Privacy Policy
We collect more data than a typical product because our AI learns from real interactions. This policy explains exactly what, why, and how.
Effective Date: April 9th, 2026 · Ratonix AI · Texas, United States
1. Data Controller
Ratonix AI, headquartered in Texas, United States, is the data controller of your personal data. Contact: privacy@ratonix.ai.
2. What We Collect and Why
Account Data: Email address and hashed password. Required to create and maintain your account.
Message Content: Text you enter into the Service and text detected by the browser extension in form fields on third-party websites. Required to generate suggestions.
Behavioral Interaction Data: Whether you used, edited, rewrote, or ignored each suggestion; the exact edits you made; how long you spent typing; how long you took to decide. This is the data that teaches our AI what works.
Outcome Data: Whether you reported a communication as successful. This is the most valuable signal we collect — it tells us what actually worked in the real world.
Communication Context: Platform (e.g., Gmail, LinkedIn), URL (origin and pathname only — query strings stripped), intended audience, detected intent and tone.
Personality Profile: Estimated assertiveness, politeness, and conciseness derived from your writing patterns. Used to align suggestions with your natural style.
Relationship Profiles: Names detected in your messages and communication outcomes with those recipients. Used for recipient-aware recommendations.
Technical Data: IP address, browser type, OS, session logs, error logs.
3. Legal Bases for Processing (GDPR / UK GDPR)
| Processing Activity | Legal Basis |
|---|---|
| Providing AI suggestions | Performance of contract (Art. 6(1)(b)) |
| Processing message content | Performance of contract (Art. 6(1)(b)) |
| Building personality profiles | Legitimate interests (Art. 6(1)(f)) |
| Using interaction data for AI training | Legitimate interests (Art. 6(1)(f)) |
| Retaining anonymized data post-deletion | Legitimate interests (Art. 6(1)(f)) |
| Marketing communications | Consent (Art. 6(1)(a)) |
| Security and fraud prevention | Legitimate interests (Art. 6(1)(f)) |
| Legal compliance | Legal obligation (Art. 6(1)(c)) |
4. Data Retention
| Data Type | Retention |
|---|---|
| Account data | Until deletion + 30 days |
| Message content (identifiable) | 2 years or until account deletion |
| Interaction data (identifiable) | 2 years or until account deletion |
| Interaction data (anonymized) | Indefinite — used for AI training |
| Outcome data (anonymized) | Indefinite — used for AI training |
| Personality profiles | Until account deletion |
| Relationship profiles | Until account deletion |
| Technical / log data | 90 days |
Important: When you delete your account, we anonymize interaction and outcome data — removing all identifiers — rather than deleting it entirely. This anonymized data is retained for AI training. It cannot be re-linked to you.
5. Data Sharing
We do not sell your data. We share data only with:
- OpenAI — to process messages and generate suggestions (data processing agreement in place)
- Supabase — database and authentication infrastructure
- Vercel — application hosting
- Legal authorities — when required by law, with notice to you where permitted
- Acquirers — in a merger or asset sale, with 30 days’ notice
6. International Data Transfers
Ratonix is based in Texas, USA. Data from the EEA and UK is transferred under Standard Contractual Clauses (SCCs) and UK International Data Transfer Agreements (IDTAs). By using the Service, you acknowledge your data may be processed in the United States.
7. Security
We use TLS encryption in transit, encryption at rest, access controls, and regular security reviews. In the event of a breach affecting your data, we will notify you and relevant authorities within the timeframes required by applicable law (72 hours under GDPR).
8. Your Rights
All users: Access, correct, delete your data; opt out of marketing; opt out of AI training (contact privacy@ratonix.ai).
Texas residents (TDPSA): Know, access, correct, delete, port your data; opt out of profiling for significant decisions. Respond within 45 days. Appeal denied requests to privacy@ratonix.ai with “TDPSA Appeal” in the subject.
California residents (CCPA/CPRA): Know, delete, correct, port your data. We do not sell personal information or share it for cross-context behavioral advertising. Submit requests to privacy@ratonix.ai.
EEA/UK residents (GDPR): Access, rectification, erasure, restriction, portability, objection, withdrawal of consent, rights regarding automated decisions. Respond within 30 days. Lodge complaints with your local supervisory authority. EU ODR: ec.europa.eu/consumers/odr. UK ICO: ico.org.uk.
Canadian residents (PIPEDA/Law 25): Access, correct, and withdraw consent. Contact the Office of the Privacy Commissioner at priv.gc.ca.
Australian residents (Privacy Act 1988): Access and correction rights. Lodge complaints with the OAIC at oaic.gov.au.
Brazilian residents (LGPD): Confirmation, access, correction, anonymization, portability, deletion, and right to withdraw consent.
9. Browser Extension
The extension requests permission to access content on all websites. It only processes text in active input fields — it does not read full page content, passwords, or payment fields. You can disable or uninstall the extension at any time.
10. Children
The Service is not directed to children under 18. We comply with COPPA and equivalent laws. Contact privacy@ratonix.ai if you believe a child has provided us with data.
11. Contact
Privacy questions or rights requests:
privacy@ratonix.ai
We acknowledge requests within 5 business days.