Effective Date: February 15, 2026
Last Updated: February 15, 2026
Summary: This Privacy Policy describes how RWX‑TEK INC., a California C Corporation (“RWX‑TEK,” “Company,” “we,” “our,” or “us”), collects, uses, discloses, and protects your personal information when you use our websites (rwxtek.com, jettson.dev), mobile applications (OVRTK), AI-powered features (Gladitel, Scotty), and all related products and services (collectively, the “Services”). This policy applies to all users worldwide and specifically addresses your rights under the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the Children’s Online Privacy Protection Act (COPPA), the Family Educational Rights and Privacy Act (FERPA), the General Data Protection Regulation (GDPR), and other applicable privacy laws.
1. Information We Collect
1.1 Information You Provide Directly
| Category | Examples | When Collected |
|---|---|---|
| Account Information | Name, email address, username, password | Account registration |
| Profile Information | Business name, industry, profile photo | Profile setup |
| Payment Information | Credit/debit card number, billing address | Purchases (processed by Stripe; we do not store full card numbers) |
| Communications | Emails, support requests, feedback | When you contact us |
| AI Interaction Data | Prompts, queries, and content you submit to AI features (Gladitel, Scotty) | When you use AI features |
| User Content | Documents, files, business data you upload | When you use business tools (CRM, invoicing, etc.) |
| Contact Form Data | Name, email, phone, message | When you submit contact forms |
1.2 Information Collected Automatically
| Category | Examples | Purpose |
|---|---|---|
| Device Information | IP address, browser type, operating system, device identifiers | Security, analytics, compatibility |
| Usage Data | Pages visited, features used, time spent, click patterns | Service improvement, analytics |
| Log Data | Server logs, error reports, access times | Security, debugging |
| Location Data | Approximate location derived from IP address | Compliance, localization |
| Cookies and Trackers | Session cookies, analytics cookies, preference cookies | See Section 5 below |
1.3 Information from Third Parties
We may receive information from third-party sources, including:
- Authentication providers (if you sign in via Google, Apple, or other OAuth providers);
- Payment processors (transaction confirmations);
- Analytics providers (aggregated usage data);
- Public databases (for business verification purposes).
2. How We Use Your Information
We use your personal information for the following purposes:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Providing, maintaining, and improving the Services | Contract performance |
| Processing payments and managing subscriptions | Contract performance |
| Processing your AI queries and generating AI responses | Contract performance |
| Communicating with you about your account, services, and support | Contract performance / Legitimate interest |
| Sending marketing and promotional communications (with your consent) | Consent |
| Analyzing usage patterns to improve our Services | Legitimate interest |
| Detecting, preventing, and addressing fraud, abuse, and security issues | Legitimate interest / Legal obligation |
| Complying with legal obligations and responding to legal processes | Legal obligation |
| Enforcing our Terms of Service and protecting our rights | Legitimate interest |
| Improving our AI models using anonymized, aggregated data (with opt-out available) | Legitimate interest |
3. How We Share Your Information
We do not sell your personal information. We have not sold personal information in the preceding twelve (12) months and do not intend to sell personal information in the future.
We may share your information with the following categories of recipients:
| Recipient | Purpose | Data Shared |
|---|---|---|
| AI Model Providers (e.g., OpenAI, Anthropic) | Processing AI queries | Your prompts and necessary context to generate responses |
| Payment Processors (e.g., Stripe) | Processing payments | Payment information, billing address |
| Cloud Hosting Providers (e.g., Vercel, AWS) | Hosting and infrastructure | All data stored in our systems |
| Analytics Providers (e.g., Google Analytics) | Website analytics | Usage data, device information (anonymized where possible) |
| Email Service Providers | Transactional and marketing emails | Email address, name |
| Legal and Regulatory Authorities | Compliance with legal obligations | As required by law, court order, or subpoena |
| Business Transfers | Merger, acquisition, or sale of assets | All data may be transferred as a business asset |
All third-party service providers are contractually obligated to use your personal information only for the purposes for which it is shared and to maintain appropriate security measures.
4. AI-Specific Data Practices
Important: This section specifically addresses how your data is handled when you interact with our AI-powered features, including Gladitel (on Jettson) and Scotty (on OVRTK).
4.1 What AI Features Process
When you use our AI features, we process:
- Your text prompts and queries;
- Context from your account data that you authorize the AI to access (e.g., CRM contacts, invoices);
- AI-generated responses provided to you;
- Metadata about your AI usage (timestamps, feature used, response quality signals).
4.2 How AI Data Is Used
- To provide the Service: Your prompts are sent to our AI model providers to generate responses. These providers process your data as sub-processors under our data processing agreements;
- To improve the Service: We may use anonymized, aggregated data derived from AI interactions to improve our products. We do not use your identifiable business data, personal information, or proprietary content to train third-party AI models without your separate, explicit opt-in consent;
- To ensure safety: AI interactions may be reviewed (in anonymized form) for safety, abuse detection, and compliance purposes.
