ReguSift Privacy Policy

Effective Date: 2026-06-09·Version 1.0.0·Entity: YQGate Inc.·Jurisdiction: State of Delaware, United States

content-hash: fnv1a32:ae6e325e

1. Introduction and Scope

This Privacy Policy describes how YQGate Inc. ("YQGate," "we," "our," or "us"), the operator of the ReguSift service, collects, uses, retains, discloses, and protects information about you when you visit, register for, or use the Service. The Service is operated from the United States and is intended for business users ("B2B"). The terms "you" and "your" refer to the individual or business entity that creates an account or uses the Service on behalf of such entity. By using the Service, you agree to this Privacy Policy. If you are entering into this Privacy Policy on behalf of a company or other legal entity, you represent and warrant that you have the authority to bind that entity to this Privacy Policy, in which case "you" refers to that entity. Capitalized terms that are not defined in this Privacy Policy have the meanings given in the Terms of Service.

2. Information We Collect

We collect the following categories of information, depending on how you use the Service. (a) Account information that you provide during registration, including your name, business email, password (hashed), company name, brand domain, and time zone. (b) Profile and usage information, including your subscription tier, account preferences, dashboard configuration, language and locale, and history of AI rewrite and AI scan operations. (c) Content you upload, including formulas, ingredient lists, claims, label artwork, Certificates of Analysis, product images, and any other files you submit. We treat your Content as Confidential Information. (d) Commercial-sensitive information, including supplier identities, pricing, cost structures, contract terms, COA results, and proprietary formulation ratios. We do not use this information to train general AI models and we do not share it with third parties other than the named processors described in Section 5. (e) Payment information, which is collected and stored by PayPal; we receive only a transaction identifier, the last four digits of the payment instrument, the billing country, and the status of each charge. (f) Communications, including emails, support tickets, survey responses, and in-product feedback. (g) Device and connection information, including IP address, browser type, operating system, referrer URL, pages visited, and timestamps. (h) Cookies and similar technologies, as described in our Cookie Notice. We do not collect any Protected Health Information (PHI) or other health data subject to heightened legal protection. Uploading PHI is strictly prohibited and is a material breach of the Terms of Service.

3. Sources of Information

We collect information directly from you when you create an account, upload Content, contact support, or otherwise interact with the Service. We also collect information automatically through your use of the Service (server logs, cookies, similar technologies). We may collect information about you from third parties, including (a) PayPal, which provides us with payment status and transaction identifiers; (b) Supabase, which provides us with authentication events; and (c) optional third-party sign-in providers (if you choose to use them), which provide us with your basic profile information. We do not purchase personal information from data brokers.

4. How We Use Your Information

We use the information we collect for the following purposes: (a) to provide, operate, maintain, secure, and improve the Service, including the AI Scanner, AI Rewriter, Label Generator, and the rule set used to power them; (b) to process your subscription and payment transactions; (c) to authenticate you, manage your account, and respond to your requests; (d) to send you service-related communications, including renewal reminders, security alerts, important policy change notifications, and customer support responses; (e) to send you marketing communications, only if you have opted in or as otherwise permitted by law, and to provide you with the ability to opt out at any time; (f) to detect, prevent, and address fraud, abuse, security incidents, and violations of our Terms of Service; (g) to comply with applicable law, regulation, court order, or governmental request; (h) to enforce our Terms of Service and other agreements, including the collection of amounts owed; (i) to de-identify, aggregate, and analyze usage trends in a manner that does not identify you or your Content; and (j) for any other purpose disclosed to you at the time of collection or with your consent. We do not use your Content to train general-purpose AI models. We do not use your Content for advertising.

6. Payment Data and PayPal

When you pay for a paid Plan or one-time Order, your full payment card or PayPal credentials are submitted directly to PayPal and are never received, stored, transmitted, or processed by YQGate. We receive only the information PayPal provides to merchants under its standard API, including a transaction identifier, the last four digits of the funding instrument, the billing country, the charge status, and (in case of a dispute or refund) the dispute reason. We do not store full card numbers, CVVs, bank account numbers, or PayPal passwords. We are not responsible for the security of your payment credentials once submitted to PayPal, and we encourage you to review PayPal's Privacy Statement.

