Privacy Policy

Last updated: July 2026

1. Introduction

Regris ("Regris," "we," "us," or "our") is a corporation organized under the laws of the State of Delaware, operating under the legal name Regris, Inc. Regris operates the water-utility documentation platform and related fixed-fee services available at getregris.com. Regris helps utilities organize utility-provided RRA and ERP information for internal review; it does not certify compliance or submit to EPA. This Privacy Policy describes how we collect, use, store, and protect information when you use our platform and is incorporated into and subject to Regris's Terms of Service.

Regris is designed to assist water utilities and community water systems with federal documentation responsibilities. This includes, but is not limited to, Risk and Resilience Assessments (RRAs) and Emergency Response Plans (ERPs) under America's Water Infrastructure Act (AWIA) Section 1433, data security documentation, and a utility's own internal tracking and gap analysis. Some information processed through the platform may constitute sensitive operational data — including data governed by AWIA §1433(a)(5) — and we treat all such data accordingly.

2. Information We Collect

We collect the following categories of information:

  • a. Account Registration Data. When you create an account, we collect your name, email address, job title, water system name, and system size (population served).
  • b. Compliance Assessment Data. Information you enter during any water agency compliance assessment or tracking process — including descriptions of physical infrastructure, security vulnerabilities, operational procedures, emergency contacts, and gap analysis inputs — may constitute sensitive operational data. Where applicable, this includes data governed by AWIA §1433(a)(5) and analogous provisions under other federal or state compliance frameworks. This data is used solely to generate your compliance documentation and is not shared with third parties except as described in Section 5.
  • c. Payment Information. Payment collection is provided by Stripe, Inc. ("Stripe"). Stripe's Services Agreement is available at https://stripe.com/ssa. Regris shares transaction and customer information reasonably necessary to process payments, subscriptions, refunds, and related support. Stripe's handling and processing of Personal Data is subject to Stripe's privacy policy at https://stripe.com/privacy. Regris does not collect, store, or have access to your payment card information.
  • d. Usage and Operational Data. Our hosting provider produces request, error, security, and performance logs needed to operate the application. Regris also records a limited first-party service funnel: event name, purchased offer, page path, pseudonymous browser identifier, and UTM campaign fields when present. Funnel events do not accept document contents, intake notes, questionnaire answers, or free-form metadata. Regris does not use persistent third-party advertising cookies.
  • e. Feedback Data. If you voluntarily submit feedback, ratings, or comments regarding the Regris platform, we may collect and retain that information for internal purposes only. Feedback submissions should not include sensitive operational data, including any information governed by AWIA §1433(a)(5) or any other federal compliance framework. Any such data inadvertently included in a feedback submission will be treated in accordance with Section 2(b) above.

3. How We Use Your Information

We use the information we collect to:

  • Create and maintain your Regris account;
  • Provide purchased documentation reviews, refresh sprints, maintenance services, workspace features, and customer-visible service status;
  • Process payments through Stripe;
  • Communicate with you regarding your account, purchased services, regulatory deadline reminders, and customer support;
  • Measure offer views, checkout starts, purchases, intake progress, fulfillment state, refunds, and cancellations using limited first-party funnel events;
  • Improve the Regris platform;
  • Use voluntarily submitted feedback solely for internal product improvement, platform development, and customer support purposes; and
  • Comply with applicable legal obligations.

4. AI-Assisted Processing

Regris supports server-configured OpenRouter, Anthropic, and OpenAI API routes for AI-assisted drafting. If you request an AI-assisted output, the relevant subset of submitted information may be processed by the configured provider to produce that output. Regris does not use customer data to train its own models. Provider-specific terms and controls apply; current details are published on the Security & Procurement page.

5. How We Share Your Information

We do not sell your personal information. We may share information in the following limited circumstances:

  • Service Providers: We share data as needed with Stripe (payments), Supabase/Amazon Web Services (database infrastructure), Vercel (application hosting), Resend (transactional email), and the configured OpenRouter, Anthropic, or OpenAI route when an AI-assisted feature is requested.
  • Legal Compliance: We may disclose information if required by law, regulation, court order, or lawful government request.
  • Business Transfer: In the event of a merger, acquisition, or sale of substantially all assets, your information may be transferred as part of that transaction, subject to written notice to you.

We do not share your AWIA §1433(a)(5) sensitive operational data with any unauthorized party, and we do not make such data available to other users or the general public.

6. Data Storage and Security

Your application data is stored on Supabase-managed PostgreSQL hosted on Amazon Web Services in the us-east-2 region. Current safeguards include:

  • Server-side authorization and utility/user scoping before application data reads or writes;
  • Transport Layer Security (TLS) encryption for all data in transit; and
  • Stripe's PCI-compliant infrastructure for all payment data.

Important Notice: Regris has not obtained formal NIST, SOC 2, or equivalent third-party security certification at this time. While we implement reasonable technical safeguards, users should evaluate whether our current security posture meets the requirements of their own organizational policies and applicable regulations, including any cybersecurity obligations under AWIA §1433(b).

7. Data Retention

We retain your account and compliance data for as long as your account is active or as necessary to provide services. You may request deletion of your account and associated data by contacting us at customerservice@getregris.com. Certain records may be retained where required by law, payment reconciliation, fraud prevention, dispute handling, or another legitimate business purpose.

8. Your Rights and Choices

You may contact us to:

  • Access the personal information we hold about you;
  • Correct inaccurate or incomplete information;
  • Request deletion of your account data; or
  • Opt out of non-transactional communications.

Depending on your state of residence, you may have additional rights under applicable state privacy laws. Regris operates in multiple states and will honor applicable rights requests in accordance with governing law.

9. Data Breach Notification

In the event of a security incident affecting personal information, Regris will notify affected users as required by applicable law and any controlling customer agreement, using the contact information associated with the account or another legally permitted notice method.

10. Commercial Use; Children's Privacy

The Regris platform and tools are intended for commercial use by utility professionals and government officials. We do not knowingly collect personal information from individuals under the age of 18. If you are using the platform or tools for personal use or if you are under the age of 18, please discontinue use of the platform or tools immediately.

11. Third-Party Links

Our platform may contain links to EPA resources and other third-party websites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes by email or by posting a notice on getregris.com. The "Last Updated" date at the top of this Policy indicates when the most recent revision was made.

13. Governing Law

This Privacy Policy is governed by the laws of the State of Alabama, without regard to its conflict-of-law provisions.

14. Contact Us

Questions or requests regarding this Privacy Policy should be directed to:

Regris, Inc.
251 Little Falls Drive
Wilmington, Delaware 19808

customerservice@getregris.com
getregris.com

Data Processing Agreement

For procurement purposes, download our Data Processing Agreement (DPA) to keep on file with your records.

Download DPA (PDF)