Privacy Policy

1. Who we are

The Service is operated by Robotico Inc., a company registered in the United Arab Emirates. For any privacy-related request, contact us at privacy@robotico.market.

2. Information we collect

We only collect information that is necessary to operate the Service.

2.1 Account information

• Email address (required to create an account and receive notifications).
• Password, stored only as a cryptographic hash. Plain passwords are never written to disk.
• Display name, username, avatar, and bio that you choose to provide.
• Role on the platform (reader, contributor, company representative, admin).

2.2 Third-party sign-in (OAuth)

If you sign in with Google or X (Twitter), we receive the profile information released by that provider: your email, display name, profile image, and a stable provider identifier. We do not receive your password.

2.3 Content you create

• Articles you publish, including drafts, images, and revisions.
• Upvotes, bookmarks, and other interactions you record.
• Company edits submitted when you act as a verified company representative.

2.4 Developer and API data

When you generate a developer API token (for the Robotico MCP server or the REST API), we store a SHA-256 hash of the token, a human label, and timestamps. The raw token is shown to you once at creation and is never recoverable afterwards.

2.5 Technical data

Our hosting provider (Vercel) automatically processes standard request metadata: IP address, user agent, referrer, and timing data, for the purpose of delivering pages, preventing abuse, and monitoring reliability. We do not use this data to build advertising profiles.

3. How we use your data

• Create and maintain your account, authenticate sessions, and verify your email.
• Publish and display the articles and profile information you choose to submit.
• Send transactional emails (sign-in confirmations, password resets, article notifications).
• Send the weekly industry digest if and while you have opted in.
• Prevent fraud, spam, and abuse, and enforce our Terms of Service.
• Produce aggregate, non-identifying analytics about platform usage.

4. Legal bases for processing

Where the GDPR or comparable law applies, we rely on the following legal bases:

• Contract performance — to provide the account, publishing, and API features you requested.
• Legitimate interests — to secure the Service, prevent abuse, and improve reliability.
• Consent — for the weekly email digest and any optional communications. You may withdraw consent at any time from your dashboard or by emailing us.
• Legal obligation — to comply with applicable law.

5. Sub-processors

We rely on a small number of trusted service providers. Each one receives only the data it needs to operate on our behalf.

• Supabase — database and object storage (PostgreSQL and file storage for avatars, logos, and article images).
• Vercel — application hosting, edge delivery, and server functions.
• Resend — transactional email delivery and the weekly digest.
• Google and X (Twitter) — optional OAuth sign-in providers.

We do not sell your personal data to any third party, and we do not run third-party advertising trackers on the Service.

6. Cookies and local storage

• Session cookie — a secure, HTTP-only cookie set by NextAuth to keep you signed in. This cookie is strictly necessary.
• Theme preference — stored in your browser’s localStorage. It never leaves your device.

We do not use advertising or cross-site tracking cookies.

7. Data retention

• Account and profile data are retained while your account is active.
• When you delete an article, it is removed from the Service. Database backups may retain a copy for up to 30 days before rotation.
• When you delete your account, we remove your personal information within 30 days. Public contributions (published articles) may remain under your author name unless you ask for them to be removed, in order to preserve the editorial record.
• Aggregated, anonymized statistics (e.g. total upvote counts) may be retained indefinitely.

8. Your rights

Subject to applicable law, you have the right to access, correct, export, restrict, or delete the personal information we hold about you, and to object to processing based on legitimate interests. You may exercise these rights from your account settings or by contacting privacy@robotico.market. We will respond within a reasonable timeframe, and always within any period required by law.

9. International transfers

The Service is operated from the United Arab Emirates, and our sub-processors may store or process data in the European Union, the United States, or other jurisdictions. Where required, we rely on the standard contractual clauses or equivalent safeguards offered by each provider.

10. Security

We use industry-standard safeguards, including TLS in transit, encryption at rest via our database and storage providers, hashed credentials, and strict row-level security in the database. No online service can guarantee perfect security; please use a unique password and contact us immediately if you suspect unauthorized access to your account.

11. Children

The Service is not directed to children under 13, and we do not knowingly collect personal information from them. If you believe a child has provided us with personal data, please contact us and we will delete it.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, notify you by email or through an in-app notice.

13. Contact

For any question about this Privacy Policy or about how your data is handled, write to privacy@robotico.market.