Privacy Policy

This Privacy Policy explains how Rebell Way collects, uses, stores, shares, and protects personal data when you use our website, platform, application, and related services.

The platform is operated by:

Elixir Group S.A. Burakowska 16B lok. U1 01-066 Warsaw Poland NIP: 9471899016

This Privacy Policy applies to users of the Rebell Way website and platform, including both Business Users and Consumers.

The data controller is:

Elixir Group S.A. Burakowska 16B lok. U1 01-066 Warsaw Poland NIP: 9471899016

You may contact us through the contact form or communication channels made available on the website or inside the platform. You may also contact us by post at the address above.

We may collect and process the following categories of personal data.

Account data

name, email address, password hash, authentication details, user ID, workspace membership, user role and permissions, account status, login and logout activity.

Workspace and article data

workspace name, client names, article titles, article IDs, article briefs, prompts and instructions, keywords, author names, article statuses, generated article drafts, article HTML, SEO metadata, excerpts, publication information, external post IDs and URLs, editing history and workflow data.

Billing and transaction data

selected package, number of article credits purchased, number of credits used, payment status, transaction history, billing records, invoice-related information, payment provider customer identifiers, payment provider metadata.

Technical and usage data

IP address, browser type, device information, user agent, operating system, request metadata, session data, security logs, error logs, API request logs, timestamps of key actions, information about generated drafts, status changes, and publication attempts.

Communication data

support requests, messages sent to us, feedback, information provided in forms, correspondence related to the service.

Cookies and analytics data

Depending on the tools enabled on the website or platform, we may collect cookies, analytics identifiers, page views, product usage events, and similar technical data.

We process personal data to:

• create and manage user accounts,
• authenticate users,
• provide access to the platform,
• manage workspaces,
• generate article drafts,
• process article briefs and prompts,
• manage article workflow and statuses,
• export or publish content,
• process payments and article credits,
• display billing and transaction history,
• provide support,
• respond to user requests,
• secure the platform,
• detect fraud, abuse, and unauthorised access,
• maintain technical logs,
• troubleshoot errors,
• improve reliability and functionality,
• communicate service-related updates,
• comply with tax, accounting, legal, and regulatory obligations.

Where GDPR applies, we process personal data based on the following legal bases.

Performance of a contract

We process data to provide the platform, manage accounts, generate content, process article credits, handle payments, and deliver services requested by users.

Legitimate interests

We process data for legitimate business interests, including securing the platform, preventing fraud and abuse, maintaining logs, debugging and improving the service, handling support requests, protecting our legal rights, and improving product reliability and user experience.

Legal obligation

We process data where required to comply with tax, accounting, legal, regulatory, or reporting obligations.

Consent

We rely on consent where required, for example for certain cookies, optional marketing communications, or optional integrations.

You may withdraw consent at any time where processing is based on consent.

Rebell Way uses LLM engines and automated systems to generate or assist with generating content.

To provide the service, we may process and send article briefs, prompts, instructions, keywords, titles, excerpts, article content, SEO metadata, and related workspace data to AI service providers or automation tools.

These providers may include OpenAI, Anthropic, Google, or similar AI/LLM providers.

Generated Content may be inaccurate, incomplete, outdated, misleading, or unsuitable for publication without human review. You are responsible for reviewing and approving all Generated Content before use.

Payments may be processed by Stripe or other payment processors.

When you make a purchase, payment-related data may be processed directly by the payment provider. We may receive information such as payment status, transaction ID, package purchased, customer ID, amount, currency, and billing metadata.

We do not store full payment card details.

Payment processors act as independent controllers or processors depending on the context and their own terms and privacy policies.

We may use third-party providers to host, store, process, automate, or secure the service.

These providers may include:

• Railway or similar hosting infrastructure providers,
• MongoDB Atlas or similar database providers,
• n8n or similar automation providers,
• Stripe or similar payment providers,
• OpenAI, Anthropic, Google, or similar AI providers,
• logging, analytics, security, and monitoring providers.

These providers may process personal data only as necessary to provide their services to us or as otherwise described in their own terms.

We may share personal data with:

• hosting providers,
• database providers,
• payment processors,
• AI/LLM providers,
• automation providers,
• analytics providers,
• error monitoring and logging tools,
• email and communication providers,
• professional advisers,
• legal or tax advisers,
• public authorities where required by law,
• third-party systems selected or configured by the user for publication or integration.

We do not sell personal data.

Some service providers may process personal data outside Poland, the European Union, or the European Economic Area.

Where required, we use appropriate safeguards, such as standard contractual clauses or equivalent legal mechanisms, to protect transferred personal data.

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy.

Typical retention periods include:

• account data: for the duration of the account and a reasonable period after closure,
• billing and transaction data: for the period required by tax and accounting law,
• article and workspace data: while the workspace is active or until deleted, subject to backups and legal obligations,
• logs: for security, troubleshooting, audit, and operational purposes for a limited period,
• support messages: for as long as necessary to handle the request and maintain business records,
• consent records: for as long as needed to demonstrate compliance.

Where exact retention periods cannot be stated, we determine them based on the type of data, purpose of processing, legal requirements, operational needs, and user expectations.

Depending on your location and applicable law, you may have the right to:

• access your personal data,
• receive a copy of your personal data,
• correct inaccurate data,
• request deletion,
• restrict processing,
• object to processing,
• withdraw consent,
• request data portability,
• lodge a complaint with a data protection authority.

If you are located in Poland, you may lodge a complaint with the President of the Personal Data Protection Office.

To exercise your rights, contact us through the contact form or communication channels made available on the website or inside the platform, or by post at the address listed above.

We may need to verify your identity before responding.

We use technical and organisational measures designed to protect personal data, including:

• access controls,
• authentication,
• password hashing,
• encrypted transport where applicable,
• operational logging,
• security monitoring,
• restricted access to production systems,
• provider-level infrastructure security.

However, no online service is completely secure. You are responsible for keeping your login credentials confidential and for controlling access to your workspace.

We may use cookies and similar technologies to:

• keep users logged in,
• secure sessions,
• remember preferences,
• analyse website traffic,
• improve the service,
• support marketing or product analytics where enabled,
• diagnose technical issues.

Where required by law, we will ask for your consent before using non-essential cookies.

You can manage cookies through your browser settings or, where available, through cookie controls on the website.

Rebell Way is not intended for children.

You must not use the platform if you are below the age required to enter into a binding agreement or if you are not authorised to use the platform on behalf of an organisation.

The platform may contain links to third-party websites or allow users to publish content to external systems.

We are not responsible for the privacy practices, content, security, or availability of third-party websites, CMS systems, APIs, or services.

If you configure an integration or publish content to a third-party system, that third-party system may process data according to its own terms and privacy policy.

We may update this Privacy Policy from time to time.

The latest version will be made available on the website or inside the platform. If changes are material, we may notify users by email, in-app notice, or another appropriate method.

You may contact Elixir Group S.A. regarding privacy matters through the contact form or communication channels made available on the website or inside the platform, or by post at:

Elixir Group S.A. Burakowska 16B lok. U1 01-066 Warsaw Poland