Privacy Policy

Last updated: April 30, 2026

IO-AI TECH ("IO-AI", "we", "us", or "our") respects the privacy and data security expectations of customers, partners, website visitors, and product users. Because our business focuses on real-world robotics and embodied AI data solutions, we handle personal information and usage data with care, transparency, and data minimization.

This Privacy Policy explains how we collect, use, store, share, and protect information through io-ai.tech, related product pages, feedback pages, and selected sub-applications. It does not replace any confidentiality agreement, data processing agreement, service agreement, or project contract we enter into with a customer. If a signed agreement provides stricter protections, that agreement controls for the relevant engagement.

1. Information We Collect

We may process the following categories of information:

  • Website and analytics data: pages visited, time of visit, referral source, device type, operating system, browser type, language settings, approximate region, page interactions, and performance data. We use Google Analytics across the website with IP anonymization enabled.
  • Behavior and experience data: in selected sub-applications, we use Microsoft Clarity to understand scrolling, clicks, session replay, heatmaps, and interface usage so we can improve product experience. Clarity may collect interaction information through cookies, session identifiers, and similar technologies.
  • Contact and feedback information: when you contact us through a feedback page, contact form, or email, we may collect the name, company, title, email address, phone number, request details, feedback content, and related support records you provide.
  • Business communication information: emails, meeting notes, requirement records, and follow-up status related to sales, customer success, technical support, or partnerships.
  • Security and log information: IP address, access logs, error logs, request timestamps, user agent, and security event records used to maintain service security, troubleshoot issues, and prevent abuse.

Unless you submit it voluntarily or a customer agreement requires otherwise, we do not ask you to provide sensitive personal information through this website. Please do not submit government ID numbers, financial account data, precise biometric information, health information, or other unnecessary sensitive information in public forms.

2. How We Use Information

We use information only for defined purposes and to the extent reasonably necessary, including to:

  • Provide, maintain, secure, and improve our website, product pages, sub-applications, and customer support.
  • Measure traffic trends and understand how users discover and use our content.
  • Analyze website performance through Google Analytics and improve selected sub-application experiences through Microsoft Clarity.
  • Respond to inquiries, feedback, demo requests, business requests, or technical support requests.
  • Archive feedback page submissions and route them to customer support or relevant business teams for follow-up.
  • Monitor security, troubleshoot errors, prevent fraud or abuse, and conduct system audits.
  • Comply with contracts, legal obligations, regulatory requirements, or protect our rights and the rights of others.

3. Legal Bases

Where applicable law requires a legal basis for processing, we generally rely on:

  • Consent: for example, when you submit a contact form or where applicable law requires consent for cookies and similar technologies.
  • Contract performance or pre-contractual steps: for example, when we respond to a service inquiry, demo request, or support request.
  • Legitimate interests: for example, improving website experience, analyzing service usage, maintaining security, communicating with customers, and preventing abuse. We balance these interests against your rights and reasonable expectations.
  • Legal obligations: for example, retaining or disclosing information required by law, regulation, audit, tax, or dispute resolution obligations.

4. Cookies, Analytics, and Behavior Technologies

We use cookies, pixels, SDKs, local storage, and similar technologies to support website operation, traffic analytics, security, and experience improvement.

Google Analytics

We use Google Analytics across the website to measure traffic and usage, with IP anonymization enabled. Google Analytics may collect pages visited, visit time, device and browser information, referral information, interaction events, and approximate region. Google processes this data according to its own policies.

You can restrict cookies through your browser settings or opt out of Google Analytics by using the Google Analytics Opt-out Browser Add-on.

Microsoft Clarity

We use Microsoft Clarity in selected sub-applications to understand how users interact with pages and improve product experience. Clarity may record clicks, scrolling, navigation, session replay, and heatmaps. We use this information to identify usability issues, optimize flows, and improve product quality.

You can manage related tracking through browser cookie settings, privacy settings, or Microsoft privacy controls. Microsoft describes its processing in the Microsoft Privacy Statement.

5. How We Share Information

We do not sell personal information. We share or disclose information only where necessary, including with:

  • Service providers and processors: such as cloud infrastructure, analytics tools, behavior analytics tools, email and customer support tools, logging providers, and security vendors. These parties may process information only under our instructions and contractual safeguards.
  • Affiliates or authorized teams: where needed for customer service, business communication, technical support, product improvement, and internal administration.
  • Customer support and business handling: information submitted through feedback pages is archived and routed to customer support, sales, product, or technical teams for follow-up.
  • Legal and safety recipients: where required by law, regulation, court process, government request, dispute handling, security incident investigation, or protection of legal rights.
  • Corporate transaction parties: in connection with a merger, financing, acquisition, reorganization, asset transfer, or similar transaction, information may be reviewed or transferred subject to continued protection obligations.

