Last updated: January 1, 2025
Rehuman Ltd ("Rehuman," "we," "us," or "our") operates the website at rehuman-uk.com and the Rehuman insurance wallet platform (together, the "Service"). We are registered in England and Wales. Our registered office is in London, UK.
This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you use the Service, and sets out your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
We are the data controller for the personal data you provide to us. As an FCA-registered firm, we are also subject to the FCA's data handling requirements, which we observe alongside our obligations under UK data protection law.
We encourage you to read this document carefully. If you have questions about anything in it, contact us at hello@rehuman-uk.com before using the Service.
We collect personal data in the following categories:
When you register for a Rehuman account, we collect your name, email address, and a password (stored in hashed form). If you register through an OAuth provider (Google or Microsoft), we receive your name and email from that provider. We do not store OAuth access tokens after the initial authentication exchange.
The core function of the Service is to store, parse, and analyse your insurance policy documents. When you upload a policy document or grant email access for policy detection, we process the following data contained in or derived from those documents: insured name and address, policy numbers and insurer details, coverage types, limits and excess amounts, exclusions and endorsements, renewal dates, premium amounts, and named beneficiaries or additional insureds where stated.
This data is derived from documents you provide. You control what you upload. We do not access insurer systems directly or retrieve data from insurers without your explicit instruction in each instance.
If you grant Rehuman read access to your Gmail or Outlook inbox for the purpose of automatic policy detection, we access only messages identified as containing insurance policy documents. We identify candidate messages by subject line and sender patterns; we do not read, store, or process the body content of any message not identified as containing an insurance document.
We request OAuth scopes that allow read-only access to email metadata and message content for identified messages. We do not request access to contacts, calendar data, or any other email account data. You can revoke this access at any time from your email provider's account settings or from within the Rehuman platform, and we will cease email access immediately on revocation.
We collect standard server log data when you use the Service: IP address, browser type and version, pages visited, timestamps of actions, and error logs. This data is used for service operation, security monitoring, and aggregate usage analytics. It is not used for individual behavioural profiling.
Subscription payments are processed by Stripe. We do not store card numbers, CVV codes, or full payment card data. We store only the Stripe customer identifier, subscription status, and billing history necessary to manage your account. Stripe's Privacy Policy governs how they handle your payment data.
When you contact us by email, through the contact form, or via any support channel, we retain the content of those communications and your contact details for the purpose of responding to your enquiry and maintaining a record of our interactions.
We process your personal data for the following purposes and on the following legal bases under UK GDPR:
We process your account data, policy documents, and email access data to provide the core features of the Rehuman platform: policy storage, AI-powered extraction and analysis, gap detection, renewal alerts, and the AI Q&A interface. The legal basis for this processing is the performance of a contract with you (Article 6(1)(b) UK GDPR).
We use aggregated and anonymised usage data and anonymised model evaluation data to improve the accuracy of our document parsing and AI analysis systems. The legal basis is our legitimate interest in improving the Service for all users (Article 6(1)(f) UK GDPR). Individual policy documents are not used for model training without your explicit consent. Anonymised, non-attributable patterns from document structure (not content) may be used to improve extraction accuracy.
We process usage data and account activity data to detect and prevent unauthorised access, fraud, and abuse. The legal basis is our legitimate interest in protecting the Service and its users (Article 6(1)(f) UK GDPR).
We may process personal data where necessary to comply with our legal obligations under applicable law, including FCA requirements, anti-money laundering regulations, and obligations to respond to lawful requests from public authorities. The legal basis is compliance with a legal obligation (Article 6(1)(c) UK GDPR).
If you opt in to marketing communications, we will send you emails about Rehuman product updates, new features, and relevant insurance insights. The legal basis is your consent (Article 6(1)(a) UK GDPR). You can withdraw consent at any time by clicking "Unsubscribe" in any marketing email or by contacting us at hello@rehuman-uk.com.
