data: display preferences, notification preferences, time-zone, locale.
  • Content data: tasks, events, comments, attachments, custom fields, dashboards you create within the Service.
  • Integration data: OAuth tokens for Google Calendar, Slack workspace identifiers, optional per-organization Gemini API keys.
  • Support communications: messages and feedback you send us.

2.2 Information collected automatically

  • Usage data: pages viewed, actions taken (audit log), timestamps.
  • Device & technical data: IP address, browser type, operating system, referrer URL.
  • Cookies and similar technologies: see the "Cookies" section below.

3. How We Use Information

We use personal data to:

  • Provide, maintain, and improve the Service;
  • Authenticate users and prevent fraud or abuse;
  • Deliver notifications and reminders you have requested;
  • Communicate with you about updates, security alerts, and support;
  • Comply with legal obligations and enforce our Terms;
  • Generate aggregated, anonymized analytics about Service usage.

4. Legal Bases (GDPR)

Where GDPR applies, we rely on the following legal bases:

  • Contract: to provide the Service you signed up for;
  • Legitimate interests: to operate, secure, and improve the Service;
  • Consent: where required (e.g. optional analytics cookies);
  • Legal obligation: to comply with applicable law.

5. Sharing & Disclosure

We share personal data only with the following categories of recipients:

  • Within your Organization: members of your Organization can see content you create within their workspace, per the role-based access controls.
  • Service providers (sub-processors): Supabase (database + auth), Firebase / Google Cloud Run (hosting), Google (Gemini AI when used for AI Import), Slack (when you use the Slack integration), Upstash (rate-limit state).
  • Legal & safety: where required by law, court order, or to protect rights, safety, and property.
  • Business transfers: in connection with a merger, acquisition, or sale of assets, subject to confidentiality.

We do not sell personal data.

6. International Transfers

Our database is hosted in the European Union (Supabase, europe-west4). Where data is transferred to a third country, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions where applicable.

7. Data Retention

We retain Customer Data for as long as your account is active and for a reasonable period afterwards to comply with our legal obligations, resolve disputes, and enforce agreements. Audit logs are retained per your Organization's configured retention period (default 365 days). On account deletion, we initiate a 30-day grace period after which Customer Data is permanently deleted, except where retention is required by law.

8. Your Rights

Subject to applicable law, you may:

  • Access the personal data we hold about you;
  • Request correction of inaccurate data;
  • Request deletion of your data;
  • Export your data in a portable format;
  • Object to or restrict certain processing;
  • Withdraw consent where processing is based on consent;
  • Lodge a complaint with a supervisory authority (in Israel: the Privacy Protection Authority).

To exercise these rights, contact privacy@rallyve.com.

9. Security

We use industry-standard security measures including TLS encryption in transit, encryption at rest for sensitive fields, hashed passwords, multi-factor authentication, role-based access controls, audit logging, and signed-URL access to file attachments. No system is perfectly secure; please report suspected vulnerabilities to security@rallyve.com.

10. Cookies

We use cookies for the following purposes:

  • Essential: authentication session, theme preference, consent state. Required for the Service to function.
  • Analytics: aggregate usage measurement. Only set after you accept analytics cookies in our cookie banner.

You can adjust your preferences at any time via the cookie banner on the homepage.

11. Children

The Service is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, please contact us.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email or an in-app notice. The "Last updated" date at the top reflects the latest revision.

13. Contact

Privacy questions: privacy@rallyve.com. General inquiries: hello@rallyve.com.