Privacy Policy

1. Introduction

RoboBase ("we", "us", or "our") operates robobase.io (the "Service"), a robotics components directory with an AI-powered chat assistant that helps users identify components and connect with suppliers. The AI assistant provides general information only, not professional engineering advice, and responses may contain inaccuracies.

This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights regarding your personal data.

Data Controller: RoboBase, Israel. Contact: privacy@robobase.io

For the purposes of the EU General Data Protection Regulation (GDPR), we are the data controller responsible for your personal data.

2. Information We Collect

2.1 Information You Provide Directly

• Account information: When you create an account, we collect your email address and any display name you provide.
• Chat interactions: When you use the AI chat assistant, we collect the messages you send, including system descriptions, component requirements, and technical queries. This applies to both logged-in and guest usage (a limited chat is available before account creation). These messages are transmitted to a third-party AI model provider to generate responses. Please do not include sensitive personal data (such as health information, financial details, or government identifiers) in your chat messages.
• Supplier connection requests: When you request a connection with a supplier, we collect your name, email address, and optionally your phone number and company name, along with the component requirements discussed in the chat.
• Advertising interest form: If you are a supplier expressing interest in advertising, we collect your company name, contact person name, business email, and product category.

2.2 Information Collected Automatically

We use a privacy-focused, cookieless analytics service to understand how the Service is used. This service does not use cookies and collects only aggregated data such as page views, referrer sources, browser type, and approximate geographic region. IP addresses may be processed transiently to derive approximate geographic information and are not intended to be retained by our analytics provider.

Our web hosting infrastructure may collect standard server logs, including IP addresses, for security and operational purposes. These logs are retained for a limited period and are not used for tracking or profiling.

Our authentication system uses strictly necessary session cookies and localStorage tokens to keep you logged in. These are essential for the Service to function and do not track your activity.

3. How We Use Your Information

We use your information for the following purposes:

• Providing AI chat assistance (chat messages, component queries) — to provide, operate, and improve the Service.
• Connecting you with suppliers (name, email, phone, company, requirements) — based on your explicit consent at the point of request.
• Managing your account (email, display name) — necessary for providing the Service.
• Understanding Service usage (anonymous, aggregated analytics) — legitimate interest in improving the Service.
• Following up on advertising interest (company, contact, email, category) — pre-contractual steps at your request.
• Complying with legal obligations (any data as required by law) — legal obligation.

4. Who We Share Your Data With

4.1 Suppliers (Only With Your Consent)

When you explicitly request a supplier connection through the AI chat, we share your contact information (name, email, and component requirements) with the relevant supplier(s). No identifying information is shared until you initiate a connection request and approve a preview of the data to be sent. We may receive compensation from suppliers for providing these introductions.

Once your information is shared with a supplier at your request, the supplier becomes an independent data controller and processes your data under their own privacy policy. We are not responsible for the supplier's data handling practices after the transfer.

When we reach out to a supplier on your behalf, we do so as a facilitator and not as an authorized partner, distributor, or agent of that supplier.

4.2 Service Providers

We use third-party service providers who process data on our behalf, including: a cloud database and authentication provider (account data, chat data), an AI language model provider (chat messages, processed via our application infrastructure), a privacy-focused analytics provider (anonymous usage data only), a web hosting provider (server logs, application data), and a transactional email provider (email address, for account-related communications). Each provider is subject to terms that include data processing obligations. We may update or change providers over time.

We may also disclose your data if required by law, legal process, or to protect our rights, or as part of a merger or acquisition.

5. International Data Transfers

Your data may be processed by service providers located outside your country of residence, including in the United States. For transfers to countries outside the EU/EEA that are not subject to an adequacy decision by the European Commission, we rely on Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms as applicable. We ensure that all international transfers of personal data are subject to appropriate safeguards as required by applicable law.

6. How Long We Keep Your Data

• Account data is retained until you delete your account.
• Chat conversation data is retained for 12 months from the last interaction, then deleted.
• Supplier connection request data is retained for 24 months.
• Advertising interest form data is retained for 12 months.
• Analytics data is anonymous and aggregated and is not considered personal data.
• Server logs are retained for a limited period consistent with security and operational needs.

All personal data is deleted from production systems within 30 days after we receive and confirm a deletion request, except where retention is required by law. Deleted data may persist in encrypted backups for a limited period until those backups are rotated.

7. Communications

We may send you transactional emails related to your account and use of the Service, such as account verification, password resets, supplier connection confirmations, and service notifications. These communications are necessary for the operation of the Service and are not marketing.

If we introduce marketing communications in the future, we will only send them with your explicit opt-in consent. You will be able to unsubscribe from marketing emails at any time via a link in each message.

8. Data Protection Rights

Depending on your location, you may have rights under applicable data protection laws. Under the EU General Data Protection Regulation (GDPR), these include the rights of access, rectification, erasure, restriction of processing, data portability, objection, and withdrawal of consent. Under the Israeli Privacy Protection Law, these include the rights of review, correction, deletion, and objection to direct marketing.

To exercise any of these rights, contact us at privacy@robobase.io. We will respond within 30 days. We may verify your identity before processing access, correction, or deletion requests. You may also contact your local data protection authority if you have unresolved concerns.

9. Cookies and Tracking Technologies

Our analytics service does not use cookies and does not track individual users. Our authentication system uses strictly necessary cookies and localStorage tokens solely to maintain your login session. These are used only to keep you logged in and operate the Service. We do not use any advertising, retargeting, or social media cookies.

10. Children's Privacy

The Service is not directed at individuals under the age of 16, and we do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will delete it promptly.

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data. However, no method of transmission over the Internet or electronic storage is completely secure, and we cannot guarantee absolute security.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated policy on this page and update the "Last updated" date. Updated policies apply from the date posted above.

13. Contact Us

If you have any questions about this Privacy Policy or want to exercise your data rights, contact us at privacy@robobase.io.