Payment Processing and Seller of Record

All payment processing for the Service is performed by PayPal Holdings, Inc. and its affiliates ("PayPal") under a direct merchant agreement between YQGate Inc. and PayPal. YQGate Inc. is the seller of record for all subscriptions and one-time purchases. PayPal is a payment processor only and is not the seller of record, distributor, or co-vendor of the Service. Your payment card or PayPal account credentials are submitted directly to PayPal and are never received, stored, transmitted, or processed by YQGate Inc. You should review PayPal's User Agreement and Privacy Statement for the terms and privacy practices applicable to your payment relationship with PayPal. Because we do not currently use automated sales tax, GST, or VAT calculation tools, you may be charged a base subscription price that excludes transaction taxes; you are responsible for self-assessing and remitting any applicable use tax, value-added tax, goods and services tax, consumption tax, or similar transaction tax to your local tax authority unless PayPal collects such tax at checkout in your jurisdiction.

7. How We Share Your Information

We share your information only as described below. (a) Service providers (processors) that perform services on our behalf, including: Vercel Inc. (hosting, serverless functions, edge network); Supabase Inc. (database, authentication, file storage); OpenAI, L.L.C. (AI rewriter and AI scanner API; we have a Data Processing Addendum in place, and OpenAI does not use your Content to train its models); Amazon Web Services, Inc. (text extraction / OCR and image processing for label parsing; raw bytes are not stored on AWS beyond processing); Sentry (error monitoring and observability); and Postmark / Resend (transactional email). Each processor is contractually obligated to protect your information with safeguards no less protective than those in this Privacy Policy. (b) PayPal for payment processing. (c) Affiliates, meaning YQGate Inc. and any future parent, subsidiary, or affiliated company, for the purposes described in this Privacy Policy. (d) Business transfers, meaning a buyer, successor, or assignee in connection with a merger, acquisition, reorganization, sale of assets, or similar transaction, in which case we will require the recipient to honor this Privacy Policy. (e) Legal and safety, meaning when we believe in good faith that disclosure is necessary to comply with applicable law, regulation, court order, or governmental request; to enforce our Terms of Service; or to protect the rights, property, or safety of YQGate, our users, or others. (f) With your consent or at your direction. We do not sell personal information for money or other valuable consideration, and we do not share personal information for cross-context behavioral advertising. We do not disclose PHI because we do not collect PHI.

8. AI Processing and Subprocessors

The AI Rewriter and AI Scanner features of the Service use third-party large language models, primarily OpenAI, L.L.C., accessed through OpenAI's commercial API. We send your Content to OpenAI only when you actively invoke an AI feature, and only the minimum text necessary to complete the requested operation. We have a Data Processing Addendum with OpenAI that (a) prohibits OpenAI from using your Content to train, fine-tune, or improve any general-purpose AI model, (b) limits OpenAI's retention of your Content to the minimum time necessary to complete the API call plus a short abuse-monitoring window (typically 30 days), and (c) requires OpenAI to implement appropriate security safeguards. We also send images and PDFs to Amazon Web Services for text extraction (AWS Textract); the raw bytes are not stored beyond the duration of the API call. We do not send your Content to any other third-party AI provider without updating this Privacy Policy and, where required, obtaining your renewed consent. You acknowledge that AI output may be similar across users and that we do not warrant the originality of any AI output.

HIPAA and Personal Health Information Restriction

LabelSift is a business-to-business ("B2B") compliance tool and is not a HIPAA-covered entity, business associate, or business associate subcontractor. The Service is not designed, marketed, certified, or warranted as compliant with the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), the Health Information Technology for Economic and Clinical Health Act ("HITECH"), the EU General Data Protection Regulation ("GDPR") provisions governing health data, or any other law regulating the processing of personal health information. You are strictly prohibited from uploading, submitting, transmitting, or processing through the Service any "Protected Health Information" ("PHI") as defined under 45 CFR 160.103, any "personal health data" subject to GDPR Article 9, any "consumer health data" subject to the Washington My Health My Data Act or similar state laws, or any other data subject to heightened health-data legal protections. The Service may be used only with formulation, ingredient, manufacturing, and business information that is not personal health information.

9. Cross-Border Data Transfers

YQGate Inc. is a Delaware corporation. The Service is operated from the United States, and your Content and personal information are primarily processed and stored in the United States (Supabase US East, AWS US East, Vercel US edge). If you access the Service from outside the United States, including from the EEA, the United Kingdom, Switzerland, or China, you acknowledge that your information will be transferred to, stored in, and processed in the United States, which may have data protection laws that differ from those of your home jurisdiction. We rely on the European Commission's Standard Contractual Clauses (Decision 2021/914) and the UK International Data Transfer Addendum for transfers from the EEA, the UK, and Switzerland to the United States. We also conduct transfer impact assessments as required. If you are located in the People's Republic of China, please note that the cross-border transfer of personal information is governed by the PRC PIPL and the CAC Measures; we currently do not offer a mainland-China-specific data localization option, and you should not upload personal information subject to heightened PIPL protections through the Service without first contacting us.

