This Privacy Policy (hereinafter, the “Policy”) governs the processing of personal data of users of the website and AI assistant AutoRockAI (hereinafter, the “Project,” “we,” or “us”), available at https://autorockai.fly.dev/ (the “Website”). We process personal data in accordance with the Law of Ukraine “On Personal Data Protection,” the EU General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), and other applicable legal acts. By using the chatbot, voice interface, contact forms, or any other functionality of the Website, the user (“User,” “you”) acknowledges and agrees to this Policy.

We may process the following categories of personal data:

• First and last name (if provided voluntarily).
• Email address or phone number (if provided).
• Messages exchanged via the chatbot or contact form.
• Browser and device information (IP address, language, cookies, session identifiers).
• Audio data (if using the voice interface; processed temporarily by third-party AI services).
• Data stored locally on your device (e.g., localStorage).

All personal data are provided voluntarily by users or collected automatically during website interaction. We do not obtain personal data from third-party sources.

We process personal data for the following purposes:

• To provide chatbot and AI assistant functionality.
• To respond to user inquiries and technical requests.
• To test, improve, and optimize the AI system.
• To analyze usage and ensure system stability and security.

Legal bases for processing:

• User consent (Article 6(1)(a) GDPR).
• Legitimate interest of the Project (Article 6(1)(f) GDPR), including maintaining system security and improving user experience.

Retention periods:

• Chat and voice session data — up to 90 days for debugging and analytics.
• Technical logs and cookies — up to 3 years, unless deleted earlier by the user.

We do not permanently store or profile users beyond the purposes stated above.

Data are stored and processed on cloud infrastructure providers (e.g., Fly.io, Google Cloud) that maintain GDPR-compliant data centers located within the European Union or other jurisdictions with an adequate level of protection.

Access to personal data may be granted to:

• Authorized individuals maintaining the Project.
• Data processors providing hosting, analytics, or AI processing services (e.g., OpenAI, Google Cloud).
• Competent public authorities, only where required by law.

All processors operate under contractual obligations ensuring confidentiality and compliance with GDPR standards.

Personal data may be transferred to third-party service providers solely for the purposes described above, including:

• OpenAI (AI processing via API).
• Google Cloud (infrastructure and analytics).
• Fly.io (application hosting).

All transfers are performed in accordance with Article 46 GDPR and based on data processing agreements (DPAs) that ensure an adequate level of protection.

We apply appropriate technical and organizational security measures, including:

• HTTPS / SSL encrypted connections.
• Access control and authentication for administrators.
• Regular security monitoring and software updates.
• Minimal data retention and anonymization where possible.

Users have the right to:

• Request access to their personal data.
• Request rectification or deletion of data.
• Restrict or object to processing.
• Withdraw consent at any time without affecting the lawfulness of prior processing.
• Lodge a complaint with a supervisory authority (for EU users — the data protection authority in your country of residence).

Requests regarding personal data may be submitted through the contact form or chatbot available on the Website.

You may:

• Request deletion of your data via the chatbot or contact form.
• Clear your browser storage and cookies to remove locally stored identifiers.
• Stop using the Website to withdraw consent for further processing.

We reserve the right to update or amend this Policy to reflect legal or technical changes. The updated version will always be available on the Website.

1. Use of Cookies

The AutoRockAI website uses cookies and similar technologies (such as localStorage) to ensure its proper functionality, remember user preferences, and enable interaction with the voice AI assistant. Cookies are small text files that may be stored on your device when visiting the Website. Some are necessary for the site to function correctly, while others support optional features (such as sound preferences or chatbot responses).

2. Types of Cookies and Similar Technologies

We use the following categories of cookies:

• Functional (required) — essential for the Website’s operation, including session management, interface language, and voice system initialization. These cookies are always enabled and cannot be disabled.
• AI Assistant (OpenAI) — used to ensure interaction between the user and the voice assistant, including maintaining conversation continuity and remembering temporary chatbot preferences.
• Sound preferences — allow users to mute or unmute all sounds on the Website. This setting is stored locally (in cookies or localStorage) and does not contain personal data.

We currently do not use cookies for marketing, targeting, or behavioral analytics.

3. How We Store and Process Cookies

• All cookies are processed in accordance with the principles of necessity, proportionality, and GDPR compliance.
• Cookies are stored for a limited period (usually no longer than 12 months) or until the user clears them via browser settings.
• Voice and interaction data processed by the AI Assistant may be temporarily transmitted to OpenAI servers for generating responses but are not stored permanently by AutoRockAI.

4. Managing Cookies and Preferences

You can manage or delete cookies through:

• The cookie consent modal available on the Website;
• Browser settings (to block or delete all cookies);
• Adjusting the “Mute all sounds” or “AI Assistant” toggles within the cookie consent form.

Disabling required cookies may limit certain functionalities (e.g., voice assistant operation).

5. Third-Party Services

Some functions use third-party services, which may process technical information:

• OpenAI API — to process AI queries and generate responses;
• Google Cloud / Fly.io — for hosting and system security logs.

All third-party processors are contractually bound to comply with GDPR requirements.

6. Consent

By clicking “ACCEPT” in the cookie consent modal or by continuing to use this Website, you consent to the use of cookies as described in this Policy. You can withdraw consent at any time by reopening cookie settings and changing your preferences.

7. Contact

If you have questions about this Policy or data processing, please contact us via the feedback form on the Website or at: AutoRockAI Project Team — autorockai.fly.dev.