Privacy Policy

Robofy is operated by Nick Wang as an independent robotics intelligence platform. The platform helps operators evaluate and source commercial robots from independent specs and first-party manufacturer information; it does not sell robots and does not represent any manufacturer.

Contact: support@robofy.world.

We collect only what we need to recommend robots, alert you to changes, and improve the platform.

• Account email + password hash
  When you create an account via Supabase Auth. Used to sign you back in and bind your saved robots / tracked robots / push subscriptions to a single identity. We never see your raw password — Supabase stores a bcrypt hash.
• Behavioral signals (intent_signals)
  Anonymous + authenticated events: which robots you view, compare, save, search; ROI inputs you ran; clicks you made on manufacturer outbound links. These power the AI Assistant's recommendations and the strategic demand reports that decide which robots Robofy covers next. We do not collect free-text business descriptions or names.
• Push notification subscriptions
  If you opt in to push alerts, your browser hands us a unique endpoint URL + two encryption keys (p256dh + auth). We use them to send price-drop / availability / broadcast notifications. You can revoke any time from /command-center; we delete the row on revoke.
• Inbound contact form fills
  If you request a demo or quote, the email + brief context you submit are stored so we (or the manufacturer, if you choose to be handed off) can follow up.
• Technical context
  User agent, locale, country code (from IP), referrer, device class. Used to render the right UI and bucket analytics. We don't store your raw IP after geo lookup.

• Camera / microphone / location
  Robofy never requests access to any of these on web or in the iOS/Android app.
• Contacts / SMS / photos
  Not requested. Not in the entitlements file.
• Third-party tracking cookies
  We don't run ad-tech trackers (no Meta Pixel, no TikTok pixel, no DoubleClick). Only first-party analytics for product improvement.

• Supabase (Postgres + Auth)
  Stores accounts, robot saves, intent_signals, notification subscriptions. EU + US regions; we use US East.
• Vercel
  Hosts the website. Sees request logs; doesn't see DB contents.
• OpenAI + Anthropic
  When you ask the AI Assistant a question, your message text is sent to OpenAI (GPT-4 family) or Anthropic (Claude family) for inference. Neither provider trains on this data per their API ToS. We don't send your account email or session ID to them.
• PostHog
  Mirror of intent_signals for the operator dashboard. EU region.
• Web Push services (Apple, Google, Mozilla)
  Push notifications transit through the browser vendor's push service. Payloads are end-to-end encrypted with your p256dh/auth keys — the push service can't read them.

We do not sell, rent, or trade personal data to advertisers or data brokers.

Whether you're in the EU (GDPR), California (CCPA/CPRA), the UK, or elsewhere, you have the right to:

• Access
  Get a copy of every row Robofy holds about your account.
• Delete
  Wipe your account + every linked row (intent_signals, saved robots, push subscriptions, leads). Deletion is permanent.
• Export
  JSON dump of your account-linked data.
• Withdraw consent
  Revoke push notifications from /command-center any time.

Email support@robofy.world from the address on your account; we respond within 7 days.

Account data is kept for as long as your account exists. Intent signals are aggregated and the per-user link is dropped after 18 months — beyond that we only keep anonymous totals for the demand report. Inactive accounts with no sign-in in 24 months are flagged for deletion and emailed a warning before wipe.

We use first-party cookies + localStorage for: (a) the session identifier that ties anonymous + signed-in browsing together, (b) the locale you chose, (c) PWA install state. No third-party advertising cookies. You can clear these any time via your browser settings — the site still works, just without your preferences.

Robofy is built for commercial operators. We don't knowingly collect data from anyone under 16. If you believe a minor signed up, email support@robofy.world and we'll delete the account.

When we materially change this policy, we'll update the date at the top and email registered users 30 days before the change takes effect.