Cross-Border Transfer and Data Residency

Your data may be stored on servers located in the United States or other jurisdictions. Where your data is transferred outside of your home jurisdiction, LabelSift will take reasonable measures to protect that data, including, without limitation, encryption in transit and at rest, access controls, and (where required by applicable law) Standard Contractual Clauses, data protection impact assessments, or other appropriate legal mechanisms. You understand and agree that, to the extent necessary to provide the Service, your data may be transferred to and processed in different jurisdictions, including the United States, where LabelSift's primary cloud infrastructure is located. If you have specific requirements regarding cross-border data transfer, please consult a compliance advisor before uploading sensitive data.

10. Your Rights and Choices

Subject to applicable law, you have the right to (a) request access to the personal information we have collected about you; (b) request correction of inaccurate or incomplete personal information; (c) request deletion of personal information, subject to statutory exceptions; (d) request restriction of processing in specific circumstances; (e) request portability of your personal information in a structured, commonly used, machine-readable format; (f) object to processing based on our legitimate interests, including objection to direct marketing at any time; and (g) withdraw any consent you have provided. Trade secret and commercial-sensitive carve-out: to the extent you have shared trade secrets, formulations, supplier identities, or pricing with us through the Service, we will treat such information as Confidential Information and may decline deletion requests where deletion would adversely affect your legitimate trade secret interests, in accordance with GDPR Art. 17(3)(b) and analogous U.S. law (Defend Trade Secrets Act, Uniform Trade Secrets Act). You may exercise your rights by emailing privacy@regusift.com. We will respond to verifiable requests within the time period required by applicable law (typically 30 to 45 days). You may also lodge a complaint with your local data protection authority.

11. Data Security

We implement reasonable administrative, technical, and physical safeguards designed to protect your personal information and your Content against unauthorized access, use, disclosure, alteration, or destruction. These safeguards include TLS 1.2+ in transit, AES-256 at rest, role-based access controls, multi-factor authentication for administrative accounts, separation of production and non-production environments, audit logging of administrative actions, regular vulnerability scanning, and a written incident response plan. However, no system is completely secure, and we do not warrant absolute security. In the event of a personal data breach affecting you, we will notify you and the applicable regulators as required by law. You are responsible for (a) choosing a strong password and keeping it confidential; (b) enabling multi-factor authentication if available; (c) reviewing your account activity regularly; and (d) maintaining offline copies of your own formulas, COAs, and other business records.

12. Data Retention

We retain your personal information and your Content for as long as your account is active. After account closure, we delete your personal information and your Content from our production systems within thirty (30) days, except (a) where retention is necessary to comply with a legal, tax, accounting, or regulatory obligation (for example, we retain transaction records for at least seven (7) years for tax and audit purposes); (b) where retention is necessary to resolve disputes, enforce our agreements, or protect legal rights; or (c) where retention is required for backups stored in encrypted, access-controlled form for an additional period not to exceed ninety (90) days. AI Output you have explicitly exported from the Service (e.g., downloaded PDFs) is not deleted from your local devices by us; if you have stored AI Output within your account and wish for it to be deleted, you must remove it from your account before closure, or contact us to request deletion. We do not retain PHI, because we do not collect PHI.

13. Children's Privacy

The Service is a B2B tool intended for use by businesses, brands, contract manufacturers, and regulatory consultants. It is not directed to children under the age of 13 (or 16 in the EEA / UK). We do not knowingly collect personal information from children. If you believe that a child has provided personal information to us, please contact us at privacy@regusift.com, and we will delete the information as soon as possible. California residents under 18 may request removal of content they have posted, as described in the California Addendum.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make a material change, we will notify you through the Service, by email, or by other reasonable means at least thirty (30) days before the change takes effect, except where a shorter notice period is required by law. Your continued use of the Service after the effective date of the updated Privacy Policy constitutes your acceptance of the updated terms. The "Last updated" date at the top of this Privacy Policy reflects the most recent revision.

15. How to Contact Us

If you have any questions, comments, or requests regarding this Privacy Policy, our processing of your personal information, or your rights, please contact us at: YQGate Inc., Attn: Data Protection Officer, email privacy@regusift.com. For general support, please contact support@regusift.com. For legal notices, please contact legal@regusift.com. Postal mail: YQGate Inc., c/o Registered Agent of Record, 8 The Green, Suite #5199, Dover, DE 19901, United States. EEA and UK data subjects may also contact their local data protection authority. California residents may also contact the California Attorney General.

Related Legal Documents