Privacy Policy

1. Who We Are

REDBOT ("we", "us", "our") operates the website getredbot.net and the REDBOT intelligence platform. We are committed to protecting your personal data and processing it in accordance with applicable data protection law, including the UK GDPR, the EU GDPR, and the California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA).

For data protection enquiries, contact us at: [email protected]

2. Data We Collect

We collect the following categories of personal data:

• Account data — your name and email address, provided via Google OAuth when you sign in.
• Billing data — payment method details and transaction history, processed by Stripe. REDBOT never sees or stores your full card number.
• Usage data — searches you perform, pages you visit, features you use, and time spent on the platform. This is collected automatically via server logs and cookies.
• Technical data — IP address, browser type and version, device type, and operating system.
• Communications — if you contact support, we retain the content of those messages.

We do not collect sensitive personal data (such as health, racial origin, or political views).

3. How We Use Your Data

We use your personal data to:

• Create and maintain your account, and verify your identity via Google OAuth.
• Process subscription payments and manage billing through Stripe.
• Deliver the REDBOT platform features you have subscribed to.
• Send transactional emails (receipts, account alerts, weekly digest if opted in).
• Monitor, maintain, and improve the platform's performance and security.
• Comply with legal obligations (tax records, fraud prevention).

We do not sell your personal data to third parties. We do not use your data for advertising profiling.

4. Legal Basis for Processing (GDPR)

We rely on the following legal bases under UK/EU GDPR:

• Contract performance — processing necessary to deliver the service you signed up for (account creation, billing, feature access).
• Legitimate interests — security monitoring, platform analytics, and fraud prevention.
• Legal obligation — retention of financial records as required by law.
• Consent — for optional marketing emails (weekly digest). You may withdraw consent at any time.

5. Cookies

REDBOT uses the following types of cookies:

• Session cookies — to keep you signed in between pages. These are strictly necessary and expire when you close your browser or sign out.
• Preference cookies — to remember your UI preferences (e.g. sidebar state, theme). These are stored in localStorage.

We do not use third-party advertising or tracking cookies. We do not use Google Analytics or Facebook Pixel.

6. Third-Party Services

REDBOT uses the following third-party processors:

• Google OAuth — for sign-in. Google processes your email and name to authenticate you. See Google's Privacy Policy.
• Stripe — for payment processing. Stripe is PCI-DSS Level 1 certified. See Stripe's Privacy Policy.
• Railway / Cloudflare — for hosting and infrastructure. Data may be processed in the US and EU under standard contractual clauses.

7. Data Retention

We retain your personal data for as long as your account is active. If you delete your account:

• Account data (name, email) is deleted within 30 days.
• Usage data (searches, history) is deleted within 30 days.
• Billing records are retained for 7 years as required by financial regulations.

8. Your Rights (GDPR)

If you are based in the UK or EU, you have the following rights regarding your personal data:

• Access — request a copy of the data we hold about you.
• Rectification — correct inaccurate data.
• Erasure — request deletion of your data ("right to be forgotten").
• Portability — receive your data in a machine-readable format.
• Restriction — limit how we process your data in certain circumstances.
• Objection — object to processing based on legitimate interests.
• Withdraw consent — for any processing based on your consent (e.g. marketing emails).

To exercise any of these rights, email [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

8a. Your Rights — California Residents (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) grant you the following rights in addition to those described above:

• Right to Know — you may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, our business purpose for collecting it, and the categories of third parties with whom we share it.
• Right to Delete — you may request deletion of personal information we have collected from you, subject to certain exceptions (e.g. completing a transaction, security, legal obligations).
• Right to Correct — you may request that we correct inaccurate personal information we hold about you.
• Right to Opt-Out of Sale or Sharing — REDBOT does not sell your personal information and does not share it for cross-context behavioural advertising. You do not need to opt out, but we honour any Global Privacy Control (GPC) signal if detected.
• Right to Limit Use of Sensitive Personal Information — we do not collect sensitive personal information as defined by CPRA (e.g. financial account numbers, precise geolocation, biometric data).
• Right to Non-Discrimination — we will not discriminate against you for exercising any of your CCPA/CPRA rights. You will not receive a different price, quality of service, or denial of goods or services.

How to submit a request: Email [email protected] with subject line "California Privacy Request". We will verify your identity before processing your request and respond within 45 days (extendable by an additional 45 days with notice). You may designate an authorised agent to make a request on your behalf — we will require written proof of authorisation.

Do Not Sell or Share My Personal Information: As stated above, REDBOT does not sell personal information or share it for advertising purposes. No opt-out action is required.

For more information about your California privacy rights, you may contact the California Privacy Protection Agency at cppa.ca.gov.

9. Data Security

We implement appropriate technical and organisational measures to protect your data, including encrypted connections (HTTPS/TLS), hashed session tokens, and restricted access to production systems. No internet transmission is 100% secure, and we cannot guarantee absolute security.

10. International Transfers

REDBOT is hosted on infrastructure in the US and EU. Where personal data is transferred outside the UK/EEA, we ensure an adequate level of protection through standard contractual clauses or equivalent mechanisms.

11. Children's Privacy

REDBOT is not intended for users under the age of 18. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us at [email protected] and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The date at the top of this page reflects the last revision. Material changes will be communicated via email to registered users.

13. Contact

For any privacy-related questions or requests: [email protected]