1. Introduction
Rakontevr AI, Inc. (“Rakontevr,” “we,” “us,” or “our”) operates the Rakontevr platform, including BuilderHub, the RSP Gateway, MCP services, AI inference APIs, and related tools (the “Service”). This Privacy Policy describes how we collect, use, disclose, retain, and protect your information when you access or use the Service.
By using the Service, you consent to the practices described in this Privacy Policy. If you do not agree, you must not use the Service. This Privacy Policy should be read together with our Terms of Service.
2. Information We Collect
2.1 Information You Provide
- Account data: Name, email address, password (stored as a cryptographic hash), organization name, and role
- Profile data: Display name, avatar, bio, and preferences
- Payment data: Billing address and payment method details (processed and stored by our third-party payment processor; we do not store full payment card numbers)
- Content: Code, projects, configurations, prompts, documents, and other materials you submit to or create through the Service
- Communications: Support requests, feedback, and correspondence with us
2.2 Information Collected Automatically
- Usage data: API calls, inference requests, token consumption, feature usage, command execution, GPU compute time, and metering records
- Log data: IP address, browser type, operating system, referring URLs, pages visited, timestamps, and request/response metadata
- Device data: Device type, screen resolution, language preference, and time zone
- Cookies and similar technologies: Authentication tokens, session identifiers, and preference storage (see Section 5)
2.3 Information from Third Parties
- OAuth providers: When you sign in via Google, GitHub, or Microsoft, we receive your name, email, and profile picture as permitted by your provider settings
- Payment processor: Transaction confirmations, billing status, and subscription state
3. How We Use Your Information
We use the information we collect to:
- Provide, operate, maintain, and improve the Service
- Process payments, enforce spending caps, and manage billing
- Authenticate your identity and manage access to your account
- Meter and attribute usage for billing purposes (tokens, compute time, API calls)
- Send transactional communications (account verification, password reset, billing notices, security alerts)
- Respond to support requests and provide customer service
- Monitor, detect, and prevent fraud, abuse, and security incidents
- Analyze usage patterns and improve product quality using aggregated or anonymized data
- Comply with legal obligations and enforce our Terms of Service
- Develop new features and services (using de-identified data only, unless you provide explicit consent)
We do not sell your personal data. We do not use Your Content to train our own AI models without your explicit, affirmative consent. Inference processing occurs in real-time and input/output is not retained for model training purposes.
4. AI Processing and Your Content
When you use AI features of the Service, your prompts and content are transmitted to inference infrastructure (our own GPU cluster or third-party model providers such as AWS Bedrock, OpenAI, or Anthropic) for processing. You should be aware that:
- Prompts and inputs are processed in real-time and are not stored beyond the duration of the request, except for usage metering records (token counts, not content)
- When third-party model providers are used, your data is subject to those providers' data processing practices. We select providers that offer enterprise data protection commitments
- We log metadata (token counts, model used, latency, trace IDs) for billing, debugging, and service improvement — not the content of your prompts or outputs
- You should not submit sensitive personal data, protected health information (PHI), or legally privileged content to AI features unless you have implemented appropriate safeguards
5. Cookies and Similar Technologies
We use the following categories of cookies:
5.1 Strictly Necessary Cookies
These are essential for the Service to function. They include authentication tokens (bh_token, rak_token), session identifiers, and CSRF protection tokens. These cookies cannot be disabled without breaking the Service. Under GDPR and the ePrivacy Directive, strictly necessary cookies do not require consent.
5.2 Functional Cookies
These store your preferences (theme, language, layout settings) to provide a personalized experience. They are set only when you interact with preference controls.
We do not currently use advertising, tracking, or third-party analytics cookies. If this changes in the future, we will update this policy and provide appropriate notice and consent mechanisms.
6. Data Sharing and Disclosure
We do not sell, rent, or trade your personal information. We may share your data only in the following circumstances:
- Service providers: Cloud infrastructure (AWS), payment processors, email delivery services, and other vendors who process data on our behalf under contractual data protection obligations
- AI model providers: When routing inference requests to third-party providers (subject to their enterprise data protection terms)
- Legal requirements: When required by law, legal process, government request, or to protect the rights, safety, or property of Rakontevr, our users, or the public
- Business transfer: In connection with a merger, acquisition, reorganization, or sale of assets, your data may be transferred to the successor entity
- With your consent: When you explicitly authorize sharing with a specific third party
7. Data Retention
We retain your personal data for as long as your account is active or as needed to provide the Service. After account closure or deletion:
- Your Content is retained for 30 days to allow recovery, then permanently deleted
- Billing and transaction records are retained for 7 years as required by tax and financial regulations
- Aggregated, anonymized usage data may be retained indefinitely for analytics
- Security logs are retained for up to 2 years for incident investigation purposes
You may request earlier deletion (see Section 9), subject to our legal retention obligations.
8. Data Security
We implement industry-standard technical and organizational measures to protect your data, including:
- Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
- Cryptographic hashing of passwords (bcrypt)
- Role-based access controls and principle of least privilege
- Regular security assessments and vulnerability scanning
- Audit logging of access to sensitive data and administrative actions
No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security and shall not be liable for unauthorized access resulting from factors beyond our reasonable control.
9. Your Rights
Depending on your location and applicable law, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate or incomplete data
- Deletion: Request deletion of your personal data, subject to legal retention requirements
- Portability: Request your data in a structured, machine-readable format
- Restriction: Request that we limit the processing of your data in certain circumstances
- Objection: Object to processing of your data for specific purposes
- Withdraw consent: Where processing is based on consent, withdraw your consent at any time (without affecting the lawfulness of prior processing)
To exercise these rights, contact us at privacy@rakontevr.ai. We will respond within 30 days (or the period required by applicable law). We may ask you to verify your identity before processing a request.
10. International Data Transfers
Your data may be processed and stored in the United States and other jurisdictions where our infrastructure and service providers operate. If you are located outside the United States, you acknowledge that your data will be transferred to and processed in the United States, which may have different data protection laws than your jurisdiction. We implement appropriate safeguards (including standard contractual clauses where required) for international transfers.
11. Children's Privacy
The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without verified parental consent, we will delete that data promptly.
12. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
- Right to know what personal information is collected, used, and disclosed
- Right to delete personal information
- Right to opt out of the sale of personal information (we do not sell your data)
- Right to non-discrimination for exercising your rights
To exercise these rights, contact privacy@rakontevr.ai.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. We will post the updated policy on this page and update the “Effective Date.” For material changes, we will provide notice through the Service (e.g., in-app notification or email). Your continued use after the effective date of any changes constitutes acceptance.
14. Contact Us
For privacy-related questions, data requests, or concerns: