Prolinq LogoBeta

Privacy Policy

Last updated: December 27, 2025

1. Introduction

VantaRock Studios ("we", "our", or "us") operates Prolinq, an AI-powered customer service platform, and is committed to protecting the privacy of our users. This Privacy Policy outlines how we collect, use, store, and protect information when businesses and individuals sign up for Prolinq via our website and use our AI customer service chatbot powered by OpenAI. By signing up and using Prolinq, you agree to the terms outlined in this Privacy Policy.

2. Scope and Applicability

VantaRock Studios operates Prolinq from Guyana, South America. We provide services to users globally, including Australia.

For Australian Users:

We handle personal information in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988. Your personal information may be disclosed to overseas recipients located in the United States (OpenAI, Supabase, Cloudinary, SendGrid, LogRocket, Vercel) for the purposes described in this policy. By using our service, you consent to this cross-border disclosure.

For users in other regions with specific data protection laws (such as the GDPR in the European Union or CCPA in California), please note that our practices are tailored to our operational jurisdiction, though we strive to adhere to similar principles of data protection where applicable. Please contact us at support@vantarock.com if you have any specific data protection concerns.

3. Information We Collect

3.1. Business Information

When businesses sign up, we collect the following information:

  • Name and Location: Business name, physical address (street, city, country), and timezone.
  • Contact Information: Email addresses, phone numbers, WhatsApp numbers, and other contact details.
  • Business Details: Business category, description, hours of operation, and cover images.
  • Services and Products: Information regarding services offered (descriptions, costs, duration, booking questions, FAQs), and products (if applicable, including product names, descriptions, prices, images, and inventory levels).
  • Team Information: Names and roles of team members who may be assigned to customer bookings.
  • AI Settings: Preferences for AI features including smart booking mode, auto-assignment, greeting messages, and suggested questions.

3.2. Customer Information

When customers interact with a business via our chatbot, we collect:

  • Contact Information: Customer name, telephone number, email address, and WhatsApp number (when provided in chat or during booking). We may automatically extract this information from customer messages to streamline the booking process.
  • Booking Information: Booking requests including service selected, preferred date and time, customer responses to booking questions, notes, and booking status (pending, accepted, cancelled).
  • Product Orders: For businesses selling products, we collect product order information including selected products, quantities, and customer delivery information.
  • Chat Interactions: Complete chat conversation history including customer messages and AI responses. These are maintained for service delivery, improvement, and quality assurance, and are accessible to the business via their dashboard.
  • Session Information: Session identifiers, customer device fingerprints (for recognizing returning customers), session metadata, and timestamps of interactions.
  • AI Context: Information extracted from conversations to improve AI responses, including customer preferences and conversation context.

3.3. Analytics and Usage Information

We collect analytics data to improve our platform performance and user experience:

  • Session Recording: We use LogRocket to record user sessions, including screen recordings, clicks, page views, and interactions. This helps us identify bugs, improve user experience, and provide customer support. LogRocket does NOT capture IP addresses. Sensitive information such as passwords, email addresses in form fields, phone numbers, names, and payment information are automatically sanitized and not recorded.
  • Performance Metrics: We track chat response times, booking success rates, AI performance metrics, and system health indicators.
  • Browser Information: Browser type, version, operating system, device type, and screen resolution (collected via LogRocket).
  • Usage Patterns: Pages visited, features used, time spent on platform, and navigation paths.

3.4. Notification Data

If you enable browser push notifications:

  • Push Subscription: We store your browser's push notification endpoint URL and encryption keys to send you notifications about bookings, customer requests, and live agent requests.
  • Notification Preferences: Your notification settings and preferences for different types of alerts.

4. How We Use Your Information

We use the collected information for the following purposes:

  • AI Customer Service: To power our AI chatbot that responds to customer inquiries using business information and context from previous conversations.
  • Booking Management: To process, manage, and confirm booking requests including availability checking, slot recommendations, booking confirmations, and team member assignments.
  • Product Orders: To process product orders, manage inventory, and facilitate order fulfillment (for businesses with products enabled).
  • Communications: To send transactional emails (booking confirmations, cancellations, live agent notifications) via SendGrid, and push notifications about important events.
  • Service Improvement: To analyze chat performance, identify bugs, improve AI responses, and enhance user experience through session recordings and analytics.
  • Customer Support: To provide support to businesses and help troubleshoot issues using LogRocket session replays and chat history.
  • Platform Operations: To maintain platform security, prevent abuse, ensure system reliability, and optimize performance using caching (Redis) and database management (Supabase).
  • Dashboard Analytics: To provide businesses with insights into their bookings, chat conversations, AI performance, and customer interactions.

5. Data Retention

We retain different types of data for varying periods based on the purpose and legal requirements:

  • Chat Logs: Chat conversation history is retained for 30 days and then automatically deleted. This applies to conversation messages and session data. Businesses can review chat logs during this period via their dashboard.
  • Bookings and Orders: Booking records and product orders are retained for 7 years or as required by applicable law to maintain business records, support historical reporting, and comply with legal obligations. You may request deletion of specific bookings by contacting us, subject to our legal retention requirements.
  • Business Profile Data: Business information, services, FAQs, and team member data are retained for as long as your account is active. Upon account deletion, this data is permanently removed within 30 days.
  • LogRocket Sessions: Session recordings are retained according to LogRocket's retention policy (typically 30 days for free tier, longer for paid plans). These are automatically purged after the retention period.
  • Analytics Data: Aggregated and anonymized analytics data may be retained indefinitely for platform improvement and reporting purposes.
  • Notification Preferences: Email notification preferences and push notification subscriptions are retained until you unsubscribe or delete your account.

6. User Rights

Users have the following rights regarding their personal data:

  • Access: You can request access to your personal data held by us at any time. Business users can view their data via the dashboard.
  • Correction: If any information is inaccurate or incomplete, you may update it directly in your business settings or request corrections by contacting us.
  • Deletion: You may request the deletion of your data by contacting support@vantarock.com. Note that some data (such as historical bookings) may need to be retained for legal or business record-keeping purposes.
  • Export: You can request a copy of your data in a portable format.
  • Opt-Out of Analytics: You cannot currently opt-out of LogRocket session recording while using the platform, as it is essential for debugging and support. However, sensitive information is automatically sanitized from recordings.
  • Email Notifications: You can unsubscribe from transactional email notifications using the unsubscribe link in any email we send you, or by updating your notification preferences in your account settings.
  • Push Notifications: You can disable push notifications at any time through your browser settings or by revoking notification permissions.
  • Data Requests: For any inquiries or requests regarding your personal data, please contact us via email at support@vantarock.com.

7. Third-Party Services

We employ the following third-party service providers to support our platform. Each provider is contractually obligated to protect your information and comply with applicable data protection standards:

  • OpenAI: Powers our AI chatbot using GPT-4o-mini. Your chat conversations are sent to OpenAI for processing and response generation. OpenAI's data usage is governed by their privacy policy. See OpenAI's privacy policy at https://openai.com/policies/privacy-policy
  • Supabase: Provides database management, authentication, and data storage services. All business profiles, bookings, and chat data are stored on Supabase infrastructure.
  • Cloudinary: Handles image upload, storage, and delivery for business cover images and product photos.
  • SendGrid: Delivers transactional emails including booking confirmations, cancellation notifications, and live agent request alerts.
  • LogRocket: Provides session recording and monitoring capabilities for debugging, customer support, and user experience improvement. LogRocket records user sessions but does not capture IP addresses and sanitizes sensitive form data.
  • Redis (via hosting provider): Provides caching to improve platform performance and reduce database load. Cached data includes business information and team member data.
  • Vercel: Hosts our platform infrastructure and handles deployment.

