Privacy Policy

1. Introduction

This Privacy Policy ("Policy") describes how RWX-TEK INC. d/b/a Gladitel ("Company," "we," "us," "our") collects, uses, discloses, and protects your personal information when you visit Gladitel.com or use the Service.

2. Information We Collect

2.1. Information You Provide

• Account registration information (name, email address, business name, password)
• Payment information (processed and stored by Stripe -- we do not store full credit card numbers)
• Support inquiries and correspondence
• Content or data you upload to the Service

2.2. Information Collected Automatically

• IP address
• Browser type and version, operating system
• Device identifiers
• Pages visited and features used
• Date, time, and duration of access
• Referring URL
• Cookies and similar tracking technologies
• Usage analytics (via Google Analytics or similar tools)

2.3. Information from Third Parties

• Payment verification data from Stripe
• Publicly available information
• Information from identity verification services (if applicable)

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service
• Process payments and manage billing
• Communicate with you about your account and the Service
• Respond to customer support requests
• Send administrative notices, including changes to Terms
• Improve and personalize the Service
• Monitor and analyze usage and trends
• Detect, investigate, and prevent fraud, abuse, and security incidents
• Comply with legal obligations
• Enforce our Terms of Service

4. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on:

• Performance of a contract -- to provide you with the Service
• Legitimate interests -- to improve our Service, prevent fraud, and market our products
• Consent -- where you have provided explicit consent (e.g., marketing emails)
• Legal obligations -- to comply with applicable laws

5. Data Sharing & Disclosure

We do not sell your personal information. We may share your data with:

• Stripe -- Payment processing
• Supabase -- Database and authentication
• Resend -- Email delivery
• Vercel -- Website hosting
• OpenAI / Anthropic -- AI chatbot processing (if enabled by business owner)

We may also disclose data: (a) as required by law, subpoena, or court order; (b) to protect our legal rights; (c) in connection with a merger, acquisition, or sale of assets; or (d) with your explicit consent.

6. International Data Transfers

Your data may be transferred to and processed in the United States and other countries where our service providers operate. For transfers from the EEA/UK to countries without an adequacy determination, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission or other lawful transfer mechanisms. See our Data Processing Addendum for more details.

7. Data Security

We implement commercially reasonable administrative, technical, and physical security measures, including:

• Encryption in transit (TLS/SSL) and at rest
• Access controls and authentication mechanisms
• Regular security assessments
• Employee training and confidentiality obligations

No method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

8. Your Rights

8.1. California Residents (CCPA/CPRA)

If you are a California resident, you have the right to:

• Know what personal information we collect, use, and disclose
• Request deletion of your personal information
• Opt out of the sale or sharing of personal information (note: we do not sell data)
• Correct inaccurate personal information
• Limit the use and disclosure of sensitive personal information
• Non-discrimination for exercising your rights

8.2. EEA/UK Residents (GDPR/UK GDPR)

If you are located in the EEA or UK, you have the right to:

• Access your personal data
• Rectification of inaccurate data
• Erasure ("right to be forgotten")
• Restriction of processing
• Data portability
• Object to processing
• Withdraw consent at any time
• Lodge a complaint with your local data protection authority

9. Data Retention

• Data is retained while your account is active and as necessary to provide the Service.
• Upon cancellation, data is deleted within 30 days except where required by law.
• You may request export of your data within 30 days of termination.

10. Children's Privacy

The Service is not directed to anyone under 18 years of age. We do not knowingly collect personal information from minors. If we learn that we have collected data from a minor, we will delete that information promptly.

11. Do Not Track

The Service does not currently respond to "Do Not Track" (DNT) browser signals. We may update this policy if industry standards for DNT are established.

12. Changes to This Policy

We may update this Privacy Policy at any time. Material changes will be communicated via email or in-app notification at least 30 days before taking effect. Continued use of the Service constitutes acceptance of the updated Policy.

13. Contact