Privacy Policy
Last updated: June 2, 2026
Rindler operates infrastructure that lets AI agents interact with third-party websites on behalf of a user. This page describes what we collect, why, who we share it with, and the rights you have over it. We try to keep it short and specific rather than long and hedged.
Who this applies to
This policy covers:
- End users of chat.rindler.ai ("the chat app"), where you can sign in and ask an AI agent to perform tasks on your behalf.
- Merchants and operators using app.rindler.ai ("the dashboard"), where you manage your site's Rindler integration and see traffic from AI agents.
- Visitors to rindler.ai ("the marketing site").
What we collect
Account data. When you sign in via Clerk (our authentication provider), we receive your email address, name, profile image (if set on your identity provider), and Clerk user ID. We never see your password.
Chat content. Messages you send to the chat app, files you upload, and the model's responses. We persist these so you can revisit past conversations and so the agent can carry context across turns. Tool calls the agent makes and the live page content it observes are persisted alongside the conversation.
Browser session data. When you grant the chat app permission to act on a third-party site (Instacart, a job board, etc.) by completing a login flow inside a Rindler-managed browser, we extract the resulting session cookies, encrypt them with AES-256-GCM, and store the encrypted state in our database. Cookies are decrypted only when the chat app reuses the authenticated session on your behalf.
Telemetry. Operational logs (request paths, timings, error fingerprints), aggregate counters (number of sessions per site per day), and crash reports with sensitive fields redacted server-side before they are sent to Sentry.
What we do not collect. We do not collect payment-card numbers. Rindler does not process payments; carts are handed off to the third-party site for the user to check out on directly. We do not run ad-network trackers, fingerprinting beacons, or session-replay tools.
How AI providers receive your messages
The chat app routes your messages, the system prompt, and the agent's tool-call results through a large-language-model provider. Today we use:
- Anthropic (Claude models) — operating under their standard API terms. Anthropic's default API tier does not use customer inputs to train their models.
- OpenAI (GPT models) — operating under their standard API terms. Rindler sends the OpenAI request with
store: falseset, which opts the request out of OpenAI's default 30-day input/output retention.
Both providers process messages strictly to generate a response and may briefly retain content for abuse-detection purposes per their policies. We do not send your name, email, or Clerk user ID to either provider as request metadata.
Sub-processors
The following service providers process data on Rindler's behalf. We update this list when we add or remove a vendor.
- Clerk — authentication, session management, and merchant-invite metadata. Data: email, name, profile image, Clerk user ID.
- Anthropic — LLM inference for the chat agent. Data: chat messages, system prompt, tool results.
- OpenAI — LLM inference for the chat agent when an OpenAI model is selected. Data: chat messages, system prompt, tool results. We send
store: falseto suppress default retention. - Railway — application hosting (Go MCP server, Next.js apps), managed Postgres, managed Redis. Data: everything Rindler stores at rest.
- Sentry — error monitoring. Data: stack traces, request metadata. Cookies, auth headers, and chat content are stripped before submission by a server-side scrubber.
- Cloudflare — CDN and edge functions for the marketing site (rindler.ai). Data: standard CDN access logs (IP, user agent, request path).
- Kernel — managed cloud browser used to run authenticated and high-stealth-tier sessions. Data: the third-party URL being visited and, for authenticated sessions, the session cookies for that site.
- Browserbase — fallback managed cloud browser used when Kernel is unavailable. Same data scope as Kernel.
- Infisical — secrets management. Stores service credentials (API keys, encryption keys); does not receive end-user data.
Your rights
Regardless of where you live, you can:
- Request a copy of the data we hold about you.
- Request correction of inaccurate data.
- Request deletion of your account and the chat history associated with it. We honor these within 30 days.
- Revoke any authenticated browser session you set up — this deletes the encrypted cookie record so we can no longer act on your behalf at that site.
Residents of the EU/UK (GDPR) and California (CCPA/CPRA) have additional rights including data portability and, for California residents, the right to opt out of any "sale" or "share" of personal information. Rindler does not sell or share personal information with advertisers or data brokers.
To exercise any of these rights, email founders@rindler.ai from the address on your account. We verify identity through Clerk before fulfilling deletion or export requests.
Retention
Chat history is retained for the lifetime of your account. You can delete individual conversations from the chat app or request full deletion via the address above. The chat app exposes a per-user "auto-delete" preference (7, 30, or 90 days, or off).
Encrypted browser sessions are retained until the underlying third-party cookie expires or you revoke the session. We do not refresh expired sessions silently.
Operational telemetry (error fingerprints, aggregate counters) is retained for up to 12 months for reliability work, with PII-bearing fields redacted server-side before persistence.
Security
Browser session cookies are encrypted at rest with AES-256-GCM and a per-user derived key. The encryption key is held in our secrets manager and is never logged or returned in API responses. Production access to the encrypted database is limited to the engineering team via signed-in Railway access; we record an audit trail of any direct database session.
We do not claim certifications we have not earned. Rindler is not currently SOC 2, HIPAA, or PCI certified. We are happy to walk an enterprise procurement team through our actual posture on request.
Children
Rindler is not directed at children under 13 and we do not knowingly collect data from them. If you believe a child has created an account, email founders@rindler.ai and we will delete it.
Changes to this policy
We will update the "Last updated" date and the sub-processor list when material changes occur. For changes that meaningfully expand how we use data, we will email signed-in users at least 14 days before the change takes effect.
Contact
Privacy questions: founders@rindler.ai. Security reports: founders@rindler.ai. Mailing address available on request.
Plain-English notice: this page is intentionally specific. If a claim here turns out to be inaccurate, that is a bug — please report it to founders@rindler.ai and we will correct it promptly.