Version 1.1
Last updated: 11 November 2025
Effective date: 11 November 2025
At Rewado, we believe your data and actions have real value. Our mission is to reward you for sharing insights and completing tasks while maintaining the highest standards of privacy. This policy explains how we collect, use, and protect your data.
The Value Exchange: When you complete tasks or share communication data with Rewado, we anonymize and aggregate this information to create market insights. For some tasks, we also earn affiliate or partner fees. Part of these fees and revenues fund the points and rewards you earn. This transparent exchange puts you in control while ensuring you benefit from the value your data creates.
Rewado is a mobile application and service operated by Axess Intelligence GmbH
Contact Information:
Axess Intelligence GmbH
Pilgrimstraße 6
50674 Cologne
Germany
Email: support@rewado.io (for support questions)
Privacy Email: privacy@rewado.io (for privacy questions)
Data Protection Officer: Winsley von Spee (contact via privacy@rewado.io)
Axess Intelligence GmbH is the controller for the processing of your personal data in connection with the Rewado app and the related services. If you have questions about this policy or your rights, contact us via the emails above. You can also contact the competent data protection authority in North Rhine Westphalia (LDI NRW).
Age Restrictions: Rewado is not directed to children under 16 years of age. We may apply a higher minimum age if required in the country where you use the app. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately at privacy@rewado.io so we can delete it.
Territorial Scope: We operate from Germany and primarily offer our service from the EU. We may process and store your personal data in the EU/EEA and, where necessary, in countries outside the EU/EEA under the EU Standard Contractual Clauses and additional safeguards. Local privacy rights may differ depending on your location, but you can always contact us at privacy@rewado.io.
Rewado lets you create an account, complete data sharing tasks (for example upload screenshots or images of emails, SMS or app push notifications that you received from other companies), complete non data sharing tasks (for example download a partner app, create an account with a partner, test a service, complete a survey or onboarding), and redeem the points you earned for rewards.
A core purpose of Rewado is to collect real consumer communication data, review and anonymize it, and use it to generate market and CRM insights that Axess Intelligence provides to its business customers. These business customers receive aggregated or anonymized insights. They do not get access to your Rewado account data or receive the raw uploads.
Some non data sharing tasks are financed through affiliate fees or similar partner commissions. In those cases we must be able to track that you actually performed the partner action. These fees help fund the rewards you earn. If tracking is technically or legally required to confirm the task, and you do not give consent, we cannot confirm the task and cannot credit points. We will indicate this in the task description.
If we introduce new data sources that let you connect external accounts in the future, we will show you the specific data categories and ask for your consent first.
Account data: email address, password (stored in hashed form), display name. Phone number is optional.
Profile data: country of residence, language, user preferences.
Task submissions and uploads: photos, screenshots, videos, text responses and any other content that you upload to complete tasks. This may include communications that you received from third party companies.
Communication with us: messages to support, feedback, survey responses, support tickets.
Referral data: referral code you used or shared.
Payout and verification data (only if needed): payout account or wallet ID, full name, residence country, and in higher risk cases a verification result provided by our verification partner (for example pass or fail, fraud or device signals). We ask for this only if it is necessary to process a redemption, to prevent abuse or if a partner or tax rule requires it.
Device and technical data: device type, operating system, app version, IP address, mobile network information, unique device identifiers. We use this for security, fraud detection and, where you have consented, for attribution of partner or affiliate tasks.
Usage data: features used, tasks viewed and completed, timestamps, time spent in the app, interaction patterns.
Location (coarse): country level location based on your profile or technical signals. We do not track precise GPS in the app.
Check in data: daily check in timestamps, streaks, reward progress.
Crash and performance data: to fix errors and improve stability.
Consent logs: We keep records of the consents you give in the app (including for special-category data in uploads and for affiliate tracking) to be able to demonstrate compliance with data protection laws.
Authentication providers: if you sign in with a third party (for example Google), we receive your name and email to create or link your account.
Reward providers and payment partners: data that is necessary to process your redemption.