6. International Transfers

We provide embodied AI data solutions to customers globally. Your information may be accessed, processed, or stored outside your country or region, including in China, Singapore, Japan, the United States, the European Union, or other regions where we or our service providers operate.

Where applicable law requires safeguards for cross-border transfers, we use appropriate measures such as contractual obligations, data processing agreements, standard contractual clauses, access controls, encryption, data minimization, vendor assessments, or other applicable mechanisms.

7. Retention

We retain information only for as long as necessary for the purposes described in this Policy, or as required for contracts, legal obligations, audits, tax, dispute resolution, and security.

  • Website analytics and behavior data are typically retained according to third-party tool settings and our internal analytics needs.
  • Contact form and feedback information is archived for customer support follow-up, customer relationship management, quality improvement, and dispute handling.
  • If you request deletion or withdraw consent, we will act within the limits of applicable law and feasible system backup cycles.

When information is no longer needed, we delete it, anonymize it, or otherwise make it reasonably non-identifiable.

8. Data Security

We use reasonable technical and organizational measures to protect information, including access control, encrypted transmission, least-privilege permissions, log review, security monitoring, vendor management, internal confidentiality obligations, and employee security awareness. For embodied AI data handled in customer projects, we also apply contractual safeguards such as isolation, permission management, transfer protection, annotation workflow controls, and delivery review.

No system can be guaranteed to be completely secure. If a data security incident may affect your rights or interests, we will assess, respond, notify, and remediate as required by applicable law and contract.

9. Security Vulnerability Reporting

If you discover or suspect a security vulnerability, information leak, unauthorized access issue, misconfiguration, or other cybersecurity risk affecting io-ai.tech, our product pages, sub-applications, APIs, configurations, or data processing flows, please report it to platform@io-ai.tech. This address is dedicated to website security and information leakage reports. General privacy rights requests, business inquiries, and customer support requests should still be sent to io@io-ai.tech.

To help us assess and remediate issues quickly, please include the affected URL, system, or feature; vulnerability type and impact; reproduction steps; relevant screenshots, request samples, or logs; discovery time; and contact information for follow-up.

We welcome good-faith, responsible security research. When testing, please avoid disrupting services, bypassing authorization boundaries to access unnecessary data, exporting or disclosing data, maintaining persistent access, planting malicious code, conducting social engineering, phishing, spam, denial-of-service attacks, or affecting third-party, customer, employee, or other user data and systems. If you accidentally access personal information, customer data, or non-public information during validation, please stop testing immediately, avoid further access, copying, or disclosure, and describe the situation in your report.

10. Your Rights

Depending on where you are located and which law applies, you may have rights to:

  • Access, correct, supplement, or delete your personal information.
  • Withdraw consent or restrict or object to certain processing.
  • Request an explanation of our processing rules.
  • Request a copy of personal information or data portability.
  • Close an account or opt out of certain marketing communications.
  • Object to automated decision-making or profiling, where applicable.
  • Lodge a complaint with a supervisory authority.

For processing subject to China's Personal Information Protection Law (PIPL), you may exercise rights to access, copy, correct, supplement, delete, withdraw consent, restrict or refuse processing, and request explanations as provided by law.

For processing subject to the GDPR, you may exercise rights of access, rectification, erasure, restriction, objection, data portability, and withdrawal of consent as provided by law.

For California residents subject to the CCPA/CPRA, you may request to know, access, correct, delete, limit the use of sensitive personal information, opt out of sale or sharing of personal information, and be free from discrimination for exercising your rights. We do not sell personal information.

To exercise your rights, contact us using the details below. To protect your information, we may need to verify your identity and clarify the scope of your request.

11. Children

Our business website, product pages, and customer-facing services are intended only for enterprise customers, professional users, and authorized contacts who have full legal capacity. They are not directed to children or minors, and we do not provide products, services, or marketing activities to minors. Minors must not use our services, submit feedback forms, send business inquiries, create business requests, or provide any personal information to us on their own.

We do not knowingly collect, use, or retain personal information from minors. If we learn that a minor has provided personal information to us without valid authorization from a parent, guardian, or legal representative, we will delete or anonymize the relevant information as soon as reasonably practicable and stop further processing based on that information, to the extent permitted by applicable law.

If you are a parent, guardian, or legal representative of a minor and believe that the minor has provided personal information to us, please contact us using the details below. To protect the minor's interests, we may need to verify your identity, guardianship, or representative authority before handling the request.

12. Third-Party Websites and Services

Our website may contain links to third-party websites, social media, plugins, or services. Their privacy practices are not governed by this Policy. Please review their privacy policies before using third-party services.

13. Policy Updates

We may update this Policy to reflect business, technical, legal, or compliance changes. Material changes will be announced on the website or through other appropriate means. The updated Policy is effective from the date shown on this page.

14. Contact Us

If you have questions, requests, or complaints about this Policy or our data processing, please contact us: