Your Privacy Is Our Priority

Privacy Policy

Last updated: April 6, 2026. This policy explains how we collect, use, and protect your information in compliance with global privacy regulations.

About This Policy

Introduction

Who We Are

Realvco ("we", "us", "our") is a globally operated managed AI agent hosting platform. We operate the website realvco.com and provide cloud-based AI agent deployment, management, and monitoring services. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our website and services.

Scope of This Policy

This Privacy Policy applies to all users of our website and services worldwide. By accessing or using our services, you acknowledge that you have read and understood this policy. If you do not agree with this policy, please do not use our services.

This policy does not apply to third-party websites, applications, or services linked from our platform. We encourage you to review the privacy policies of any third-party services you access.

Information We Collect

Data Collection

Information You Provide

We collect the following categories of personal information that you provide directly:

  • Account Information: Name, email address, password, and account preferences when you register.
  • Billing Information: Payment details (processed by Stripe), billing address, tax identification numbers, and transaction history.
  • Communication Data: Messages, inquiries, and feedback you send to our support team.
  • AI Agent Configuration: Settings, prompts, and customization preferences you define for your AI agents (excluding conversation content).

Information Collected Automatically

When you use our website or services, we automatically collect:

  • Usage Data: Pages visited, features used, click patterns, and session duration.
  • Device Information: Browser type, operating system, screen resolution, and device identifiers.
  • Network Data: IP address, approximate geographic location (country/region level), and referral URLs.
  • Service Metrics: AI agent uptime, resource consumption, and performance logs (aggregated, not containing conversation content).

Information We Do NOT Collect

We want to be explicitly clear about what we do not collect:

  • We do not read, store, monitor, or access conversations between your AI agents and end users.
  • We do not collect data from your connected messaging platforms (LINE, Telegram, WhatsApp, etc.).
  • We do not use your data to train, fine-tune, or improve any AI models.
  • We do not sell, rent, or trade your personal information to third parties.

How We Use Your Information

Purpose & Legal Basis

Purposes of Processing

We use your personal information for the following purposes:

  • Service Delivery: To create and manage your account, deploy and maintain your AI agents, and provide technical support.
  • Billing and Payments: To process transactions, issue invoices, manage subscriptions, and handle refunds.
  • Service Improvement: To analyze usage patterns (in aggregate), diagnose technical issues, and improve platform performance.
  • Communication: To send service-related notifications, security alerts, and respond to your inquiries.
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes.
  • Security: To detect, prevent, and address fraud, abuse, and security threats.

Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process your personal data based on the following legal grounds:

  • Contract Performance (Art. 6(1)(b)): Processing necessary to deliver our services to you under our Terms of Service.
  • Legitimate Interests (Art. 6(1)(f)): Service improvement, security monitoring, and fraud prevention, where our interests do not override your fundamental rights.
  • Consent (Art. 6(1)(a)): Marketing communications and non-essential cookies. You may withdraw consent at any time.
  • Legal Obligation (Art. 6(1)(c)): Tax record-keeping, regulatory reporting, and responding to lawful requests.

AI Services & Data Processing

AI-Specific Policies

Our Role as a Platform Provider

Realvco is a hosting and deployment platform for AI agents. We provide the infrastructure for your AI agents to run, but we do not control or process the content of conversations between your AI agents and their end users.

For your account information and billing data, realvco acts as the Data Controller. For any data that passes through the AI agent infrastructure, realvco does not serve as either Controller or Processor of conversation content, as such content is processed directly by the third-party AI model providers you select.

Third-Party AI Model Providers

Our service utilizes third-party AI model providers to power your AI agents. Each provider operates under its own privacy policy and data processing practices. We maintain an up-to-date list of our sub-processors at realvco.com. We will notify you of any changes to our sub-processor list via email or through your account dashboard.

We require all sub-processors to maintain appropriate security measures and comply with applicable data protection laws through contractual agreements.

No AI Training Commitment

Realvco does not use any of your data — including account information, AI agent configurations, or conversation content — to train, fine-tune, or improve any AI models. This commitment is binding and enforceable.

Information Sharing & Disclosure

Third Parties

Service Providers (Sub-Processor List)

We share your information with trusted service providers (sub-processors) who help us operate our business, subject to contractual obligations to protect your data. The following is our current sub-processor list:

Infrastructure & Hosting:

  • Contabo GmbH (Germany) — Cloud VPS hosting. Processes: data required to run the customer's AI agents (server layer). Regions: EU, US, Singapore, Japan (selected by customer region).
  • Cloudflare — CDN, DNS, DDoS protection, security services, Tunnel. Global edge network.