4.3 AI Data Retention
- AI conversation history is retained for the duration of your account unless you delete it;
- You may delete individual conversations or all AI history through your account settings;
- Anonymized, aggregated data derived from AI usage may be retained indefinitely for product improvement;
- Upon account deletion, all identifiable AI interaction data is deleted within thirty (30) days.
4.4 Opting Out of AI Data Usage
You may opt out of having your AI interaction data used for product improvement by contacting privacy@rwxtek.com or adjusting your settings within the applicable Service. Opting out will not affect the functionality of the AI features.
5. Cookies and Tracking Technologies
5.1 Types of Cookies We Use
| Cookie Type | Purpose | Duration | Required? |
|---|---|---|---|
| Essential Cookies | Authentication, security, basic functionality | Session / 1 year | Yes |
| Analytics Cookies | Understanding usage patterns (e.g., Google Analytics) | Up to 2 years | No (opt-out available) |
| Preference Cookies | Remembering your settings and preferences | Up to 1 year | No (opt-out available) |
| Marketing Cookies | Delivering relevant advertising | Up to 1 year | No (opt-out available) |
5.2 Managing Cookies
You can control cookies through:
- Our cookie consent banner (displayed on first visit);
- Your browser settings (most browsers allow you to block or delete cookies);
- The Network Advertising Initiative opt-out page: optout.networkadvertising.org;
- Google Analytics opt-out: tools.google.com/dlpage/gaoptout.
Please note that disabling certain cookies may affect the functionality of our Services.
6. Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.
| Data Type | Retention Period |
|---|---|
| Account information | Duration of account + 30 days after deletion |
| Payment records | 7 years (tax/legal compliance) |
| AI conversation data | Duration of account (user-deletable) |
| Server logs | 90 days |
| Analytics data | 26 months (aggregated) |
| Support communications | 3 years after resolution |
| Marketing consent records | Duration of consent + 3 years |
7. Data Security
We implement and maintain reasonable administrative, technical, and physical security measures to protect your personal information, including:
- Encryption of data in transit using TLS/SSL protocols;
- Encryption of sensitive data at rest;
- Access controls and authentication requirements for our systems;
- Regular security assessments and vulnerability testing;
- Employee training on data protection and security practices;
- Incident response procedures for potential data breaches.
While we take reasonable precautions, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security of your data. In the event of a data breach involving your personal information, we will notify you and any applicable regulatory authorities as required by law.
8. Your Rights — California Residents (CCPA/CPRA)
California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) Notice
If you are a California resident, you have the following rights under the CCPA and CPRA, effective as of January 1, 2023, with additional protections effective January 1, 2026.
8.1 Your CCPA/CPRA Rights
- Right to Know (Access): You have the right to request that we disclose what personal information we have collected, used, disclosed, and sold about you in the preceding 12 months;
- Right to Delete: You have the right to request that we delete the personal information we have collected from you, subject to certain exceptions;
- Right to Correct: You have the right to request that we correct inaccurate personal information we maintain about you;
- Right to Opt-Out of Sale/Sharing: You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising. We do not sell personal information;
- Right to Limit Use of Sensitive Personal Information: You have the right to limit our use of your sensitive personal information to uses that are necessary to provide the Services;
- Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you services, charge you different prices, or provide a different level of service for exercising your rights.
8.2 Categories of Personal Information Collected (Past 12 Months)
| Category (per CCPA § 1798.140) | Collected? | Sold? | Disclosed for Business Purpose? |
|---|---|---|---|
| A. Identifiers (name, email, IP address) | Yes | No | Yes — to service providers |
| B. Personal information (Cal. Civ. Code § 1798.80) | Yes | No | Yes — to payment processors |
| D. Commercial information (purchase history) | Yes | No | Yes — to payment processors |
| F. Internet/electronic activity (browsing, search history) | Yes | No | Yes — to analytics providers |
| G. Geolocation data (approximate, from IP) | Yes | No | No |
| K. Inferences drawn from the above | Yes | No | No |
8.3 How to Exercise Your Rights
You may submit a verifiable consumer request by:
- Emailing us at privacy@rwxtek.com;
- Using the request form on our website;
- Writing to us at the address listed in Section 16.
We will verify your identity before processing your request. You may authorize an agent to submit a request on your behalf, provided the agent has your written authorization. We will respond to verifiable requests within forty-five (45) days of receipt. We may extend this period by an additional forty-five (45) days if reasonably necessary, with prior notice to you.
8.4 Do Not Sell or Share My Personal Information
We do not sell or share your personal information as those terms are defined under the CCPA/CPRA. However, in the interest of transparency, we provide this link for you to exercise your right:
Do Not Sell or Share My Personal Information
8.5 Automated Decision-Making Technology (ADMT)
In compliance with CPRA regulations effective January 1, 2026, we disclose that our AI features (Gladitel and Scotty) constitute automated decision-making technology. These tools are designed to assist and augment human decision-making, not to replace it. We do not use ADMT to make significant decisions about consumers (such as employment, credit, insurance, or housing decisions) without meaningful human involvement. You have the right to opt out of profiling that produces legal or similarly significant effects.
