Privacy Policy

Effective Date: February 13, 2026

1. Introduction

RealLink AI ("we," "our," or "us") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. We strictly adhere to global standards including GDPR, CCPA, PIPA, and APPI.

2. Information We Collect

We collect data in the following categories:

• A. Subscriber Data (Business Users):
  • Account Information: Email address, name, and profile picture provided via Google Login.
  • Payment Information: We do not store your credit card details. All payments are processed securely by our third-party payment provider, Creem.
  • Eligibility Confirmation Records: When required before checkout, we may record your adult-eligibility affirmation, the notice version presented, timestamp, IP address, browser or user-agent data, and technical session identifiers for fraud prevention, legal compliance, checkout security, and dispute resolution.
• B. End User Data (Processed on your behalf):
  • User Content: Documents (PDF, TXT) and instructions you upload to train your chatbot.
  • Chat Logs: Interaction history, queries, and Vector Embeddings stored in our Vector DB.
  • Sensitive Data Prohibition: You strictly agree NOT to upload Protected Health Information (PHI) or highly sensitive PII unless explicitly authorized via a separate agreement.
• C. Automatically Collected Data:
  • Usage Data: IP addresses, browser type, device information, and timestamps for security (DDoS protection) and analytics.
  • Cookies: We use cookies and local storage to maintain your login session and preferences.

3. Legal Basis & Use of Information

We process your data based on Contractual Necessity (to provide the SaaS), Legitimate Interests (security, improvement), and Consent.

We use the information to:

• Provide, operate, and maintain the Service.
• Process payments and manage subscriptions via Creem.
• Prevent fraud, abuse, and ensure security (e.g., rate limiting).
• Improve service performance, reliability, safety, product quality, and analytics features using service usage data, chatbot configuration data, End User questions, conversation metadata, and derived analytics where permitted by law.
• Create aggregated or de-identified insights that are not intended to identify any individual visitor, customer account, or specific business.

4. Data Sharing and Sub-processors

We engage the following Sub-processors to provide the Service. By using the Service, you authorize these transfers:

• Google Cloud & Firebase (US/Global): Backend infrastructure, Vector Database (Firestore).
• Google Vertex AI (US): LLM Inference & Processing.
• Google Identity Services: Authentication.
• Cloudflare (Global): Hosting, security (WAF), and edge caching.
• Creem (Global): Payment processing.

Sub-processor Changes: We will notify Business Users 30 days in advance of any changes to our Sub-processors via email or dashboard notification, providing an opportunity to object.

We may also disclose data for:

• Legal Requirements: Compliance with court orders or valid law enforcement requests.
• Business Transfers: Merger, acquisition, or asset sale (data transferred to the acquiring entity).

5. International Data Transfers

Your information may be transferred to and maintained on computers located outside of your state, province, country, or other governmental jurisdiction (e.g., servers in the US or South Korea). We rely on Standard Contractual Clauses (SCCs) and adequacy decisions where applicable.

6. Data Retention

We retain Personal Data only as long as necessary:

• Active Accounts: Data is retained while your subscription is active to provide the Service.
• Chat Logs & Embeddings: Retained for 12 months by default for service quality, then deleted or anonymized (configurable by Business User).
• Deleted Accounts: Upon account deletion, we purge chatbot assets and begin deletion of chatbot training and Vector DB data in line with our internal retention schedule. Backups may be retained for up to 90 days for disaster recovery.
• Internal Retention Schedule: We maintain an internal retention schedule that records the categories of personal data we keep, the reason for retention, the applicable retention period, and whether the data is deleted, anonymized, archived, or restricted at the end of that period.
• Deletion Request Workflow: If you submit a verified account-deletion request, we may disable public chatbot access immediately, but final deletion can be staged. Timing may depend on active subscription status, scheduled cancellation, refund review, payment dispute or chargeback handling, fraud or safety review, backup cycles, and legal or compliance retention duties.
• Restricted Retained Records After Deletion: Where we must retain limited records after a deletion request for legal, tax, accounting, fraud-prevention, security, payment-dispute, or legal-claims purposes, we restrict access to those records and keep them outside normal active service use where reasonably practicable.
• Billing Records & Transaction Logs: Retained for up to 7 years to comply with applicable tax and accounting laws. Even if you delete your account, we may retain your payment history, transaction details, and related IP logs securely. This data is used exclusively for resolving payment disputes (e.g., chargebacks), fraud prevention, and legal compliance.
• Eligibility Confirmation Logs: Adult-eligibility confirmation records may be retained for as long as reasonably necessary to document checkout consent, enforce access restrictions, investigate abuse, and defend against payment disputes or legal claims.

7. Your Data Rights

Notice to End Users: If you are using a chatbot powered by RealLink AI and wish to exercise your data rights (access, correction, deletion), please contact the Business User (the entity that provided the chatbot) directly. As a Processor, we can only act upon instructions from the Business User.

For Business Users: You have rights to access, rectify, erasure, restriction, and portability of your data.

Response Timeframe: We aim to respond to valid requests within:

• GDPR (EU): 1 month
• CCPA (US): 45 days
• PIPA (Korea): 10 days

To exercise these rights, contact us at the email below. We may require identity verification to prevent fraud.

Deletion Rights and Exceptions: We support verified deletion requests, but where law permits we may refuse, limit, or delay deletion to protect payment systems, investigate fraud or abuse, preserve security, comply with tax/accounting obligations, respond to legal claims, or complete active refund or dispute handling. If we cannot complete deletion immediately, we will explain the reason, the remaining retention basis, and the next expected step or timing to the extent required by applicable law.

8. Children's Privacy

Our Service is not directed to children. Public chatbot interfaces are intended only for individuals aged 16 or older, while Business User accounts, billing, subscription management, and training-data uploads are intended only for adults aged 18 or older. Children under 13 must not use the Service. We do not knowingly collect personal data from children or minors in violation of applicable law. If we learn that we have collected such data, we will take steps to delete it and may suspend related access.

9. Security

We use industry-standard encryption (HTTPS/TLS) and secure cloud infrastructure (Google Cloud/Firebase/Cloudflare). However, no method of transmission over the Internet is 100% secure. You are responsible for securing your account credentials.

10. Changes to This Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. You are advised to review this Privacy Policy periodically.

11. Contact Us & DPO

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

• Email: [email protected]
• Support contact: [email protected]