Privacy Policy

1. Introduction and Overview

AY Robots ("we," "our," or "us"), operated by Philipp Schmid, is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains in detail how we collect, use, store, share, and protect your personal information when you use our robot teleoperation platform, website, and related services (collectively, the "Services").

This Privacy Policy applies to all users of our Services, including robot operators, clients, website visitors, and anyone who interacts with our platform. By using our Services, you acknowledge that you have read and understood this Privacy Policy.

We process your personal data in strict compliance with the General Data Protection Regulation (GDPR - Regulation (EU) 2016/679), the German Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG), the German Telemedia Act (Telemediengesetz - TMG), and other applicable data protection legislation.

2. Data Controller Information

The data controller responsible for the processing of your personal data is:

AY Robots
Philipp Schmid
Steinenberg 10
88339 Bad Waldsee
Baden-Wurttemberg, Germany

Email: info@ay-robots.com
Phone: +49 176 23308091
Website: www.ay-robots.com

For all data protection inquiries, you may contact us directly at the above address or via email at privacy@ay-robots.com. We aim to respond to all data protection requests within 30 days.

3. Categories of Personal Data We Collect

We collect and process various categories of personal data depending on how you interact with our Services. Below is a comprehensive overview of the data we may collect:

3.1 Account and Identity Data

• Full name (first and last name)
• Email address
• Password (stored in encrypted/hashed form only)
• Profile picture (optional)
• Username or display name
• Account creation date and status
• User role (operator, client, administrator)
• Language and timezone preferences

3.2 Contact and Communication Data

• Phone number (optional)
• Mailing address (for billing purposes)
• Company name and position (for business accounts)
• Support ticket content and correspondence
• Feedback and survey responses
• Marketing communication preferences

3.3 Teleoperation and Session Data

• Session recordings (video, audio if applicable)
• Robot control commands and inputs
• Session timestamps, duration, and metadata
• Task descriptions and instructions
• Performance metrics and quality assessments
• Robot identification and configuration data
• Sensor data collected during teleoperation

3.4 Technical and Usage Data

• IP address (anonymized after 7 days)
• Browser type and version
• Operating system and device type
• Screen resolution and viewport size
• Pages visited and navigation patterns
• Referral source (how you found us)
• Session duration and interaction data
• Error logs and diagnostic information
• Network latency and connection quality metrics

3.5 Financial and Transaction Data

• Billing name and address
• Payment method type (card brand, last 4 digits only)
• Transaction history and amounts
• Invoice records and payment status
• Tax identification numbers (for businesses)
• Refund and dispute records

Note: We do not store complete credit card numbers, CVV codes, or other sensitive payment credentials. All payment processing is handled by our PCI-DSS compliant payment processor, Stripe.

4. Purposes of Data Processing and Legal Basis

We process your personal data only for specific, explicit, and legitimate purposes. Below we explain each purpose along with the corresponding legal basis under Article 6 of the GDPR:

4.1 Service Provision (Contract Performance - Art. 6(1)(b) GDPR)

• Creating and managing your user account
• Providing access to the teleoperation platform
• Facilitating connections between operators and clients
• Recording and storing teleoperation sessions as requested
• Processing payments and managing subscriptions
• Providing customer support and resolving issues

4.2 Platform Improvement (Legitimate Interest - Art. 6(1)(f) GDPR)

• Analyzing usage patterns to improve user experience
• Identifying and fixing technical issues and bugs
• Developing new features and capabilities
• Conducting internal research and analytics
• Optimizing platform performance and reliability

4.3 Security and Fraud Prevention (Legitimate Interest - Art. 6(1)(f) GDPR)

• Detecting and preventing unauthorized access
• Identifying fraudulent or abusive behavior
• Protecting against security threats and attacks
• Maintaining audit logs for security purposes
• Enforcing our Terms of Service

4.4 Legal Compliance (Legal Obligation - Art. 6(1)(c) GDPR)

• Retaining records as required by tax and commercial law
• Responding to lawful requests from authorities
• Fulfilling anti-money laundering obligations
• Complying with court orders and legal proceedings

4.5 Marketing and Communications (Consent - Art. 6(1)(a) GDPR)

• Sending newsletters and product updates (with consent)
• Informing you about new features and services
• Conducting surveys and gathering feedback
• Personalizing content and recommendations

You may withdraw your consent for marketing communications at any time by clicking the unsubscribe link in any email or contacting us directly.

5. Data Sharing and Third-Party Recipients

We share your personal data only when necessary and with appropriate safeguards. The following categories of recipients may receive your data:

5.1 Service Providers and Processors

All service providers are bound by data processing agreements (DPAs) that ensure they process your data only according to our instructions and maintain appropriate security measures.

5.2 Business Partners

When you use our platform to connect with operators or clients, we share necessary information to facilitate the service (e.g., operator availability, session details). This sharing is essential for the performance of our contract with you.

5.3 Legal and Regulatory Authorities

We may disclose your data to law enforcement agencies, courts, regulators, or other authorities when required by law or to protect our legal rights. We will notify you of such disclosures where legally permitted.

5.4 Corporate Transactions

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity. We will provide notice before your data becomes subject to a different privacy policy.

We do not sell, rent, or trade your personal data to third parties for their marketing purposes.

