Skip to main content

Privacy Policy


Last Updated: March 20th, 2026



1. About This Policy
Realtime Robotics, Inc. ("Realtime Robotics," "we," "us," or "our") is committed to protecting your personal information and being transparent about how we collect, use, and share it. This Privacy Policy applies to:

  • Users of our products or services including but not limited to Resolver and Rapidplan
  • Employees, contractors, and operators of our customers that interact with our Product and Services

Our registered address is: Realtime Robotics, Inc., 27 Wormwood St, Ste 110, Boston, MA 02210, United States.

For GDPR purposes, Realtime Robotics acts as a Data Controller for information collected via our website, and as a Data Processor for operational and customer data processed through Resolver and RapidPlan on behalf of our enterprise customers.


2. Information We Collect

2.1 Software Product Users (Resolver and RapidPlan)
When enterprise customers deploy and use our software products, we may process the following categories of data on behalf of our customers:

Personal Information we collect includes:

  • Employee and operator data: Usernames, email addresses, role assignments, system access logs, and activity records for individuals authorized to use the software

In addition to the personal information listed above, Realtime Robotics also collects other data through customer use of Resolver and RapidPlan, including:

  • Robot motion and path data: Trajectories, motion plans, and path optimization outputs generated during use of Resolver or RapidPlan
  • Factory floor and operational data: Facility layouts, workspace configurations, robot cell design files, and production environment parameters
  • System and diagnostic data: Log files, performance metrics, error reports, and usage telemetry necessary for product support and improvement

We do not require or request personal data beyond what is necessary to provide and support the Services. Enterprise customers are responsible for ensuring they have appropriate authority to submit personal data of their employees and operators to our Services. All enterprise customers must agree to and sign the Realtime Robotics, Inc. terms and conditions to use our Services.


3. How We Use Your Information
We use data processed through Resolver and RapidPlan to:

  • Deliver, operate, and maintain the Services under our customer agreements
  • Provide technical support and troubleshoot issues
  • Monitor system performance and ensure reliability
  • Improve and develop product features (using de-identified or aggregated data only, unless otherwise agreed)
  • Comply with legal obligations

We do not use customer operational data (including robot motion data or factory floor layouts) for advertising purposes, without removing proprietary designs and asking customer consent, and we do not sell or rent such data to third parties.


4. Legal Basis for Processing (GDPR)
For individuals in the EU/EEA and UK, we process personal data on the following legal bases:

  • Contract performance: Processing necessary to deliver the Services under our agreements with enterprise customers
  • Legitimate interests: Analyzing website usage, improving our products, and communicating with prospective customers, where not overridden by your interests or rights
  • Consent: Where you have provided explicit consent, such as for marketing emails or the use of non-essential cookies
  • Legal obligation: Where processing is required to comply with applicable law

You may withdraw consent at any time without affecting the lawfulness of prior processing. To do so, contact privacy@rtr.ai. Please note, a request to delete personal data will result in the termination of your Resolver account and associated access.


5. Tracking Technologies and Service Data Collection
When you use Resolver, we collect certain data automatically to operate, secure, and improve our product and services. These technologies include:

  • Authentication cookies — used to manage your session and maintain secure access to the Service.
  • Browser storage — used to retain UI preferences and application state across sessions.
  • Server logs — we collect IP addresses, request metadata, and timestamps to support operations, troubleshoot issues, and maintain service integrity.
  • Usage analytics — we collect telemetry on feature usage and performance to understand how the Service is used and to guide product improvements.
  • Security monitoring logs — activity within the Service is logged to detect and respond to unauthorized access or anomalous behavior.

By using our Service, you are consenting to these tracking technologies. For California residents, see Section 10 for information about your rights under the CCPA.


6. Data Sharing
We share personal data with trusted third-party service providers who process data on our behalf and under our instructions.

6.1 Subprocessors
Vendors that process end users' personal data on our behalf. All subprocessors are contractually bound to process data only as instructed and to maintain appropriate security measures.

  • Infrastructure — Cloud Hosting & Compute, Cloud Storage & Databases, CDN
  • Security & Identity — Authentication & Identity
  • Observability & Analytics — Analytics, Monitoring & Feature Flagging, Error & Application Monitoring tools
  • Communication & Support — Customer Support, Email & Communications, Video Conferencing, Internal Collaboration tools
  • Legal & Document Management — E-Signature, Document Security
  • AI — Agents used for internal use
  • Product & Engineering — Project Management Tools, Collaborative Whiteboarding, CAD & Engineering Software
  • Sales & Customer Success — CRM, Remote Access & Support, & Sales Tools

We maintain an up-to-date subprocessor list. Customers may request a copy by contacting privacy@rtr.ai. We will provide customers with notice of any intended changes concerning the addition or replacement of subprocessors.

6.2 Non-Subprocessors (Third-Party Controllers)
Vendors that receive personal data but process it for their own purposes under their own privacy policies.

  • Payment Processing — Billing, subscription management, and payment handling
  • Accounting & Finance — Financial recordkeeping, AP & AR tools
  • Marketing & Advertising — Email marketing, campaign management, and ad platforms
  • Data Enrichment — Supplementing customer or lead data with third-party information
  • Security & Fraud Prevention — Threat detection, vulnerability scanning, and fraud monitoring

6.3 Business Transfers
In the event of a merger, acquisition, financing, or sale of assets, your personal data may be transferred to the successor entity. We will provide advance notice and ensure the receiving party is bound by equivalent privacy protections.

6.4 Legal Disclosure
We may disclose personal data if required to do so by law, regulation, or valid legal process (such as a court order or government request), or where we believe disclosure is necessary to:

  • Comply with a legal obligation
  • Protect the rights, property, or safety of Realtime Robotics, our customers, or the public
  • Detect, prevent, or investigate potential fraud, security incidents, or wrongdoing

6.5 What We Do Not Do
We do not:

  • Sell personal data to third parties for their own commercial purposes
  • Use customer operational or factory data for advertising, without removing proprietary designs and asking customer consent
  • Share personal data with affiliates or business partners for their independent marketing purposes without your consent

7. International Data Transfers
Realtime Robotics is headquartered in the United States. Your personal data may be transferred to and processed in the United States or other countries outside your jurisdiction.

For transfers of personal data from the EU/EEA or UK to the United States, we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission, incorporated into our Data Processing Agreements with enterprise customers
  • The UK International Data Transfer Agreement (IDTA) for transfers involving UK personal data
  • Partners that are certified under the Data Privacy Framework (like Clerk).

Enterprise customers requiring specific data residency arrangements (e.g., EU-only hosting on AWS eu-west regions) should contact privacy@rtr.ai to discuss options.

8. Data Retention
We retain personal data for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law.

  • Customer account and contract data: Retained for the duration of the customer relationship plus 7 years to comply with legal and financial record-keeping obligations
  • Software product operational data: Retained per the terms of the applicable customer agreement; we will delete or return data upon written request
  • Log and diagnostic data: Retained for up to 12 months unless required longer for security investigations or legal proceedings

Upon expiration of the applicable retention period, we will securely delete or anonymize personal data.

9. Security
We implement appropriate technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, or destruction. Our security practices include:

  • Encryption of data in transit using TLS 1.2 or higher
  • Encryption of data at rest within AWS infrastructure
  • Role-based access controls and least-privilege principles
  • Regular security assessments and vulnerability management
  • Employee security awareness training

We are currently pursuing SOC 2 Type I and Type II certification, as well as ISO 27001 certification. Customers requiring security documentation may request our current security posture summary by contacting privacy@rtr.ai.

In the event of a personal data breach that poses a risk to individuals' rights and freedoms, we will notify affected enterprise customers and, where required, relevant supervisory authorities within the timeframes required by applicable law. We enforce input validation, restrict data modification access, log changes, and perform periodic reconciliations to ensure data accuracy

10. Your Rights


10.1 Rights Under GDPR (EU/EEA and UK Residents)
If you are located in the EU/EEA or UK, you have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you
  • Right to rectification: Request correction of inaccurate or incomplete data
  • Right to erasure: Request deletion of your personal data where there is no legitimate basis for continued processing
  • Right to restriction: Request that we limit how we process your data in certain circumstances
  • Right to data portability: Receive your personal data in a structured, machine-readable format
  • Right to object: Object to processing based on legitimate interests or for direct marketing
  • Rights related to automated decision-making: Request human review of decisions made solely by automated means that significantly affect you

To exercise your rights, contact privacy@rtr.ai. We will respond within 30 days. We may ask you to verify your identity before processing your request. You also have the right to lodge a complaint with your local supervisory authority (e.g., your national Data Protection Authority in the EU, or the ICO in the UK).

10.2 Rights Under CCPA/CPRA (California Residents)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA):

Your Privacy Rights
  • Right to Know: You have the right to know what personal information we collect, use, disclose, and share, including the categories of personal information, the purposes for which it is used, and the categories of third parties with whom it is shared.
  • Right to Access & Data Portability: You have the right to request a copy of the specific personal information we have collected about you, in a portable and readily usable format.
  • Right to Correct: You have the right to request that we correct inaccurate personal information we maintain about you.
  • Right to Delete: You have the right to request deletion of personal information we have collected about you, subject to certain exceptions permitted by law.
  • Right to Opt Out of Sale or Sharing: We do not sell your personal information. However, to the extent any data sharing with partners qualifies as a "sale" or "sharing" for cross-context behavioral advertising under CCPA/CPRA, you have the right to opt out. To do so, contact us at privacy@rtr.ai.
  • Right to Limit Use of Sensitive Personal Information: To the extent we collect sensitive personal information, you have the right to direct us to limit its use and disclosure to only what is necessary to perform the Services.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you goods or services, charge you different prices, or provide a different level of quality as a result of you exercising these rights.

Sensitive Personal Information
To the extent we collect sensitive personal information in connection with the Services, such collection is limited to what is necessary to provide and support the Services. We do not use sensitive personal information for purposes beyond those permitted under CPRA.

Retention of Personal Information
We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, to provide the Services, or as required by applicable law. For more information on our specific retention practices, please contact us at privacy@rtr.ai.

How to Submit a Request
To exercise any of the rights described above, you or your authorized agent may submit a request by:

  • Emailing us at privacy@rtr.ai, or
  • Contacting us using the information provided in Section 14

Authorized Agents: You may designate an authorized agent to submit a request on your behalf. We may require written proof of the agent's authorization and may verify your identity directly before processing the request.

Verification: To protect your personal information, we will verify your identity before fulfilling any rights request. The verification process may require you to provide information that matches what we have on file for you. We will not fulfill requests we are unable to verify.

Response Timing
We will respond to your request within 45 days of receipt. If we require additional time, we will notify you within the original 45-day window and may extend our response by an additional 45 days, for a maximum total of 90 days.

10.3 Rights Under Other Applicable State Laws
Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Texas, and other US states with applicable privacy laws may have similar rights to those described above, including rights of access, correction, deletion, portability, and the right to opt out of targeted advertising or profiling. To exercise these rights, contact privacy@rtr.ai.

11. Data Processing Agreements (DPA)
Enterprise customers subject to GDPR, UK GDPR, or CCPA may require a formal Data Processing Agreement (DPA) with Realtime Robotics. Our DPA:

  • Defines the roles of Realtime Robotics as Data Processor and the customer as Data Controller
  • Incorporates Standard Contractual Clauses (SCCs) for international data transfers
  • Specifies subprocessor obligations and notification requirements
  • Describes security measures and breach notification procedures

To request a DPA or discuss your specific compliance requirements, contact privacy@rtr.ai. We aim to execute DPAs within 10 business days of request.

12. Additional Disclosures

12.1 Children's Privacy
Our Services are not directed to individuals under the age of 13 (or 16 in the EU/EEA). We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, please contact us immediately at privacy@rtr.ai, and we will take steps to delete it.

12.2 Automated Decision-Making
Our software products (Resolver and RapidPlan) use AI and machine learning to generate robot motion plans and path optimizations. Our software may also use AI and ML to make suggestions within our product interface. These outputs are technical recommendations used by our customers' engineers and operators and do not constitute automated decisions that produce significant legal or similarly significant effects on natural persons within the meaning of GDPR Article 22.

12.3 Links to Third-Party Websites
Our product may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies independently.

12.4 Do Not Track
Our service does not currently respond to browser Do Not Track (DNT) signals. You may manage tracking preferences through our cookie consent tool or through the preferences and settings of your web browser.

12.5 California Shine the Light
California residents with an established business relationship may request information once per year about any personal data shared with third parties for their direct marketing purposes. To submit such a request, contact privacy@rtr.ai.

13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, Services, or applicable law. Material changes will be communicated by:

  • Posting the updated policy with a revised "Last Updated" date
  • Sending an email notification to registered users or enterprise account contacts
  • Providing prominent notice on our website and within our product where required by law

Continued use of our Services after the effective date of any update constitutes acceptance of the revised Policy.

14. Contact Us
For questions, requests, or concerns about this Privacy Policy or our data practices:

Privacy Contact: privacy@rtr.ai or info@rtr.ai

Mailing Address: Realtime Robotics, Inc., 27 Wormwood St, Ste 110, Boston, MA 02210 For EU/EEA or UK-specific inquiries or to contact our Data Protection Officer or other representative, please email privacy@rtr.ai with the subject line "GDPR Inquiry" or "UK GDPR Inquiry."

We aim to respond to all privacy-related inquiries within 5 business days.