Affiliate, attribution and partner networks (for non data sharing tasks): we may receive confirmation that a specific action (install, signup, purchase) tied to your device or identifier was completed, so we can credit your account.
If you do not provide the personal data that is necessary for account creation, task completion, attribution or payout, we may not be able to provide that feature.
When you upload screenshots, emails, SMS or app push notifications, these files may contain personal data about you and about third persons. In rare cases they may also contain special categories of personal data (for example information about health, religion, political opinions).
We process these uploads in order to:
review and perform quality control, which can include human reviewers or labeling services that are bound by confidentiality obligations,
anonymize or pseudonymize the content as quickly as reasonably possible,
aggregate the anonymized content into market and CRM insights for our business customers.
Our business customers only receive aggregated or anonymized insights. They do not receive your raw uploads and they do not receive access to your Rewado account.
By submitting an upload for a reward you give us your explicit consent to process the content of the upload, including any special categories of data it may contain, until we have anonymized it (Art. 9(2)(a) GDPR). Please only upload content that you are allowed to share. We recommend avoiding uploads with sensitive data where possible, and we anonymize such data as soon as reasonably possible.
Uploads can also contain personal data about third persons (for example their name or email in a newsletter you received). Because we receive this data indirectly, in large volumes and for the sole purpose of anonymization and aggregation, it would be impossible to inform every individual directly. We therefore rely on Art. 14(5)(b) GDPR and protect the data of such third persons by promptly anonymizing or deleting it.
If you believe a specific upload should be removed, contact privacy@rewado.io.
Rewado also offers tasks where you do not upload communications but perform an action with a partner, for example download and open an app, create an account with a third party, complete onboarding or survey steps for a partner, test a service or make an in app action.
These tasks often generate an affiliate fee or similar commission for Rewado once your action is confirmed by the partner or the affiliate network. Your points and rewards may be partly or fully funded from that commission.
To make this work, we usually need to track that the action was done from your device or account. This typically involves:
Placing or reading a tracking identifier
Passing a click ID to the partner
Receiving a postback or conversion signal from the partner or affiliate network
Matching that signal to your Rewado account
Because this tracking can involve several apps or services, and because some jurisdictions require it, we will ask you for a clear opt in before we track partner or affiliate tasks across apps or services.
Important: Some tasks are technically impossible to verify without tracking. Where tracking is required to verify a task, you can refuse tracking, but we will not be able to confirm completion and no points will be awarded. This will be shown in the task description. If you deny tracking, you can still use the app, but that specific task will stay 'unverified' and no points will be granted.
When you complete a task with a partner (for example install an app, register or make a purchase), that partner or the affiliate network acts as an independent controller for its part of the processing. When you leave the Rewado environment and interact with a partner, that partner's privacy notice applies to that activity. We only receive the minimum information needed to confirm your task so we can credit your reward.
In partner or affiliate tasks, Rewado acts as the controller for the operation of the Rewado app and for crediting your reward. The partner or the affiliate network is typically an independent controller for their part of the tracking and for the service you interact with. Their privacy notices apply to that part of the processing.
Note that some attribution providers can be outside the EU, in which case we use Standard Contractual Clauses (see Section 10 on International Transfers).
For this type of processing we rely on:
Contractual necessity (to give you the reward for a task you chose)
Legitimate interests (to prevent fraud and to fund the program)
Consent (where required for cross app or marketing like tracking)
We process personal data on the following legal bases under the GDPR:
Contract (Art. 6(1)(b) GDPR)
Create and manage your account (including the operation of our points and reward system, which forms part of the contractual relationship)
Let you complete tasks and earn points
Process reward redemptions
Attribute and confirm actions for a task where this is technically necessary to give you the reward
Legitimate interests (Art. 6(1)(f) GDPR)
Review, clean, anonymize and aggregate uploaded communications for market and CRM intelligence (this is our legitimate interest as it forms the basis of our customer-facing product). We balance this against the rights of data subjects and minimize data as quickly as possible. Anonymization and aggregation are considered compatible further processing under Art. 5(1)(b) GDPR.
