Privacy Policy

We collect a small, deliberate set of information — only what the platform actually needs to operate.

• Public product data — robot specifications, press releases, case studies, funding records, and similar information we aggregate from public sources. Each fact links back to the page or document we sourced it from.
• Account & profile data — when you create a company account, we store your email address, hashed password (or OAuth identifier), display name, the company you represent, and the verification artefacts you submit (for example a domain match or name-card).
• Submitted profile content — anything you add to your company profile (descriptions, case studies, awards, milestones, media URLs). This is intentionally public.
• Billing data — for paid plans we store your payment-provider customer ID, plan, billing email, and order status. We never see or store card numbers — our payment provider (Airwallex) handles all card data.
• Lead & inquiry data — when a buyer submits a quote or demo request through a company page, we collect their name, email, company, and message so we can forward it. See section 4.
• Profile-view analytics — page views, comparison appearances, and search impressions per company profile. Tied to anonymous session IDs, never to a named individual, and aggregated before display.
• Feedback & support messages — anything you send through the feedback widget or support email. Retained up to 90 days for quality purposes.
• Operational logs — server, error, and security logs containing IP address, user agent, request path, and timestamp. Used for debugging, abuse prevention, and rate-limiting.

We use the data above for the following purposes, and only these:

• Operating the platform — rendering the leaderboard, computing the Robolist Score, serving company and robot pages, and powering search and comparison.
• Account & access control — letting you sign in, claim a company, manage seats, and edit your profile.
• Buyer-to-company introductions — forwarding inquiries to the listed company so they can respond directly.
• Billing & subscription management — processing payments and sending receipts through Airwallex.
• Transactional email — verification links, claim confirmations, lead notifications, billing receipts, and security alerts. We do not send marketing email without explicit opt-in.
• Security & abuse prevention — detecting credential abuse, scraping that degrades service for others, and inauthentic claims.
• Product improvement — aggregate and anonymised usage data to decide what to build next.

We do not sell personal data, and we do not share it for cross-context behavioural advertising. Sponsored placements, when present, are clearly labelled and never affect the organic Robolist Score — see methodology.

AI training. We do not train Robolist's own models on user-submitted profile content, dashboard data, lead messages, or chat transcripts without explicit consent. AI features that operate on a company's own materials run on data the listed company has chosen to expose, and we use third-party model providers under contracts that prohibit them from training their general-purpose models on our customer data.

Robolist.ai is privacy-first by design. We do not use third-party advertising or cross-site tracking cookies. The cookies and storage we do use are limited to:

• Authentication — a session cookie set when you sign in to a company dashboard. Required for the dashboard to work.
• CSRF / security tokens — short-lived tokens used to protect form submissions.
• Preference storage — a small amount of local storage to remember UI preferences such as collapsed sidebars or chosen units.
• Aggregate analytics — privacy-respecting page-view counters that record only the URL, referrer, country (derived from IP and not stored), and a hashed daily session identifier. No fingerprinting. No cross-site identifiers. No advertising profiles.

EU and UK visitors may see a one-time cookie notice on first visit confirming the strictly-necessary cookies above and offering opt-in for any future non-essential cookies (we currently use none). Choices made via that notice are remembered locally; you can clear them by clearing your browser's site data for robolist.ai.

When a buyer submits a quote or demo request through a robot or company page, the message is forwarded to the company that owns the listing. Lead data is held by Robolist.ai for up to 72 hours for delivery, dispute, and abuse-prevention purposes, then permanently deleted from our database.

The receiving company becomes an independent controller of any lead data they choose to retain. That company's use of the data is governed by their own privacy policy. Robolist.ai is not a party to and is not responsible for what the company does with the lead after delivery, but we expect listed companies to handle inquiries lawfully and to honour reasonable data-deletion requests.

Buyers who want a lead retracted from Robolist.ai can email support@robolist.ai and we will delete it from our systems within 72 hours.

We keep data only as long as it is useful for the purpose it was collected, plus any period required by law. At a glance:

Wherever you live, you have the right to ask what personal data we hold about you, to correct it if it is wrong, and to ask us to delete it. Depending on your jurisdiction (Hong Kong PDPO, EU/UK GDPR, California CCPA, and similar regimes), you may also have the right to data portability, to object to certain processing, and to withdraw consent.

