Privacy Policy

1. General

This Privacy Policy explains how Redbo Ltd. (hereinafter: "the Company," "we," "our") collects, uses, and protects information when you use our website, admin portal, and embeddable widget. Our products are built around two principles: privacy by design and data minimization — we collect only what is necessary to operate the Service and avoid processing personal data wherever the same outcome can be achieved without it.

2. Privacy by Design and Data Minimization

Privacy and data-protection considerations are built into the architecture of the Service from the design stage onward and are reviewed whenever the system materially changes. We apply data minimization throughout the product: we limit the categories of information we collect, the volume retained, and the duration of retention to what is required for the specific purpose stated to the user or customer.

3. Intended Use of the Service

The Service is designed to provide answers and operations on top of public information, organizational knowledge bases, and customer-approved content sources that the customer connects to the platform. It is not intended to be a repository for personal, medical, financial, identification, password, or payment information. Users and customers must not submit such information through chat, forms, uploads, integrations, or any other input channel of the Service. Additional obligations are described in our Terms of Use.

4. Information We Collect

We may collect:

• Account and contact information you provide (name, business email, phone, role) when registering or contacting us.
• Operational information required to deliver the Service (organization, locale preference, last page visited inside the portal).
• Technical information such as IP address, browser type, operating system, and basic event logs needed to operate, secure, and troubleshoot the Service.
• Customer-supplied content connected from approved sources (the customer’s website, knowledge base, documents) and conversations conducted with the AI assistant.

5. Use of Information

We use the information collected to:

• Provide and operate the Service for the customer that connected the data.
• Authenticate users and protect against abuse.
• Improve service quality, reliability, and accuracy of responses.
• Communicate with customers and respond to inquiries.
• Comply with legal and regulatory obligations.

6. PII Redaction and External-AI Boundaries

Before customer-supplied content is stored or sent to an external AI model, the Service runs PII redaction controls that detect and mask categories such as ID numbers, payment data, contact details, and other personally identifying information. Requests to OpenAI are sent with store:false. We do not rely on provider-side conversation memory; multi-turn conversational context is reconstructed from our own redacted chat history. Under the provider’s API terms, content submitted through the API is not used to train or fine-tune their models unless this is explicitly enabled under those terms or organization-level settings — we do not enable such options.

7. Sharing Information with Third Parties

We do not sell, trade, or rent personal information. We may share information only:

• With sub-processors and infrastructure providers that operate the Service under written contractual obligations of confidentiality and data protection (see our Data Processing Policy for the current list).
• When required by law or court order, or to protect rights, property, and safety.
• With your explicit consent.

8. Data Security

We apply technical and organizational security controls appropriate to the sensitivity of the data, including access controls, encryption in transit and — where applicable — at rest, separation of customer data, and ongoing monitoring. No method of transmission or storage is 100% secure, but we continuously work to harden our environment.

9. Cookies, Storage, and Trackers

We use a small set of essential and functional cookies and browser-storage keys (described in the Cookies Policy) to authenticate sessions, remember the user’s selected language, support navigation continuity inside the portal, and run the embeddable widget. We do not embed third-party analytics, advertising, or marketing trackers — including Google Analytics, Google Tag Manager, Meta Pixel, Hotjar, Microsoft Clarity, LinkedIn Insight Tag, or any equivalent technology.

10. No Payment Processing in the Service

Payments are not processed inside the Service. Card data, bank credentials, and similar payment instruments must not be submitted into chat, forms, knowledge bases, or any other input of the Service. Where payments are involved in the commercial relationship between the customer and Redbo, they are handled outside the Service through separately agreed channels.

11. Your Rights

Subject to applicable law, you may:

• Request access to your personal information.
• Ask us to correct inaccurate information.
• Request erasure or restriction of processing in defined circumstances.
• Withdraw consent where processing is based on consent.

12. Data Retention and Manual Review

We retain personal information only for as long as required for the purpose for which it was collected, or as required by law. Subscription freeze, suspension, or termination does not by itself trigger automatic deletion of customer data. Deletion, anonymization, return, or archival of customer data is handled through a manual review and approval process, with documentation or audit logging where applicable. This approach is intended to prevent accidental loss of data that the customer may still need to access or recover after a billing or status change.

13. Minors

Our services are not intended for minors under the age of 18. We do not knowingly collect personal information from minors; if we discover such information has been submitted, we will remove it from our systems.

14. Changes to the Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be published on the website with appropriate notice. Continued use after publication constitutes acceptance of the updated policy.

15. Contact

For questions, clarifications, or requests regarding this Privacy Policy or the handling of your personal information, you can contact us via:

• The contact form on our website
• Email or phone (details available on the website)