AI Model Providers:

  • OpenRouter — AI model API routing, credit management. Processes: API requests routed to AI model providers on your behalf.
  • Third-party AI model providers (accessible via OpenRouter) — Process conversation data as directed by your AI agent configurations. Each provider operates under its own privacy policy.

Payment & Billing:

  • Stripe — Payment processing, subscription management, billing. Processes: payment card data (not stored by realvco), billing address, transaction history.

Communications:

  • ZeptoMail (a Zoho product) — Transactional email delivery. Processes: email address, email content for service notifications. Regions: Asia-Pacific / global (Zoho is an India-based company).

Development & Operations:

  • GitHub — Code hosting, CI/CD, development collaboration. Note: does not process end-user personal data.

The above list reflects the sub-processors we currently use. We will not add new sub-processors without prior written notice. If the list changes (additions, removals, or replacements), we will notify you in advance via email or through your account dashboard. These providers act as data processors and may only process your data according to our instructions and for the purposes specified in our agreements.

Legal and Safety Disclosures

We may disclose your information when required by law or when we believe in good faith that disclosure is necessary to:

  • Comply with applicable laws, regulations, or legal processes.
  • Protect the rights, property, or safety of realvco, our users, or the public.
  • Detect, prevent, or address fraud, security, or technical issues.
  • Enforce our Terms of Service.

Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your personal information may be transferred as part of the transaction. We will notify you via email and/or a prominent notice on our website before your information becomes subject to a different privacy policy.

International Data Transfers

Cross-Border

Where Your Data Is Processed

Realvco is headquartered in the United States. Your personal information may be transferred to and processed in countries other than your country of residence, including countries where our infrastructure providers operate (primarily the United States, European Union, Japan, Singapore, and other regions).

Transfer Safeguards

When we transfer personal data outside your jurisdiction, we implement appropriate safeguards:

  • EEA/UK Transfers: We use Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented by transfer impact assessments where required.
  • Contractual Protections: All service providers are bound by data processing agreements that require them to protect your data to standards consistent with applicable privacy laws.
  • Technical Measures: Data is encrypted in transit (TLS 1.2+) and at rest, with access controls and audit logging.

Data Retention

How Long We Keep Data

Retention Periods

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected:

  • Account Data: Duration of your active account plus 90 days after deletion.
  • Billing and Transaction Records: 7 years after the transaction (required by tax and accounting regulations).
  • Service Usage Logs: 90 days on a rolling basis.
  • Customer Support Records: 2 years after the last interaction.
  • Cookie Consent Records: 3 years (for compliance evidence).
  • Server Access Logs: 30–90 days.

Deletion Process

When you delete your account or request data deletion, we will:

  • Remove your personal data from active systems within 30 days.
  • Purge backup copies within an additional 30 days.
  • Retain only data required by law (e.g., billing records for tax compliance) in a restricted, access-controlled environment.
  • Notify relevant third-party processors to delete your data.

Data Security

Protection Measures

Security Measures

We implement commercially reasonable technical and organizational measures to protect your personal information, including:

  • Encryption of data in transit (TLS 1.2+) and at rest.
  • Isolated container environments for each customer's AI agents.
  • Secure access controls and authentication mechanisms.
  • Regular security assessments and monitoring.
  • Network-level protection through Cloudflare.

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours of becoming aware of the breach (where required by GDPR).
  • Notify affected individuals without undue delay when the breach is likely to result in high risk.
  • Document all breaches internally, regardless of whether notification is required.
  • Take immediate steps to contain and remediate the breach.

Your Rights

Privacy Rights

Rights Under GDPR (EEA/UK)

If you are located in the European Economic Area or the United Kingdom, you have the following rights:

  • Right of Access (Art. 15): Request a copy of the personal data we hold about you.
  • Right to Rectification (Art. 16): Request correction of inaccurate data.
  • Right to Erasure (Art. 17): Request deletion of your personal data.
  • Right to Restrict Processing (Art. 18): Request limitation of how we use your data.
  • Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format.
  • Right to Object (Art. 21): Object to processing based on legitimate interests.
  • Right Not to Be Subject to Automated Decision-Making (Art. 22): Object to decisions made solely by automated means.
  • Right to Lodge a Complaint: File a complaint with your local data protection authority.

We will respond to your request within one month. This period may be extended by two additional months for complex requests.

Rights Under CCPA/CPRA (California)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to Know: Request information about the categories and specific pieces of personal information we have collected.
  • Right to Delete: Request deletion of your personal information.
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Opt-Out: Opt out of the sale or sharing of your personal information. Note: realvco does not sell or share your personal information.
  • Right to Limit Use of Sensitive Personal Information: Limit the use of sensitive personal information to what is necessary for service delivery.
  • Right to Non-Discrimination: Exercise your rights without receiving discriminatory treatment.