Prevent fraud and abuse (for example fake installs, emulator traffic, multiple accounts)
Secure our systems
Improve the app and run analytics
Show you tasks and rewards that match your profile
When we process uploaded communications that contain personal data of third parties, we do so based on our legitimate interests (Art. 6(1)(f) GDPR) to create anonymized market intelligence for our customers. We limit this processing to what is necessary, apply technical and organizational measures to anonymize the data as quickly as possible, and we consider that the impact on the data subjects is low because business customers do not receive the raw data.
You can object to processing based on legitimate interests if your situation justifies it by emailing privacy@rewado.io.
Consent (Art. 6(1)(a) GDPR)
For cross app or partner or affiliate tracking where required by law or by partner terms
For optional marketing
For optional analytics
For processing special categories of data in uploads before anonymization (Art. 9(2)(a) GDPR)
For uploads that may contain special categories of personal data we rely on your explicit consent (Art. 9(2)(a) GDPR). You can withdraw consent at any time, but this does not affect processing that has already been done.
You can withdraw consent at any time in the app or by contacting us. Withdrawal does not affect processing that was done before the withdrawal.
Legal obligation (Art. 6(1)(c) GDPR)
Accounting and tax
Responding to authorities and enforcing rights
We use your personal data only for the purposes stated in this policy. If we need to use it for another purpose that is compatible with the original purpose, we will inform you. If we need it for an unrelated purpose, we will explain the legal basis or ask for your consent.
We use your data to:
Provide and operate the Rewado app
Authenticate you and keep you signed in
Show you relevant tasks and rewards based on country and profile
Process data sharing and non data sharing tasks
Attribute and confirm affiliate based tasks
Award points and process rewards
Generate anonymized and aggregated insights for Axess Intelligence business customers
Analyze and improve the service
Prevent fraud and secure the platform
Comply with legal obligations
We use your country, language, device, previous tasks and fraud related signals to recommend tasks and to protect the service. This is profiling, but it does not produce legal or similarly significant effects for you. You can object to profiling that is based on legitimate interests by contacting privacy@rewado.io.
We do not use personal data to make automated decisions that produce legal or similarly significant effects for you.
We do not sell personal information. We share data only with the following categories of recipients:
Service providers and processors
Hosting, authentication, analytics, error monitoring, reward fulfillment, communication tools. They process data only on our instructions.
Human reviewers and labeling services
For anonymizing, classifying and quality checking your uploads. These services are under written confidentiality and data protection obligations. Reviewers access only the minimal portion of content required for labeling and anonymization, access is logged, and access is time-limited. They are typically located inside the EEA or may be located outside with appropriate safeguards including Standard Contractual Clauses.
Affiliate, attribution and partner networks
Only where a task requires us to prove that you completed the action. We minimize what we send.
Payment and reward partners
To process your selected redemption.
Business transferees
If we sell or merge our business, personal data may be transferred to the new owner under the same privacy terms.
Authorities
If we are legally required to share data.
Recipients you ask us to share with
For example when you request support from a partner.
If a task sends you to a partner site or app, their privacy policy applies there. We do not share personal information for cross context behavioral advertising.
We are based in Germany and we use service providers in the EU and in other countries, including the United States. Where personal data is transferred to a country without an adequacy decision of the EU Commission, we use the EU Standard Contractual Clauses and, where necessary, implement additional technical and organizational measures to protect your data. This includes transfers to attribution providers and human reviewers outside the EU.
We conclude the EU Standard Contractual Clauses with these providers and, where necessary, implement additional technical and organizational measures. Copies of the SCCs can be requested at privacy@rewado.io.
We keep personal data only for as long as we need it for the purposes described in this policy:
Account data: while the account is active and up to 30 days after deletion, unless legal retention rules require longer storage. Inactive accounts (no login for 5 years) will be automatically deleted.
Task submissions (data sharing): Raw identifiable uploads are kept only until anonymization is complete. Aggregated or anonymized versions may be kept indefinitely for analytical and statistical purposes. Certain pseudonymized audit records may be retained for up to two years to verify processing integrity.
