Privacy Policy
Last updated: May 2026
RAIL ("we", "our", or "us") is a fashion production management platform. This Privacy Policy explains how we collect, use, and protect your information when you use our service at rail.pro.
1. Information We Collect
We collect the following types of information:
- Account information: Email address and name when you create an account via email or Google OAuth.
- Project data: Information you enter into the platform — project details, team members, brand loans, schedules, moodboards, and lookbooks.
- PR Contacts: Contact information (names, email addresses, agency/brand names) that you add manually or import via Gmail.
- Uploaded files: Images and PDF files you upload to moodboards, lookbooks, or brand loan entries.
2. Gmail Integration
If you choose to use the Gmail import feature, RAIL requests read-only access (gmail.readonly) to your Gmail account solely to help you identify PR and brand contacts from your email history.
- We only read email headers (sender, recipient, subject) — we never read the body content of your emails.
- Gmail data is processed entirely in your browser. It is not sent to or stored on our servers.
- We do not store your Gmail access token beyond your current browser session.
- You can revoke Gmail access at any time at myaccount.google.com/permissions.
- Our use of Gmail data complies with the Google API Services User Data Policy, including the Limited Use requirements.
3. How We Use Your Information
- To provide and operate the RAIL platform.
- To save and sync your project data across sessions and collaborators.
- To authenticate your identity via Supabase Auth.
- We do not sell, rent, or share your personal data with third parties for marketing purposes.
4. Data Storage
Your data is stored securely using Supabase, hosted on AWS infrastructure in the EU region. Uploaded files are stored in Supabase Storage.
5. Data Sharing
We share your data only in the following cases:
- Collaborators: When you share a project via invite link, collaborators you invite can view and edit that project's data.
- Service providers: Supabase (database and auth), Vercel (hosting). These providers are bound by their own privacy policies and do not use your data for their own purposes.
6. Data Retention
We retain your data for as long as your account is active. You may request deletion of your account and all associated data by contacting us at the email below.
7. Your Rights
Depending on your location, you may have the right to access, correct, or delete your personal data. To exercise these rights, contact us at privacy@rail.pro.
8. Cookies
RAIL uses only essential cookies required for authentication (session tokens). We do not use tracking or advertising cookies.
9. Changes to This Policy
We may update this policy from time to time. We will notify users of significant changes via email or an in-app notice.
10. Contact
Questions about this policy? Contact us at privacy@rail.pro.