Privacy Policy
Last Updated: November 15, 2024
Information We Collect
Information You Provide
Account information: name, email address, password (hashed)
Business profile: business name, business description, ideal customer profile, preferred tone, active platforms
API keys for third-party integrations (stored encrypted)
Google OAuth tokens when you connect Gmail or Calendar
Messages and conversations you have with Ultron
Content you create through Ultron (posts, emails, outreach campaigns)
Lead and deal data you generate or import
Information Collected Automatically
Channel connection data (Telegram user ID, WhatsApp number)
Usage data: conversation count, message count, features used
Workspace code and linked channel identifiers
Timestamps of interactions
Information We Do Not Collect
We do not collect payment card details directly. All payments are processed by Stripe.
We do not read the contents of your connected Gmail or Calendar except when executing a specific task you requested through Ultron
How We Use Your Information
To provide and operate the Ultron Service
To personalize Ultron's responses based on your business profile and conversation history
To execute tasks you request: sending emails, scheduling meetings, finding leads, generating content
To sync your data across channels (web dashboard, Telegram, WhatsApp) so you have a unified experience
To enforce plan limits and manage your subscription
To improve the Service and fix issues
To communicate with you about your account, updates, or support
Data Storage and Security
Where We Store Data
Your data is stored in Supabase (hosted on AWS) with row-level security enabled. Each user can only access their own data. API keys are stored in encrypted form. Google OAuth tokens are stored in a separate encrypted table.
Security Measures
Row-level security (RLS) on all database tables
Encrypted storage for API keys and OAuth tokens
HTTPS encryption for all web traffic
Server-side API routes that never expose credentials to the browser
Webhook authentication via shared secrets for server-to-server communication
BYOK Model
When you provide your own API keys (Bring Your Own Key), those keys are used exclusively to execute tasks on your behalf. We do not use your keys for any other purpose. Keys are stored encrypted and can be deleted at any time by disconnecting the integration.
Data Sharing
We do not sell your data. We share your information only in these cases:
With third-party services you explicitly connect (Gmail, Apollo, Apify, etc.) to execute tasks you request
With Stripe for payment processing
With the AI engine (OpenClaw) to generate responses and execute tasks
When required by law or to protect our legal rights
We do not share your business data, leads, content, or conversation history with other Ultron users or any third party for marketing purposes.
Data Retention
Active accounts: data is retained for as long as your account is active
Deleted accounts: data is permanently deleted within 30 days of account deletion
Conversation history: retained indefinitely for active accounts to provide cross-channel memory and context
Billing records: retained for 7 years as required by law
Your Rights
Under GDPR and applicable data protection laws, you have the right to:
Access: request a copy of all data we hold about you
Rectification: update or correct your personal information via the Settings page
Deletion: delete your account and all associated data
Portability: request your data in a machine-readable format
Objection: object to certain processing of your data
Restriction: request we limit how we process your data
To exercise these rights, contact us at support@51ultron.com or use the account management features in the Settings page.
Cookies
We use essential cookies for authentication and session management. We do not use advertising or tracking cookies. Supabase authentication requires cookies to maintain your login session.
Cross-Channel Data
Ultron operates across multiple channels (web, Telegram, WhatsApp). When you link a channel using your workspace code, conversations and data from that channel are synced to your Supabase account. This enables Ultron to maintain context across platforms. You can unlink a channel at any time through the Settings page.
AI Processing
Your messages are processed by AI to generate responses and execute tasks. We do not use your conversations to train AI models. Your business data, leads, and content remain private to your account. AI responses may be inaccurate and should be reviewed before acting on them.
Children
Ultron is not intended for use by individuals under 18 years of age. We do not knowingly collect information from children.
International Data Transfers
Your data may be processed in servers located in the United States (AWS/Supabase) and the European Union. We ensure appropriate safeguards are in place for any international data transfers in compliance with GDPR.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The "Last Updated" date at the top reflects the most recent revision.