We honor Global Privacy Control (GPC) signals. To exercise your rights, contact us at privacy@realvco.com.

Rights Under Taiwan PDPA

If you are a Taiwan resident, you have the following rights under the Personal Data Protection Act (PDPA):

  • Right to inquire, review, and request copies of your personal data.
  • Right to request supplementation or correction.
  • Right to request cessation of collection, processing, or use.
  • Right to request deletion.

To exercise your rights, contact us at privacy@realvco.com.

Rights Under Other Jurisdictions

We respect the privacy rights of users worldwide. If you are located in a jurisdiction with applicable data protection laws — including but not limited to Brazil (LGPD), Canada (PIPEDA), Japan (APPI), South Korea (PIPA), Singapore (PDPA), Thailand (PDPA), or Australia (Privacy Act) — you may exercise your rights by contacting us. We will respond in accordance with the applicable law.

Cookies & Tracking Technologies

Cookie Policy

Types of Cookies We Use

We use the following categories of cookies:

  • Strictly Necessary Cookies: Essential for website functionality (login sessions, security tokens, load balancing). These do not require consent.
  • Analytics Cookies: Help us understand how visitors interact with our website (e.g., Cloudflare Web Analytics). We seek consent before setting these cookies where required by law.
  • Functional Cookies: Remember your preferences such as language and display settings.

We do not use marketing or advertising cookies. We do not engage in cross-site tracking.

Managing Cookies

You can control cookies through:

  • Our cookie consent banner (available to users in jurisdictions that require it).
  • Your browser settings — most browsers allow you to block or delete cookies.
  • Global Privacy Control (GPC) — we honor GPC signals as a valid opt-out request.

Disabling essential cookies may affect the functionality of our website.

Children's Privacy

Age Restrictions

Age Requirement

Our services are not directed to individuals under the age of 20 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal information from children.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@realvco.com. We will promptly delete such information from our systems.

Third-Party Services

External Links

Third-Party Disclaimer

Our service relies on third-party providers, including but not limited to AI model providers (e.g., OpenAI, Anthropic), messaging platforms (e.g., LINE, Telegram, WhatsApp), and infrastructure providers. Realvco is not responsible for the availability, accuracy, security, or privacy practices of these third-party services.

Your use of third-party services accessed through our platform is governed by their respective privacy policies and terms of service. We encourage you to review them before use.

Open-Source Software

Our services are built upon and incorporate open-source software products, including but not limited to OpenClaw and other open-source programs, frameworks, libraries, and tools. These open-source components may be pre-installed, bundled, or otherwise integrated into the service environment we provide to you.

Open-source software is provided under its respective license terms (e.g., MIT, Apache 2.0, GPL, etc.) on an "as is" basis, without warranties of any kind. Realvco does not guarantee the functionality, security, compatibility, or fitness for any particular purpose of any open-source software used in or delivered through our services.

Realvco shall not be liable for any damages, data loss, service interruption, or other issues arising from the use, malfunction, vulnerability, or incompatibility of open-source software components, whether pre-installed by us or subsequently installed by you. You acknowledge and accept the inherent risks associated with the use of open-source software.

Limitation of Liability

Disclaimers

Service Disclaimer

Our services are provided on an "as is" and "as available" basis without warranties of any kind, whether express or implied, including but not limited to warranties of merchantability, fitness for a particular purpose, and non-infringement.

Realvco does not guarantee that AI-generated content is accurate, complete, or suitable for any particular purpose. You are solely responsible for reviewing and using AI-generated content at your own risk.

Your Responsibilities

As a user of our platform, you agree to:

  • Ensure that your use of AI agents complies with all applicable laws and regulations, including data protection laws.
  • Obtain all necessary consents from end users before deploying AI agents that interact with them.
  • Safeguard your account credentials and promptly notify us of any unauthorized access.
  • Not use our services for any unlawful, harmful, or abusive purposes.

Changes to This Policy

Updates

How We Update This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will:

  • Post the updated policy on our website with a revised "Last Updated" date.
  • Notify you via email for significant changes that affect your rights or our data practices.

Your continued use of our services after the updated policy becomes effective constitutes your acceptance of the changes. If you do not agree with the updated policy, you should discontinue use of our services.

Last Updated: April 6, 2026

Contact Us

Get in Touch

Privacy Inquiries

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We aim to respond to all privacy-related inquiries within 30 days.

If you are located in the EEA and are not satisfied with our response, you have the right to lodge a complaint with your local Data Protection Authority.