Privacy Policy

This Privacy Policy describes how Robowise (“Robowise,” “we,” “us,” or “our”), operated by Rosh Singh, handles information across our public site at robowise.ai and www.robowise.ai, our Area 51 agentic AI orchestration product (the “Platform”), and the consulting engagements we run with clients (collectively, the “Services”).

Robowise is an AI venture studio and transformation consultancy. The same builders ship the product and run the consulting practice, which means our data footprint stays small and our handling of it stays accountable.

The information we collect depends on how you interact with us.

Marketing site visitors

• Analytics data. Pages visited, referring URL, approximate location (derived from IP), device and browser type, and basic interaction signals. We use Google Analytics 4 (measurement ID G-8QT6S0JF2W) for this, with IP anonymization where supported.
• Contact form submissions. When you fill out a contact or interest form (including on the Area 51 page and consulting CTAs) we receive the name, email, phone, company / website, and message you provide. These submissions are delivered to our team via email through Resend.
• Booking data. When you book a call through our Calendly link, Calendly collects what you submit to schedule the meeting (name, email, time-zone, and any answers to intake questions) and shares the booking with us.

Area 51 platform users

• Account information. Name, email, organization, authentication identifiers (we use NextAuth for sign-in), and role.
• Workspace content. Tasks, prompts, conversations, files, integration credentials, and any other content you or your team upload into your Area 51 workspace so that our agents can act on it.
• Agent execution logs. Audit trails of agent steps, tool calls, approvals, and outputs — this is core to keeping agentic work governable and reviewable.
• Usage telemetry. Feature usage, error logs, latency metrics, and similar signals we use to keep the Platform reliable.

Consulting clients

• Business contact details, engagement materials, and any data you share with us under our consulting agreement. Sensitive material is typically governed by a separate NDA / MSA, which takes precedence over this policy for that engagement.

• To operate, secure, and improve the Services.
• To run agent workflows you initiate on the Area 51 Platform, including passing the minimum necessary context to large language model providers so agents can complete the task you asked for.
• To respond to inquiries, schedule calls, send proposals, and communicate about ongoing engagements.
• To send transactional emails (sign-in, billing receipts, security notices) and infrequent product updates. We don't sell mailing lists.
• To detect and prevent abuse — including misuse of agents, fraud, and unauthorized access — and to meet legal obligations.

We do not train foundation models on your data. Content you put into Area 51 or share with us during a consulting engagement is not used to train third-party foundation models. We may use aggregated or de-identified telemetry to improve our own product surfaces.

We use a focused stack of vendors to deliver the Services. Each acts as a data processor on our behalf and is bound by their own terms and security posture.

• Vercel — hosting and edge delivery for robowise.ai and the Platform.
• Supabase — primary application database and object storage.
• Resend — outbound transactional and contact-form email delivery.
• Google Analytics — site analytics on robowise.ai.
• Calendly — booking and scheduling.
• Stripe — payment processing for Platform subscriptions and consulting invoices. We don't store full card numbers; Stripe handles that.
• LLM providers (e.g. Anthropic, OpenAI) — only when Area 51 agents need to call them to complete a task you initiated. Provider API access is configured to disable training on request inputs/outputs where the provider supports that flag.

We do not sell your personal information. We share data only with:

• The processors listed above, scoped to what they need to deliver their function.
• Your authorized teammates within your Area 51 workspace, per the permissions you configure.
• Acquirers or successors in the event of a merger, acquisition, or asset sale, with continued protection under terms at least as protective as these.
• Authorities when we're legally required to, or when we reasonably believe disclosure is necessary to prevent serious harm.

We use a small number of first- and third-party cookies and local storage entries. The main categories:

• Strictly necessary — authentication, CSRF protection, load balancing.
• Analytics — Google Analytics cookies (_ga,_ga_*) to understand aggregate traffic. We do not use Google Analytics for advertising remarketing.
• Preference — small entries to remember UI state such as audio panel visibility or theme.

You can clear cookies or use browser-level Do Not Track / Global Privacy Control signals; we honor GPC where applicable.

We keep personal information only as long as we need it for the purposes described above, then delete or anonymize it. As a rule of thumb:

• Contact form submissions and inbound inquiries: up to 24 months unless we have an ongoing relationship.
• Area 51 workspace content: for the lifetime of the workspace, plus a short grace period after deletion (typically 30 days) so accidental deletes can be recovered, after which it's purged from primary systems and aged out of backups.
• Audit and execution logs: retained for the period required to meet our security, legal, and contractual obligations — typically 12–24 months.
• Billing records: retained as long as required by tax and accounting law (typically 7 years in the United States).

Depending on where you live, you may have rights under laws such as the EU/UK GDPR, the California Consumer Privacy Act (as amended by the CPRA), and similar US state privacy laws. These typically include the right to:

• Access the personal information we hold about you.
• Correct inaccurate information.
• Delete information we hold, subject to legal and operational exceptions.
• Receive a portable copy of information you provided to us.
• Object to or restrict certain processing, including the right to opt out of “sale” or “sharing” as defined under US state laws (we do not sell personal information).
• Withdraw consent where processing is based on consent.

To exercise any of these rights, email security@robowise.ai. We may need to verify your identity before responding. You also have the right to lodge a complaint with your local data protection authority.

We use industry-standard safeguards including encryption in transit (TLS), encryption at rest for data stored by Supabase, scoped access controls, least-privilege service credentials, and audit logging on agent actions. No system is perfectly secure, but we treat security as a product feature, not paperwork — see our AI Security Practice page for more on how we think about it.

Robowise is based in the United States and our infrastructure is hosted primarily in the US. If you access the Services from outside the US, your information will be transferred to and processed in the US and other jurisdictions where our processors operate. Where required, we rely on standard contractual clauses or equivalent safeguards.

The Services are not directed to children under 13 (or under 16 in the EEA / UK). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us at security@robowise.ai and we'll delete it.

We'll update this policy as the product and our practices evolve. Material changes will be announced via the Platform or by email to account holders. The “Last updated” date at the top of this page always reflects the current version.

Questions, privacy requests, or anything you'd rather just talk through with a human:

• Privacy & security: security@robowise.ai
• General: contact@robowise.ai