RealLink AI
Privacy & Data Protection
If a Business User enables RealLink AI inquiry or reservation forms, visitors may submit contact details through a separate form with a privacy notice and consent checkbox. RealLink AI stores inquiry records for 3 weeks, and reservation records until 30 days after the scheduled reservation ends, then removes expired records. Business Users are responsible for any required local privacy notice, lawful handling, and using the data only for the requested follow-up or booking.
Privacy Policy
Effective Date: July 12, 2026Merchant and product information:
Product name: RealLink AI
Business name: Warm Binary
Support and Privacy Officer contact: [email protected]
Payments and subscription checkout are processed by Creem.
1. Introduction
RealLink AI ("we," "our," or "us") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our Service. We apply the GDPR, PIPA, APPI, CCPA/CPRA, and other data-protection laws where they apply to the relevant person, activity, and jurisdiction.
Role Definition & Data Processing Addendum:
To clarify our responsibilities under data protection laws:
1. For Business Users (Subscribers): We act as the Data Controller of your account and billing information.
2. For End Users (Your Customers): We act as the Data Processor and the Business User is the Data Controller. Our separate Data Processing Addendum (DPA) governs that processing and is incorporated into the Terms.
Privacy accountability: The Warm Binary operator performs the privacy-accountability function for RealLink AI. Privacy Officer and data-protection requests may be sent to [email protected]. Country-specific disclosures for Korea, Australia, New Zealand, Canada, Singapore, Japan, the United States, and Mexico are published in our Country Privacy Supplements.
2. Information We Collect
We collect data in the following categories:
- A. Subscriber Data (Business Users):
- Account Information: Email address, name, and profile picture provided via Google Login.
- Payment Information: We do not store your credit card details. All payments are processed securely by our third-party payment provider, Creem.
- Eligibility Confirmation Records: When required before checkout, we may record your adult-eligibility affirmation, the notice version presented, timestamp, IP address, browser or user-agent data, and technical session identifiers for fraud prevention, legal compliance, checkout security, and dispute resolution.
- B. End User Data (Processed on your behalf):
- User Content: Documents (PDF, TXT) and instructions you upload to train your chatbot.
- Chat Logs: Interaction history, queries, and Vector Embeddings stored in our Vector DB.
- Sensitive Data Prohibition: You strictly agree NOT to upload Protected Health Information (PHI) or highly sensitive PII unless explicitly authorized via a separate agreement.
- C. Automatically Collected Data:
- Usage Data: IP addresses, browser type, device information, and timestamps for security (DDoS protection) and analytics.
- Cookies: We use cookies and local storage to maintain your login session and preferences.
3. Legal Basis & Use of Information
We process your data based on Contractual Necessity (to provide the SaaS), Legitimate Interests (security, improvement), and Consent.
Strict Data Isolation (No Public Training):
We strictly distinguish between "Service Data" and "Training Data".
- Your uploaded private documents and End User chat logs are Isolated and used SOLELY to answer queries for your specific chatbot via RAG.
- We do NOT use your identifiable data to train our public foundational models (e.g., Google Gemini) without your explicit opt-in consent.
We use the information to:
- Provide, operate, and maintain the Service.
- Process payments and manage subscriptions via Creem.
- Prevent fraud, abuse, and ensure security (e.g., rate limiting).
- Improve service performance, reliability, safety, product quality, and analytics features using service usage data, chatbot configuration data, End User questions, conversation metadata, and derived analytics where permitted by law.
- Create aggregated or de-identified insights that are not intended to identify any individual visitor, customer account, or specific business.
Internal analytics and no sale of identifiable data:
RealLink AI may use service usage data, chatbot configuration data, End User questions, conversation metadata, and derived analytics to operate, secure, troubleshoot, improve, and develop the Service. We do not sell Customer Content, raw End User conversation data, or identifiable business/user data. We may use aggregated or de-identified insights internally, provided they are not intended to identify a specific visitor, account, or business.
4. Data Sharing, Sub-processors, and Other Providers
Our current production service uses the following core Sub-processors. The full, dated register, processing purposes, locations, provider terms, and change procedure are published at Subprocessors and Other Providers:
- Cloudflare (Global/US): Pages and Workers hosting, D1/R2 storage, edge delivery, security, Turnstile, and related infrastructure.
- Google Cloud (US/Global): Vertex AI model and embedding processing, Firestore vector/document storage, and related cloud authentication.
Other providers: Creem generally acts as an independent controller or merchant of record for checkout and payment data. Google Identity Services processes authentication data when a Business User chooses Google sign-in. Customer-configured YouTube/Google, Spotify, TikTok, and Google Maps content is first shown through a RealLink AI preview. Supported preview images are fetched server-side, size-limited, and temporarily cached; the visitor's browser connects directly to the provider only after the visitor presses the labelled play or map button. Calendly is presented as an external link and receives the browser request only after the visitor clicks. See our Cookie and External Content Notice and recipient register.
Sub-processor Changes: We will provide at least 30 days' advance notice of a new or replacement Sub-processor by email, dashboard notice, or a dated update notice on the register, with an opportunity to object on reasonable data-protection grounds.
