ROYL Technologies LLC — Privacy Policy

This charter captures the complete Privacy Policy for ROYL Technologies LLC ("Company", "we", "us", "our"). ROYL Technologies operates the AEOS Hub platform and the AEOS Technology Brokerage. This document is the source of truth for all data privacy terms and will be converted to a formal Privacy Policy by legal counsel, published at `/legal/privacy`.

Document Type: Privacy Policy (Public-Facing)

Company: ROYL Technologies LLC (Florida)

Applies To: All users, clients, Partners, Affiliates, visitors, and end-users of AI agents

Governing Law: State of Florida

Published URL: /legal/privacy

1. Overview

1.1 Commitment

ROYL Technologies LLC is committed to protecting the privacy and security of personal information. This Privacy Policy describes what information we collect, how we use it, who we share it with, and your rights regarding your data.

1.2 Scope

This Privacy Policy applies to:

1. The AEOS Hub platform and all related services
2. Our websites and online properties
3. AI agents deployed through the AEOS Hub
4. Communications between us and our users
5. The Partner and Affiliate programs



1.3 Acceptance




By using our Services, you consent to the collection, use, and sharing of your information as described in this Privacy Policy. If you do not agree, you must not use the Services.




---




2. Information We Collect




2.1 Information You Provide




Category	Examples
Account information	Name, email address, phone number, business name, billing address
Payment information	Credit card details (processed by Stripe), billing history
Profile information	Job title, industry, company size, preferences
Business data	Client records, CRM data, contact lists, pipeline data
Communications	Support tickets, emails, chat messages, feedback
Agent configuration	AI agent settings, prompts, workflows, scripts, voice configurations
Partner/Affiliate	Tax identification (W-9/W-8BEN), payout method details, commission history




2.2 Information Collected Automatically




Category	Examples
Usage data	Pages visited, features used, actions taken, session duration
Device information	Browser type, operating system, device type, screen resolution
Network data	IP address, approximate location (city/region), referral URL
Cookies	Session cookies, preference cookies, analytics cookies
AI interaction data	Agent conversations, call recordings, message logs, response metrics




2.3 Information from Third Parties




Source	Data
Stripe	Payment status, transaction confirmations, fraud signals
Twilio	Call metadata, SMS delivery status, phone number verification
LLM providers	AI inference responses (processed, not stored by providers)
Social login	Name, email, profile picture (if social login is used)
Partner referrals	Referral source, tracking link attribution




---




3. How We Use Your Information




3.1 Service Delivery



1. Providing, maintaining, and improving the AEOS Hub platform
2. Processing payments and managing subscriptions
3. Deploying and operating AI agents on your behalf
4. Providing customer support and responding to inquiries
5. Managing Partner and Affiliate accounts, commissions, and payouts



3.2 Communication



1. Sending transactional emails (account confirmation, payment receipts, password resets)
2. Sending service notifications (maintenance, feature updates, security alerts)
3. Sending marketing communications (with your consent, and with opt-out available)
4. Responding to support tickets and inquiries



3.3 Analytics and Improvement



1. Analyzing usage patterns to improve the Services
2. Generating aggregate, anonymized analytics and reports
3. Conducting research and development for new features
4. Monitoring system performance and reliability



3.4 Safety and Compliance



1. Detecting and preventing fraud, abuse, and security threats
2. Enforcing our Terms of Service and Acceptable Use Policy
3. Complying with legal obligations and regulatory requirements
4. Responding to lawful requests from law enforcement or government agencies



---




4. How We Share Your Information




4.1 We Do NOT Sell Your Data




We do not sell, rent, or trade your personal information to third parties for their marketing purposes.




4.2 Service Providers




We share information with third-party service providers who process data on our behalf:




Provider Category	Purpose	Data Shared
Payment processing	Stripe — billing and subscription management	Payment details, billing info
Cloud hosting	Supabase — database and authentication	Account data, business data
Voice/SMS	Twilio, Vapi — telephony and voice AI	Phone numbers, call data, recordings
AI inference	OpenAI, Anthropic, Google — LLM processing	Agent prompts and conversation data
Email delivery	Transactional email provider — notifications	Email address, message content
Analytics	Usage analytics provider — service improvement	Anonymized usage data




4.3 Partner Ecosystem




Within the AEOS Technology Brokerage:



1. Your assigned Partner (Account Executive) can see your account information and service history through their CRM access
2. Your Partner's Broker can see aggregate performance data for their organization
3. Affiliate referral data (click and conversion statistics) is visible to the referring Affiliate
4. Commission and payout data is visible to the earning Partner or Affiliate



4.4 Legal Requirements




We may disclose your information when required by law, regulation, court order, or government request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.




4.5 Business Transfers




If the Company is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such transfer and any choices you may have regarding your information.