6. International Data Transfers

Some of our service providers are located outside the European Economic Area (EEA). When we transfer your data internationally, we ensure appropriate safeguards are in place:

• Adequacy Decisions: Transfers to countries with adequate data protection (as determined by the EU Commission)
• Standard Contractual Clauses: EU-approved contractual terms that bind recipients to protect your data
• Data Processing Agreements: Comprehensive agreements with all processors covering security and confidentiality
• Supplementary Measures: Additional technical and organizational measures where necessary

You may request a copy of the safeguards we use for international transfers by contacting us.

7. Data Retention Periods

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Our retention periods are as follows:

After the retention period expires, data is securely deleted or anonymized so that it can no longer be associated with you.

8. Your Data Protection Rights

Under the GDPR and German data protection law, you have the following rights regarding your personal data. We are committed to facilitating the exercise of these rights:

8.1 Right of Access (Art. 15 GDPR)

You have the right to obtain confirmation of whether we process your personal data and, if so, to receive a copy of that data along with information about how it is processed. We will provide this information free of charge within 30 days of your request.

8.2 Right to Rectification (Art. 16 GDPR)

You have the right to request correction of inaccurate personal data and completion of incomplete data. You can update most account information directly through your account settings.

8.3 Right to Erasure / Right to be Forgotten (Art. 17 GDPR)

You may request deletion of your personal data when:

• The data is no longer necessary for the purposes collected
• You withdraw consent and there is no other legal basis
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed
• Deletion is required by law

Note that we may retain certain data where required by law or for legitimate purposes (e.g., defending legal claims).

8.4 Right to Restriction of Processing (Art. 18 GDPR)

You may request that we restrict the processing of your data in certain circumstances, such as when you contest the accuracy of the data or have objected to processing.

8.5 Right to Data Portability (Art. 20 GDPR)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format (e.g., JSON, CSV), and to transmit that data to another controller. This applies to data processed by automated means based on consent or contract.

8.6 Right to Object (Art. 21 GDPR)

You have the right to object to processing based on legitimate interests or for direct marketing purposes. When you object, we will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.

8.7 Right to Withdraw Consent (Art. 7(3) GDPR)

Where we process data based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

8.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated. The competent authority for AY Robots is:

Der Landesbeauftragte fur den Datenschutz und die Informationsfreiheit Baden-Wurttemberg
Lautenschlagerstrasse 20
70173 Stuttgart, Germany
Phone: +49 711 615541-0
Email: poststelle@lfdi.bwl.de
Website: www.baden-wuerttemberg.datenschutz.de

Exercising Your Rights

To exercise any of these rights, please contact us at:

• Email: privacy@ay-robots.com
• Mail: AY Robots, Steinenberg 10, 88339 Bad Waldsee, Germany

We may need to verify your identity before processing your request. We will respond within 30 days, or inform you if an extension is needed (up to 60 additional days for complex requests).

9. Cookies and Tracking Technologies

We use cookies and similar technologies to ensure our platform functions properly and to improve your experience. This section explains what cookies we use and how you can manage them.

9.1 What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They help websites remember information about your visit, making subsequent visits easier and the site more useful.

9.2 Types of Cookies We Use

Strictly Necessary Cookies

These cookies are essential for the platform to function and cannot be disabled. They include:

• Authentication cookies (to keep you logged in)
• Session cookies (to maintain your session state)
• Security cookies (to prevent fraud and protect your account)
• Load balancing cookies (to ensure optimal performance)

Functional Cookies

These cookies remember your preferences and settings:

• Language preferences
• Theme settings (dark/light mode)
• Timezone settings
• Dashboard layout preferences

Analytics Cookies (Optional)

With your consent, we use analytics cookies to understand how visitors use our website:

• Pages visited and time spent
• Navigation patterns
• Error occurrences
• Feature usage statistics

We do not use third-party advertising or tracking cookies.

9.3 Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to:

• View what cookies are stored
• Delete individual or all cookies
• Block cookies from specific or all websites
• Configure notifications when cookies are set

Please note that disabling strictly necessary cookies may affect the functionality of our platform.

10. Security Measures

We implement comprehensive technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

Technical Measures

• TLS 1.3 encryption for all data in transit
• AES-256 encryption for data at rest
• Secure password hashing (bcrypt)
• Regular security audits and penetration testing
• Web Application Firewall (WAF) protection
• DDoS protection and mitigation
• Automated vulnerability scanning

Organizational Measures

• Access controls based on the principle of least privilege
• Employee confidentiality agreements
• Regular security awareness training
• Incident response procedures
• Vendor security assessments
• Data protection impact assessments where required

For more details about our security practices, please visit our Security Page.

11. Automated Decision-Making and Profiling

We do not engage in automated decision-making that produces legal effects or similarly significantly affects you without human involvement. Any automated processing we perform (such as matching operators with tasks) is subject to human oversight.

If we introduce automated decision-making in the future, we will update this policy and ensure you are informed and can exercise your rights under Article 22 of the GDPR.

12. Children's Privacy

Our Services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately.

If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information as quickly as possible.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:

• We will update the "Last updated" date at the top of this page
• For significant changes, we will notify you by email or through a prominent notice on our platform
• We will provide you with the opportunity to review changes before they take effect
• Your continued use of our Services after changes take effect constitutes acceptance of the revised policy

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

14. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Data Protection Contact
AY Robots
Philipp Schmid
Steinenberg 10
88339 Bad Waldsee, Germany

Email: privacy@ay-robots.com
General inquiries: info@ay-robots.com
Phone: +49 176 23308091

We are committed to working with you to resolve any concerns about your privacy. Please allow up to 30 days for us to respond to your inquiry.