We do not sell your personal data. We share personal data only in the following circumstances:
We engage third-party processors to operate the Service. These processors are bound by data processing agreements and may only process your data on our documented instructions. Current processors include:
We may disclose personal data where required to do so by law, regulation, legal process, or governmental request, including requests from the FCA, ICO, HMRC, or law enforcement. Where we are permitted by law to notify you before such disclosure, we will do so.
In the event of a merger, acquisition, or sale of all or substantially all of our assets, personal data may be transferred to the acquiring entity. We will notify you in advance of any such transfer and provide the opportunity to delete your account before the transfer takes effect.
We may share your data in other circumstances with your explicit prior consent, which you are free to withdraw at any time.
We retain personal data for as long as necessary to provide the Service and comply with our legal obligations. Specific retention periods:
You may request deletion of your data at any time (see Section 7). Where we are required to retain data by law, we will retain the minimum necessary and restrict its use to compliance purposes only.
We implement technical and organisational measures proportionate to the risk presented by the data we handle. Specific measures include:
Despite these measures, no system is entirely immune to security incidents. If we become aware of a breach affecting your personal data, we will notify you and the ICO as required by law. We will notify affected users within 72 hours of confirming a breach that poses a risk to your rights and freedoms.
As a data subject under UK GDPR, you have the following rights. To exercise any of them, contact us at hello@rehuman-uk.com with the subject line "Data Subject Request." We will respond within one calendar month.
You have the right to request a copy of the personal data we hold about you. We will provide this in a machine-readable format where technically feasible.
You have the right to request correction of inaccurate personal data we hold about you. Where data has been derived from a document you uploaded (and the document itself contains the inaccuracy), we will correct both the source record and the extracted data.
You have the right to request deletion of your personal data where there is no legitimate reason for us to continue processing it. You can delete your account and all associated data at any time through the account settings page. Account deletion initiates a 30-day purge cycle. Legal retention obligations (Section 5) may result in certain records being retained in restricted form.
You have the right to request that we restrict processing of your personal data in certain circumstances, such as while the accuracy of data is contested or while an objection to processing is considered.
You have the right to receive the personal data you have provided to us in a structured, commonly used, machine-readable format. This applies to data processed on the basis of consent or contract performance. We provide policy data exports in JSON and CSV formats from the account settings page.
You have the right to object to processing based on our legitimate interest. We will cease such processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or for the establishment, exercise, or defence of legal claims.
Rehuman does not make automated decisions about you that produce legal or similarly significant effects. The AI analysis and gap detection features are informational tools — they surface information for your consideration, not decisions that affect your insurance cover.
We use cookies and similar tracking technologies on rehuman-uk.com. For full details of the cookies we use, their purpose, and how to manage them, please read our Cookie Policy.
We store and process data primarily within the UK and EU. Where we use processors that operate outside the UK/EU (OpenAI's infrastructure operates from the United States), we ensure appropriate safeguards are in place through Standard Contractual Clauses (SCCs) as approved by the ICO for UK-to-third-country transfers. We do not transfer data to countries without an adequacy decision or appropriate safeguards.
The Rehuman Service is intended for adults aged 18 and over. We do not knowingly collect personal data from individuals under 18. If you become aware that a person under 18 has provided us with personal data without parental consent, please contact us at hello@rehuman-uk.com and we will delete the data promptly.
We may update this Privacy Policy from time to time. We will notify you of material changes by email to the address associated with your account at least 14 days before the changes take effect. The "Last updated" date at the top of this page will reflect the date of the most recent revision. Your continued use of the Service after the effective date of any change constitutes acceptance of the updated policy.
If you believe we have handled your personal data incorrectly, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection. ICO website: ico.org.uk. ICO helpline: 0303 123 1113.
We encourage you to contact us first at hello@rehuman-uk.com so we have the opportunity to address your concern before you escalate to the ICO.
For any questions about this Privacy Policy or our data handling practices: