Privacy Policy

Last updated: February 22, 2026

rebby, Inc. ("rebby," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website at rebby.io, our platform, and our SMS-based rebate processing services (collectively, the "Service").

1. Information We Collect

1.1 Information You Provide

  • Account Information: When you create an account, we collect your name, email address, phone number, organization name, and billing information.
  • Program Data: Information you provide when creating rebate programs, including program names, keywords, rebate amounts, product details, and retailer information.
  • Payment Information: Credit card or other payment details processed through our third-party payment processor (Stripe). We do not store full payment card numbers on our servers.

1.2 Information Collected from End Consumers

  • Phone Numbers: Mobile phone numbers of consumers who text our SMS service to submit rebate claims.
  • Receipt Images: Photos of purchase receipts submitted via SMS for rebate validation.
  • Purchase Data: Information extracted from receipts, including retailer name, products purchased, quantities, prices, and transaction dates.
  • Claim Data: Rebate claim status, validation results, and payout information.

1.3 Information Collected Automatically

  • Usage Data: Pages visited, features used, actions taken within the platform, and timestamps.
  • Device Information: Browser type, operating system, IP address, and device identifiers.
  • Cookies: We use cookies and similar technologies to maintain sessions, remember preferences, and analyze usage patterns.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process rebate claims, including receipt validation and payout delivery
  • Communicate with you about your account, programs, and claims
  • Send transactional SMS messages to end consumers (claim confirmations, payout notifications)
  • Detect and prevent fraud
  • Generate analytics and reporting for your rebate programs
  • Comply with legal obligations
  • Provide customer support

3. AI and Automated Processing

We use artificial intelligence and machine learning technologies (including third-party AI services such as Anthropic's Claude and Veryfi OCR) to validate receipt images, extract purchase data, verify eligibility, and detect potential fraud. Automated decisions may be reviewed by human operators when claims are flagged for manual review.

4. How We Share Your Information

We may share your information with:

  • Service Providers: Third-party vendors who assist in operating the Service, including Twilio (SMS), Stripe (payments), Anthropic (AI validation), Veryfi (OCR), Supabase (hosting), and Vercel (web hosting).
  • Brand Partners: If you are an end consumer, we share claim data with the brand that operates the rebate program you are claiming.
  • Payment Processors: To facilitate rebate payouts via virtual prepaid cards.
  • Legal Requirements: When required by law, regulation, legal process, or governmental request.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets.

We do not sell your personal information to third parties.

5. SMS and TCPA Compliance

Our SMS-based services comply with the Telephone Consumer Protection Act (TCPA) and applicable regulations. End consumers initiate contact by texting our service. We obtain proper consent before sending marketing messages. Consumers may opt out of marketing messages at any time by texting STOP. Transactional messages related to active rebate claims are not affected by marketing opt-outs.

6. Data Retention

We retain account and program data for as long as your account is active or as needed to provide the Service. Claim data, including receipt images and validation results, is retained for a minimum of 3 years for compliance and audit purposes. You may request deletion of your data by contacting us, subject to legal retention requirements.

7. Data Security

We implement industry-standard security measures to protect your information, including encryption in transit (TLS) and at rest, access controls, and regular security assessments. While we strive to protect your data, no method of transmission or storage is 100% secure.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate or incomplete information
  • Request deletion of your personal information
  • Object to or restrict certain processing
  • Data portability
  • Withdraw consent where processing is based on consent

To exercise these rights, contact us at privacy@rebby.io.

9. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information. To make a request, contact us at privacy@rebby.io.

10. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will take steps to delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

rebby, Inc.
Email: privacy@rebby.io
Website: rebby.io