To exercise any of these rights, email support@robolist.ai. We will verify the request and respond within 48 hours, and complete most requests within these target windows:

• Lead data deletion — within 72 hours.
• Account data deletion — within 30 days (longer where billing or legal records must be retained).
• Access & portability — a structured export delivered within 30 days.
• Public listing corrections — usually actioned within 48 hours; we will tell you if the correction requires sourcing new documentation.

If you believe we have mishandled your data, you have the right to complain to your local data-protection authority — for example the Hong Kong PCPD, the EU/UK supervisory authority where you live, or your state attorney general in the US.

Robolist.ai is operated from Hong Kong. Some of our service providers store or process data in the United States, the European Union, or other regions. When data leaves your jurisdiction, we rely on the legal mechanisms each provider offers — Standard Contractual Clauses for EU/UK transfers, equivalent frameworks for other regions — and on our own contractual safeguards.

Enterprise customers who need a Data Processing Addendum (DPA), a sub-processor notification feed, or a copy of the relevant Standard Contractual Clauses can request one from support@robolist.ai.

We take security seriously without making it theatrical:

• Encryption in transit — TLS on every public endpoint and every service-provider connection.
• Encryption at rest — managed by our database and storage providers.
• Access control — production data is accessible only to staff who need it, behind individual accounts with multi-factor authentication. Row-level security enforces tenant boundaries inside the database.
• Secrets management — credentials live in managed secret stores, not source code.
• Monitoring — error and anomaly monitoring via Sentry; suspicious traffic patterns are rate-limited or blocked at the edge.
• Breach notification — if a breach affects your personal data, we will notify you and the relevant authorities as required by applicable law.

No system is perfectly secure. Report a vulnerability to support@robolist.ai and we will respond promptly.

Robolist.ai is a B2B platform for the robotics industry. The Service is not directed at children, and we do not knowingly collect personal data from anyone under 16. If you believe we have data about a minor, write to support@robolist.ai and we will delete it.

Lawful basis (GDPR / UK GDPR Article 6). Where European law applies, we rely on the following bases for the processing described in section 2:

• Performance of a contract — for account creation, claim verification, billing, subscription management, and forwarding of buyer leads.
• Legitimate interests — for security monitoring, abuse detection, aggregate analytics, and product improvement. We balance these interests against your privacy and you may object at any time.
• Legal obligation — for tax, accounting, and lawful-request compliance.
• Consent — for marketing email and any non-essential cookies. You may withdraw consent at any time without affecting prior processing.

Automated processing (Article 22). The Robolist Score is computed by an algorithm using public, source-cited inputs, according to our open methodology. The Score is informational and does not produce legal effects, or other similarly significant effects, for any individual. If you believe a Score for a company you represent is wrong, write to support@robolist.ai for manual review.

European Economic Area, United Kingdom & Switzerland. You have the rights described in section 6 plus the right to lodge a complaint with your local supervisory authority. Robolist.ai does not maintain an EU establishment at present; we will appoint an Article 27 representative if and when our processing of EU residents' data crosses the threshold that requires one. Until then, write to support@robolist.ai for any GDPR request.

Mainland China (PIPL). If you submit personal information from mainland China, your data is transferred to and processed outside mainland China — primarily in Hong Kong, and via service providers in the United States and the European Union. Where required by the Personal Information Protection Law, your continued use of the Service after reading this notice constitutes the separate consent contemplated by Article 39 for that cross-border transfer. You may withdraw this consent at any time by closing your account; we will then delete your data per the schedule in section 5.

California (CCPA / CPRA). California residents have the right to know, delete, correct, and limit the use of personal information, plus the right not to be discriminated against for exercising those rights. Robolist.ai does not sell or share personal information for cross-context behavioural advertising and does not run a financial-incentive program. Use the support address above to exercise your rights; we will verify the request before responding.

Hong Kong (PDPO). The Personal Data (Privacy) Ordinance applies to our processing in Hong Kong. You may also lodge a complaint with the Hong Kong Privacy Commissioner for Personal Data (PCPD).

We may update this policy as the platform evolves. When we do, we will update the Last updated date at the top of this page. Material changes — for example a new service provider or a new category of data collection — will be announced on the site and, for active subscribers, by email at least 30 days before they take effect. Continued use of the Service after a change takes effect means you accept the revised policy.

For privacy questions, data requests, or DPA copies:

• Privacy & data requests: support@robolist.ai
• Data corrections & takedowns: support@robolist.ai
• Press: pr@robolist.ai
• Operator: 67lab Limited, Hong Kong SAR.