9. Your Rights — European Users (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following additional rights under the General Data Protection Regulation (GDPR):
- Right of Access: Request a copy of the personal data we hold about you;
- Right to Rectification: Request correction of inaccurate or incomplete data;
- Right to Erasure: Request deletion of your personal data in certain circumstances;
- Right to Restrict Processing: Request that we limit how we use your data;
- Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format;
- Right to Object: Object to processing based on legitimate interests or direct marketing;
- Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent;
- Right to Lodge a Complaint: File a complaint with your local data protection authority.
Data Controller: RWX‑TEK INC., contactable at privacy@rwxtek.com.
Legal Bases for Processing: We process your data based on: contract performance, legitimate interests, legal obligations, and your consent (where applicable).
International Transfers: Your data is transferred to and processed in the United States. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the mechanism for such transfers.
10. Children’s Privacy (COPPA)
In compliance with the Children’s Online Privacy Protection Act (COPPA), 15 U.S.C. §§ 6501–6506, and the FTC’s implementing regulations at 16 C.F.R. Part 312:
- Our Services are not directed at children under the age of 13. We do not target, market to, or knowingly collect personal information from children under 13;
- We do not knowingly allow children under 13 to create accounts or use our Services;
- If we discover that we have collected personal information from a child under 13 without verified parental consent, we will immediately take steps to delete such information from our systems;
- Parents and guardians may contact us at privacy@rwxtek.com to:
- Review any personal information we may have collected from their child;
- Request deletion of such information;
- Refuse to allow further collection or use of their child’s information.
We will respond to parental requests within a reasonable timeframe, and in no event longer than required by applicable law.
10.1 Users Ages 13–17
Users between the ages of 13 and 17 may access certain Services only with the verifiable consent of a parent or legal guardian. We may implement age-verification mechanisms and require parental consent before allowing minors to create accounts. Parents or guardians of minors aged 13–17 may exercise CCPA/CPRA rights on behalf of their children by contacting privacy@rwxtek.com.
11. Education Records (FERPA)
To the extent that our Services are used by or on behalf of educational institutions subject to the Family Educational Rights and Privacy Act (FERPA), 20 U.S.C. § 1232g:
- We acknowledge that education records are owned by and under the control of the educational institution;
- We will use education records solely to provide the contracted Services and for no other purpose;
- We will not disclose education records to any third party except as directed or permitted by the educational institution or as required by law;
- We will not use education records for marketing, advertising, or any commercial purpose unrelated to the contracted Services;
- We will not use education records to create individual student profiles for non-educational purposes;
- We will cooperate with educational institutions to comply with FERPA requirements, including responding to requests for access to or amendment of education records;
- Upon termination of a contract with an educational institution, we will return or securely destroy all education records within a reasonable timeframe as directed by the institution;
- We maintain appropriate administrative, technical, and physical safeguards to protect the confidentiality and security of education records.
12. Do Not Track Signals
Some web browsers may transmit “Do Not Track” (DNT) signals. At this time, there is no universally accepted standard for how online services should respond to DNT signals. We currently do not alter our data collection and use practices in response to DNT signals. If a uniform standard is adopted, we will revise this policy to comply.
California residents should refer to Section 8 (CCPA/CPRA Rights) for information about opting out of the sale or sharing of personal information.
13. International Data Transfers
Our Services are operated from the United States. If you access our Services from outside the United States, your personal information will be transferred to and processed in the United States. By using our Services, you consent to such transfer and processing.
For transfers of personal data from the EEA, UK, or Switzerland, we rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission;
- Data processing agreements with appropriate safeguards;
- Your explicit consent where required.
14. Third-Party Links and Services
Our Services may contain links to third-party websites, services, or applications that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you visit. This Privacy Policy applies solely to information collected through our Services.
15. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. We will notify you of material changes by:
- Posting the updated policy on our websites with a new “Last Updated” date;
- Sending email notification to account holders at least thirty (30) days before material changes take effect;
- Displaying a prominent notice within the Services.
Your continued use of the Services after the effective date of any changes constitutes your acceptance of the updated policy.
16. Contact Us
RWX‑TEK INC.
A California C Corporation
Registration Number: B20250231751
Privacy Inquiries: privacy@rwxtek.com
CCPA/CPRA Requests: privacy@rwxtek.com
COPPA/Parental Requests: privacy@rwxtek.com
General Inquiries: Customertek@rwxtek.com
Website: www.rwxtek.com
If you are not satisfied with our response to a privacy concern, you may file a complaint with the appropriate regulatory authority, including:
- California: California Privacy Protection Agency (CPPA) — cppa.ca.gov
- FTC: Federal Trade Commission — ftc.gov
- EU: Your local Data Protection Authority
© 2026 RWX‑TEK INC. All rights reserved. This Privacy Policy was last updated on February 15, 2026.