Important Disclaimer on AI-Generated Content: Our chatbot, powered by OpenAI, may generate information that is inaccurate, incomplete, or does not meet your specific needs. VantaRock Studios is not responsible for decisions made based on AI-generated information. AI responses should not be considered professional advice and have no legal effect. Always verify important information independently. The processing of your information via this chatbot is subject to this Privacy Policy and OpenAI's terms of service.

8. Cookies and Tracking Technologies

We use the following cookies and tracking technologies:

  • Authentication Cookies: Essential session cookies used for user authentication, login state management, and maintaining your session. These are required for the platform to function properly.
  • LogRocket Cookies: LogRocket sets cookies to track sessions and link session recordings to user sessions. These cookies help us identify and replay user sessions for debugging and support purposes.
  • Service Workers: We use browser service workers to enable push notifications. Service workers run in the background to deliver real-time notifications about bookings and live agent requests.
  • Local Storage: We may use browser local storage to cache certain preferences and improve performance.
  • Analytics Tracking: LogRocket tracks page views, user interactions, clicks, and navigation patterns to help us understand how users interact with our platform.

Most web browsers allow you to control cookies through browser settings. However, blocking essential authentication cookies will prevent you from using the platform. Blocking LogRocket may impact our ability to provide technical support.

9. Security Measures

We implement industry-standard security measures to protect your data, including:

  • Data Encryption: All data is encrypted in transit using HTTPS/TLS and at rest in our database.
  • Database Security: Our database (Supabase) provides Row-Level Security (RLS) for granular access control, ensuring users can only access their own data.
  • Authentication: We use secure JWT-based authentication with automatic session refresh and secure cookie-based session management.
  • API Security: Our APIs implement rate limiting, request validation, input sanitization, and protection against common vulnerabilities (SQL injection, XSS, CSRF).
  • Privacy by Design: LogRocket is configured to automatically sanitize sensitive data including passwords, email addresses in forms, phone numbers, payment information, and personally identifiable information.
  • Regular Monitoring: We continuously monitor system health, perform security assessments, and maintain audit logs for security events.
  • Infrastructure Security: Our hosting providers (Vercel, Supabase) maintain SOC 2 compliance and industry-standard security certifications.

While we implement strong security measures, no system is completely secure. We encourage users to use strong passwords and report any security concerns immediately to support@vantarock.com.

10. Australian Privacy Principles Compliance

For our Australian users, we are committed to handling personal information in accordance with the Australian Privacy Principles (APPs). This includes:

  • Open and Transparent Management: We maintain this clear and accessible privacy policy explaining how we collect, use, and disclose personal information.
  • Collection Notice: We notify you about what information we collect and why at the time of collection (as described in Section 3).
  • Use and Disclosure: We only use and disclose your personal information for the primary purposes described in this policy, or with your consent.
  • Data Security: We take reasonable steps to protect your personal information from misuse, interference, loss, unauthorized access, modification, or disclosure (as described in Section 9).
  • Access and Correction: You can request access to your personal information and request corrections if it is inaccurate, out-of-date, incomplete, irrelevant, or misleading (as described in Section 6).
  • Cross-Border Disclosure: We disclose personal information to overseas recipients in the United States for the purposes of providing our services. By using Prolinq, you consent to these disclosures as outlined in Section 2.

Note: Prolinq is currently in beta testing. We are committed to maintaining compliance with the Australian Privacy Principles as we scale our operations.

11. Amendments to This Privacy Policy

We reserve the right to amend this Privacy Policy from time to time. Any significant changes will be communicated via our website and/or through email notifications to registered users. Continued use of our services following any such changes constitutes your acceptance of the updated policy.

12. Contact Information and Complaints

If you have any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact us at:

Email: support@vantarock.com

For Australian Users - Privacy Complaints:

If you have a privacy complaint, please contact us first at support@vantarock.com. We will investigate your complaint and respond within 30 days.

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC):

  • Website: www.oaic.gov.au
  • Phone: 1300 363 992
  • Email: enquiries@oaic.gov.au
Privacy Policy - Prolinq AI Customer Service Platform | Prolinq