Privacy Policy

Last updated: March 21, 2026

1. Introduction

ReactWolf Engineering LLC ("ReactWolf", "we", "us", or "our") operates the ReactWolf platform accessible at app.reactwolf.com. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

Account Information: When you register, we collect your name, email address, and password (stored as a BCrypt hash). We never store your password in plain text.

POS Data: When you connect your Clover or Square account, we access transaction data (payment amounts, timestamps, payment methods), order data (line items, discounts, voids), employee data (names, IDs, shift information), inventory/catalog data (item names, prices, stock levels), and merchant data (business name, locations, business hours). This data is accessed via secure OAuth authorization and is used solely for providing our analytics and loss prevention services.

Usage Data: We collect information about how you interact with our platform, including pages visited, features used, and session duration.

Two-Factor Authentication: TOTP secrets are encrypted with AES-256-GCM before storage. Backup codes are stored as BCrypt hashes.

3. How We Use Your Information

We use the information we collect to:

Detect anomalies and suspicious transaction patterns using machine learning models
Calculate employee risk scores and behavioral baselines
Generate upsell recommendations from your product catalog
Provide real-time dashboards, alerts, and AI-powered business intelligence
Send email notifications for anomaly alerts (via Resend API)
Improve our machine learning models using anonymized, aggregated data

4. Data Sharing

We do not sell, trade, or rent your personal or business data to third parties. We share data only with:

Groq API — Transaction summaries (no personal identifiers) are sent to generate AI-powered insights and recommendations
Resend — Your email address is used to send verification emails and anomaly alerts
Infrastructure providers — DigitalOcean (hosting), Supabase (database) process data on our behalf under strict data processing agreements

We will disclose information if required by law or to protect the rights, property, or safety of our users.

5. Data Security

We implement industry-standard security measures including:

TLS encryption for all data in transit (Let's Encrypt certificates)
AES-256-GCM encryption for sensitive data at rest (TOTP secrets)
BCrypt hashing for passwords and backup codes
Mandatory two-factor authentication for all user accounts
Zero-trust Kubernetes network policies restricting inter-service communication
OAuth 2.0 for POS integrations (we never store your Clover or Square password)
Webhook signature verification (HMAC-SHA256) to prevent spoofing

6. Data Retention

We retain your transaction and analytics data for as long as your account is active. Upon account deletion, all associated data is permanently removed within 30 days. You may request data export or deletion at any time by contacting info@reactwolf.com.

7. Your Rights

You have the right to:

Access the personal and business data we hold about you
Request correction of inaccurate data
Request deletion of your data
Revoke POS OAuth access at any time through your Clover or Square account settings
Opt out of email notifications

8. Cookies

We use essential cookies and local storage for authentication (JWT tokens) and session management. We do not use third-party tracking cookies or advertising cookies.

9. Children's Privacy

ReactWolf is not intended for use by individuals under 18 years of age. We do not knowingly collect data from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice on our platform. Continued use after changes constitutes acceptance.

11. Contact Us

If you have questions about this Privacy Policy, contact us at:
Email: info@reactwolf.com
Website: www.reactwolf.com