Privacy Policy

Last updated: March 29, 2026

rebby, LLC ("rebby," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website at rebby.io, our platform, and our SMS-based rebate processing services (collectively, the "Service").

1. Information We Collect

1.1 Information You Provide

  • Account Information: When you create an account, we collect your name, email address, phone number, organization name, and billing information.
  • Program Data: Information you provide when creating rebate programs, including program names, keywords, rebate amounts, product details, and retailer information.
  • Payment Information: Credit card or other payment details processed through our third-party payment processor (Stripe). We do not store full payment card numbers on our servers.

1.2 Information Collected from End Consumers

  • Phone Numbers: Mobile phone numbers of consumers who text our SMS service to submit rebate claims.
  • Receipt Images: Photos of purchase receipts submitted via SMS for rebate validation.
  • Purchase Data: Information extracted from receipts, including retailer name, products purchased, quantities, prices, and transaction dates.
  • Claim Data: Rebate claim status, validation results, and payout information.

1.3 Information Collected Automatically

  • Usage Data: Pages visited, features used, actions taken within the platform, and timestamps.
  • Device Information: Browser type, operating system, IP address, and device identifiers.
  • Cookies: We use cookies and similar technologies to maintain sessions, remember preferences, and analyze usage patterns.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process rebate claims, including receipt validation and payout delivery
  • Communicate with you about your account, programs, and claims
  • Send transactional SMS messages to end consumers (claim confirmations, payout notifications)
  • Detect and prevent fraud
  • Generate analytics and reporting for your rebate programs
  • Comply with legal obligations
  • Provide customer support

3. AI and Automated Processing

We use artificial intelligence and machine learning technologies (including third-party AI services such as Anthropic's Claude) to validate receipt images, extract purchase data, verify eligibility, and detect potential fraud. Automated decisions may be reviewed by human operators when claims are flagged for manual review.

4. How We Share Your Information

We may share your information with:

  • Service Providers: Third-party vendors who assist in operating the Service, including Twilio (SMS), Stripe (payments), Anthropic (AI processing), Supabase (hosting), and Vercel (web hosting).
  • Brand Partners: If you are an end consumer, we share claim data with the brand that operates the rebate program you are claiming.
  • Payment Processors: To facilitate rebate payouts via virtual prepaid cards.
  • Legal Requirements: When required by law, regulation, legal process, or governmental request.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets.

We do not sell your personal information to third parties. We do not share, sell, or rent mobile phone numbers or any mobile opt-in information with third parties or affiliates for marketing or promotional purposes. The above excludes text messaging originator opt-in data and consent; this information will not be shared with any third parties.

5. SMS and TCPA Compliance

Our SMS-based services comply with the Telephone Consumer Protection Act (TCPA) and applicable regulations:

  • Consent: End consumers initiate contact by texting a rebate keyword to our phone number. This initial message constitutes opt-in consent to receive transactional SMS and MMS messages related to their rebate claim.
  • No SMS marketing: SMS is used exclusively for rebate claim processing. We do not send promotional or marketing messages via SMS. Any promotional communications from participating brands are delivered via email only, with the consumer's separate consent.
  • Opt-out: Consumers may opt out at any time by replying STOP to the number they received messages from. A one-time confirmation is sent and no further messages follow.
  • Help: Consumers may reply HELP at any time to receive program information and support contact details, or email john@rebby.io.
  • Message frequency: A typical rebate claim involves 3–8 messages. No messages are sent outside an active rebate claim.
  • Message and data rates: Standard message and data rates may apply depending on the consumer's mobile carrier and plan.
  • Supported carriers: The service is available on all major U.S. carriers, including AT&T, Verizon, T-Mobile, and others. Carriers are not liable for delayed or undelivered messages.

For complete SMS program details, see our SMS Terms & Conditions.

6. Data Retention

We retain account and program data for as long as your account is active or as needed to provide the Service. Claim data, including receipt images and validation results, is retained for a minimum of 3 years for compliance and audit purposes. You may request deletion of your data by contacting us, subject to legal retention requirements.

7. Data Security

We implement industry-standard security measures to protect your information, including encryption in transit (TLS) and at rest, access controls, and regular security assessments. While we strive to protect your data, no method of transmission or storage is 100% secure.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate or incomplete information
  • Request deletion of your personal information
  • Object to or restrict certain processing
  • Data portability
  • Withdraw consent where processing is based on consent

To exercise these rights, contact us at privacy@rebby.io.

9. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information. To make a request, contact us at privacy@rebby.io.

10. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will take steps to delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

rebby, LLC
Email: privacy@rebby.io
Website: rebby.io