Affiliate and attribution records (non data sharing tasks): as long as needed to validate the task and for accounting, typically up to 2 years, longer if tax rules require it
Transaction and accounting data: up to 10 years
Support communications and tickets: up to 2 years
Anonymized and aggregated data: may be kept indefinitely, because it no longer identifies you
You have the following rights under the GDPR:
Right of access
Right to rectification
Right to erasure
Right to restriction of processing
Right to data portability
Right to object to processing based on legitimate interests
Right to withdraw consent at any time
To exercise your rights, contact privacy@rewado.io. We will respond within one month, which can be extended by two months for complex requests. You can also lodge a complaint with your local data protection authority, for example LDI NRW.
If you are a California resident, you have the following rights:
Right to Know: Request information about the categories and specific pieces of personal information we collect
Right to Access: Obtain a copy of your personal information
Right to Delete: Request deletion of your personal information
Right to Correct: Request correction of inaccurate personal information
Right to Opt-Out: We do not sell personal information and we do not share it for cross-context behavioral advertising
Right to Non-Discrimination: You will not be discriminated against for exercising your privacy rights
Verification Process: When you make a rights request, we will verify your identity by asking you to confirm information associated with your account (such as email address or recent activity). For deletion requests, we may require additional verification.
Appeals Process: If we deny your request, you may appeal by replying to our response email with additional information. We will review appeals within 45 days.
To exercise your rights, contact privacy@rewado.io.
Rewado offers a rewards program where you earn points for completing tasks and sharing data. This constitutes a financial incentive under certain US state laws.
How it works:
You opt into the program by creating an account and choosing to complete tasks
The value of rewards is reasonably related to the value of the data or actions provided
You can opt out at any time by not completing tasks or by deleting your account
Opting out will not affect points already earned but will prevent earning new points
The financial value we assign to your data is based on factors including the type of task, data quality, and market rates for similar information or actions.
Residents of Colorado, Connecticut, Utah, Virginia, and other states with comprehensive privacy laws may have similar rights to California residents. Contact privacy@rewado.io to exercise your rights under applicable state law.
We use technical and organizational measures to protect your personal data. These include TLS in transit, secure password hashing, role based access control and database level protection. We regularly review our technical and organizational measures. No system is completely secure, but we work to keep the risk low and to limit access to those who need it.
We use essential local storage and similar technologies to keep you signed in and to operate the app. For affiliate or attribution tasks we may need to store a click ID or task identifier so that we can credit your reward. If you block this storage, some tasks cannot be tracked and you may not receive points for them.
If you access Rewado through a webview or our website, additional cookie information may be shown there.
Tasks may send you to partner websites or partner apps. Those partners are responsible for their own privacy practices. Please read their privacy policies. We only receive the data that is necessary to confirm that you completed the task.
We may update this Privacy Policy from time to time. If we make material changes, we will notify you in the app or by email. The updated version applies from the date we publish it.
The processing of personal data in connection with Rewado is carried out in accordance with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG).
To help you better understand this privacy policy, here are definitions of key terms:
Controller: The organization that determines the purposes and means of processing personal data (in this case, Axess Intelligence GmbH)
Processor: An organization that processes personal data on behalf of the controller
Legitimate Interest: A legal basis for processing that balances our business needs against your privacy rights
Performance of a Contract: Processing necessary to fulfill our agreement with you when you use our services
Special Categories of Data: Sensitive personal data such as health information, political opinions, or religious beliefs
Standard Contractual Clauses (SCCs): Legal agreements approved by the EU to protect data transferred outside the EU
Data Protection Officer (DPO): A person designated to oversee data protection strategy and compliance
GDPR: General Data Protection Regulation - the EU's data protection law
BDSG: Bundesdatenschutzgesetz - German Federal Data Protection Act
CCPA/CPRA: California Consumer Privacy Act/California Privacy Rights Act - California's data protection laws
Anonymization: Processing data so that individuals can no longer be identified from it
Pseudonymization: Replacing identifying information with artificial identifiers
Financial Incentive: A program offering rewards in exchange for personal information or actions