logo

RealLink AI

Privacy & Data Protection

Privacy Policy

Effective Date: February 13, 2026

1. Introduction

RealLink AI ("we," "our," or "us") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. We strictly adhere to global standards including GDPR, CCPA, PIPA, and APPI.

Role Definition & DPA (GDPR/PIPA):
To clarify our responsibilities under data protection laws:
1. For Business Users (Subscribers): We act as the Data Controller of your account and billing information.
2. For End Users (Your Customers): We act as the Data Processor. You are the Data Controller. This Privacy Policy, along with our Terms, constitutes the Data Processing Agreement (DPA) governing our processing of your End User Data.

2. Information We Collect

We collect data in the following categories:

  • A. Subscriber Data (Business Users):
    • Account Information: Email address, name, and profile picture provided via Google Login.
    • Payment Information: We do not store your credit card details. All payments are processed securely by our third-party payment provider, Creem.
    • Eligibility Confirmation Records: When required before checkout, we may record your adult-eligibility affirmation, the notice version presented, timestamp, IP address, browser or user-agent data, and technical session identifiers for fraud prevention, legal compliance, checkout security, and dispute resolution.
  • B. End User Data (Processed on your behalf):
    • User Content: Documents (PDF, TXT) and instructions you upload to train your chatbot.
    • Chat Logs: Interaction history, queries, and Vector Embeddings stored in our Vector DB.
    • Sensitive Data Prohibition: You strictly agree NOT to upload Protected Health Information (PHI) or highly sensitive PII unless explicitly authorized via a separate agreement.
  • C. Automatically Collected Data:
    • Usage Data: IP addresses, browser type, device information, and timestamps for security (DDoS protection) and analytics.
    • Cookies: We use cookies and local storage to maintain your login session and preferences.

3. Legal Basis & Use of Information

We process your data based on Contractual Necessity (to provide the SaaS), Legitimate Interests (security, improvement), and Consent.

Strict Data Isolation (No Public Training):
We strictly distinguish between "Service Data" and "Training Data".
- Your uploaded private documents and End User chat logs are Isolated and used SOLELY to answer queries for your specific chatbot via RAG.
- We do NOT use your identifiable data to train our public foundational models (e.g., Google Gemini) without your explicit opt-in consent.

We use the information to:

  • Provide, operate, and maintain the Service.
  • Process payments and manage subscriptions via Creem.
  • Prevent fraud, abuse, and ensure security (e.g., rate limiting).
  • Improve service performance using fully anonymized and aggregated metadata (e.g., system latency, error rates).

4. Data Sharing and Sub-processors

We engage the following Sub-processors to provide the Service. By using the Service, you authorize these transfers:

  • Google Cloud & Firebase (US/Global): Backend infrastructure, Vector Database (Firestore).
  • Google Vertex AI (US): LLM Inference & Processing.
  • Google Identity Services: Authentication.
  • Cloudflare (Global): Hosting, security (WAF), and edge caching.
  • Creem (Global): Payment processing.

Sub-processor Changes: We will notify Business Users 30 days in advance of any changes to our Sub-processors via email or dashboard notification, providing an opportunity to object.

We may also disclose data for:

  • Legal Requirements: Compliance with court orders or valid law enforcement requests.
  • Business Transfers: Merger, acquisition, or asset sale (data transferred to the acquiring entity).

5. International Data Transfers

Your information may be transferred to ??and maintained on ??computers located outside of your state, province, country, or other governmental jurisdiction (e.g., servers in the US or South Korea). We rely on Standard Contractual Clauses (SCCs) and adequacy decisions where applicable.

6. Data Retention

We retain Personal Data only as long as necessary:

  • Active Accounts: Data is retained while your subscription is active to provide the Service.
  • Chat Logs & Embeddings: Retained for 12 months by default for service quality, then deleted or anonymized (configurable by Business User).
  • Deleted Accounts: Upon account deletion, we purge your Vector DB data within 30 days. Backups may be retained for up to 90 days for disaster recovery.
  • Billing Records & Transaction Logs: Retained for up to 7 years to comply with applicable tax and accounting laws. Even if you delete your account, we may retain your payment history, transaction details, and related IP logs securely. This data is used exclusively for resolving payment disputes (e.g., chargebacks), fraud prevention, and legal compliance.
  • Eligibility Confirmation Logs: Adult-eligibility confirmation records may be retained for as long as reasonably necessary to document checkout consent, enforce access restrictions, investigate abuse, and defend against payment disputes or legal claims.

7. Your Data Rights

Notice to End Users: If you are using a chatbot powered by RealLink AI and wish to exercise your data rights (access, correction, deletion), please contact the Business User (the entity that provided the chatbot) directly. As a Processor, we can only act upon instructions from the Business User.

For Business Users: You have rights to access, rectify, erasure, restriction, and portability of your data.

Response Timeframe: We aim to respond to valid requests within:

  • GDPR (EU): 1 month
  • CCPA (US): 45 days
  • PIPA (Korea): 10 days

To exercise these rights, contact us at the email below. We may require identity verification to prevent fraud.

8. Children's Privacy

Our Service is not directed to children. Public chatbot interfaces are intended only for individuals aged 16 or older, while Business User accounts, billing, subscription management, and training-data uploads are intended only for adults aged 18 or older. Children under 13 must not use the Service. We do not knowingly collect personal data from children or minors in violation of applicable law. If we learn that we have collected such data, we will take steps to delete it and may suspend related access.

9. Security

We use industry-standard encryption (HTTPS/TLS) and secure cloud infrastructure (Google Cloud/Firebase/Cloudflare). However, no method of transmission over the Internet is 100% secure. You are responsible for securing your account credentials.

10. Changes to This Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. You are advised to review this Privacy Policy periodically.

11. Contact Us & DPO

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

  • Email: support@reallinkai.com