We may also disclose data for:
- Legal Requirements: Compliance with court orders or valid law enforcement requests.
- Business Transfers: Merger, acquisition, or asset sale (data transferred to the acquiring entity).
5. International Data Transfers
Your information may be transferred to and maintained on computers located outside of your state, province, country, or other governmental jurisdiction, including the Republic of Korea, the United States, and configured Cloudflare or Google locations. We use provider contracts, SCCs, adequacy decisions, comparable-protection obligations, or another transfer mechanism required by the law that applies. Additional local explanations are provided in the Country Privacy Supplements.
6. Data Retention
We retain Personal Data only as long as necessary:
- Active Accounts: Data is retained while your subscription is active to provide the Service.
- Chat Logs, Analytics & Embeddings: Retained while needed to provide the active Business User account and its configured analytics, then deleted or de-identified through account, chatbot, and training-data deletion workflows, subject to backup cycles and restricted legal retention. We do not claim a fixed 12-month deletion period unless the product setting presented to the Business User expressly provides one.
- Inquiry and Reservation Form Records: If a visitor submits an inquiry or reservation through a public chatbot form, the submitted contact information, request or booking details, source information, consent version, and related timestamps are stored only for the relevant retention period. Inquiry records are stored for 3 weeks. Reservation records are stored until 30 days after the scheduled reservation ends. Expired records are removed. Business Users must use this information only to respond to the visitor's requested follow-up or manage the requested reservation and must comply with applicable privacy laws.
- Deleted Accounts: Upon account deletion, we purge chatbot assets and begin deletion of chatbot training and Vector DB data in line with our internal retention schedule. Backups may be retained for up to 90 days for disaster recovery.
- Internal Retention Schedule: We maintain an internal retention schedule that records the categories of personal data we keep, the reason for retention, the applicable retention period, and whether the data is deleted, anonymized, archived, or restricted at the end of that period.
- Deletion Request Workflow: If you submit a verified account-deletion request, we may disable public chatbot access immediately, but final deletion can be staged. Timing may depend on active subscription status, scheduled cancellation, refund review, payment dispute or chargeback handling, fraud or safety review, backup cycles, and legal or compliance retention duties.
- Restricted Retained Records After Deletion: Where we must retain limited records after a deletion request for legal, tax, accounting, fraud-prevention, security, payment-dispute, or legal-claims purposes, we restrict access to those records and keep them outside normal active service use where reasonably practicable.
- Billing Records & Transaction Logs: Retained for up to 7 years to comply with applicable tax and accounting laws. Even if you delete your account, we may retain your payment history, transaction details, and related IP logs securely. This data is used exclusively for resolving payment disputes (e.g., chargebacks), fraud prevention, and legal compliance.
- Eligibility Confirmation Logs: Adult-eligibility confirmation records may be retained for as long as reasonably necessary to document checkout consent, enforce access restrictions, investigate abuse, and defend against payment disputes or legal claims.
7. Your Data Rights
Notice to End Users: If you are using a chatbot powered by RealLink AI and wish to exercise your data rights (access, correction, deletion), please contact the Business User (the entity that provided the chatbot) directly. As a Processor, we can only act upon instructions from the Business User.
For Business Users: You have rights to access, rectify, erasure, restriction, and portability of your data.
Response Timeframe: We respond within the period required by the law that applies to the verified request. Under GDPR this is generally one month, subject to the lawful extension and notice rules in Article 12.
To exercise these rights, contact us at the email below. We may require identity verification to prevent fraud.
Deletion Rights and Exceptions: We support verified deletion requests, but where law permits we may refuse, limit, or delay deletion to protect payment systems, investigate fraud or abuse, preserve security, comply with tax/accounting obligations, respond to legal claims, or complete active refund or dispute handling. If we cannot complete deletion immediately, we will explain the reason, the remaining retention basis, and the next expected step or timing to the extent required by applicable law.
8. Children's Privacy
Our Service is not directed to children. Public chatbot interfaces are intended only for individuals aged 16 or older, while Business User accounts, billing, subscription management, and training-data uploads are intended only for adults aged 18 or older. Children under 13 must not use the Service. We do not knowingly collect personal data from children or minors in violation of applicable law. If we learn that we have collected such data, we will take steps to delete it and may suspend related access.
9. Security
We use industry-standard encryption (HTTPS/TLS) and secure cloud infrastructure (Google Cloud/Firebase/Cloudflare). However, no method of transmission over the Internet is 100% secure. You are responsible for securing your account credentials.
10. Changes to This Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. You are advised to review this Privacy Policy periodically.
11. Contact and Business Details
If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:
- Privacy Officer and data-protection email: [email protected]
- Business: Warm Binary, operating RealLink AI
- Address: 6F L8, 78 Jungdong-ro 254beon-gil, Wonmi-gu, Bucheon-si, Gyeonggi-do, Republic of Korea
The English version is the governing version of this page. Any translated version is provided only for convenience and reference. If there is any conflict, ambiguity, or inconsistency, the English version prevails unless local law requires otherwise.