4.6 Parent Entity




ROYL Technologies LLC is a wholly owned subsidiary of AEOS LLC. We share operational data with AEOS LLC as necessary for corporate governance, IP management, and intercompany operations. AEOS LLC is bound by the same data protection standards as ROYL Technologies LLC.




---




5. AI Agent Data




5.1 Conversations and Recordings




AI agents deployed through the AEOS Hub may process conversations, calls, and messages with your clients' customers ("End-Users"). This data is:



1. Processed to provide the AI agent service
2. Stored in your account's database partition (multi-tenant isolation)
3. Accessible to you through the Hub dashboard
4. Used to improve AI agent performance for your specific agents



5.2 End-User Disclosure




You are responsible for disclosing to End-Users that they are interacting with an AI agent and for obtaining any required consents for recording or data processing. We provide tools and templates to help you meet disclosure requirements.




5.3 Call Recording




Voice calls processed by AI agents may be recorded. You must:



1. Comply with all applicable call recording laws (one-party vs. two-party consent)
2. Provide appropriate disclosure to End-Users before recording begins
3. Configure recording settings in accordance with your jurisdiction's requirements



5.4 LLM Provider Data Handling




When AI agents process conversations, the conversation data is sent to LLM providers (OpenAI, Anthropic, Google) for inference. These providers:



1. Process the data to generate responses
2. Do not use your data to train their models (per our enterprise agreements)
3. May retain data temporarily for abuse monitoring and safety purposes per their data processing agreements



---




6. Data Storage and Security




6.1 Storage Location




Data is stored on servers located in the United States. If you access the Services from outside the United States, you consent to the transfer of your data to the United States.




6.2 Multi-Tenant Isolation




Each account's data is logically isolated using tenant-based access controls and Row-Level Security (RLS) policies. Your data is accessible only to authorized users within your account.




6.3 Security Measures




We implement industry-standard security measures including:



1. Encryption in transit (TLS 1.3)
2. Encryption at rest (AES-256)
3. Multi-factor authentication
4. Role-based access control
5. Regular security audits and vulnerability assessments
6. Automated threat detection and monitoring



6.4 Breach Notification




In the event of a data breach that affects your personal information, we will:



1. Notify affected users within 72 hours of discovery (or as required by applicable law)
2. Provide details of the breach, the data affected, and remedial actions taken
3. Report to relevant regulatory authorities as required by law



---




7. Data Retention




7.1 Active Accounts




We retain your data for as long as your account is active and as needed to provide the Services.




7.2 Terminated Accounts




Upon account termination:



1. You have 30 days to export your data
2. After 30 days, your data is deleted from active systems
3. Backups containing your data are purged within 90 days
4. Certain data may be retained longer as required by law (tax records, financial records, compliance records)



7.3 Anonymized Data




We may retain anonymized, aggregate data indefinitely for analytics and service improvement. Anonymized data cannot be used to identify you.




7.4 Commission and Financial Records




Partner and Affiliate commission records, payout history, and tax documents are retained for 7 years as required by tax law.




---




8. Your Rights




8.1 All Users




Regardless of your location, you have the right to:



1. **Access**: Request a copy of the personal information we hold about you
2. **Correction**: Request correction of inaccurate or incomplete information
3. **Deletion**: Request deletion of your personal information (subject to legal retention requirements)
4. **Data portability**: Export your data in a machine-readable format
5. **Opt-out**: Unsubscribe from marketing communications at any time



8.2 California Residents (CCPA/CPRA)




If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):



1. **Right to know**: What personal information we collect, use, disclose, and sell
2. **Right to delete**: Request deletion of personal information collected from you
3. **Right to opt-out of sale**: We do not sell personal information, but you may exercise this right
4. **Right to non-discrimination**: We will not discriminate against you for exercising your privacy rights
5. **Right to correct**: Request correction of inaccurate personal information
6. **Right to limit use of sensitive information**: Control how sensitive personal information is used



To exercise your CCPA/CPRA rights, contact us through the Hub support system or at the email address on our website. We will respond within 45 days.




8.3 European Residents (GDPR)




If you are a resident of the European Economic Area (EEA) or United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR):



1. **Lawful basis**: We process your data based on consent, contract performance, legitimate interests, or legal obligation
2. **Right to access**: Obtain confirmation and a copy of your data
3. **Right to rectification**: Correct inaccurate data
4. **Right to erasure**: Request deletion ("right to be forgotten")
5. **Right to restrict processing**: Limit how we use your data
6. **Right to data portability**: Receive your data in a structured, machine-readable format
7. **Right to object**: Object to processing based on legitimate interests
8. **Right to withdraw consent**: Withdraw consent at any time for consent-based processing



To exercise your GDPR rights, contact us at the email address on our website. We will respond within 30 days.




8.4 International Transfers




If we transfer data from the EEA or UK to the United States, we rely on Standard Contractual Clauses (SCCs) or other approved transfer mechanisms to ensure adequate data protection.




---




9. Cookies and Tracking




9.1 Types of Cookies




Cookie Type	Purpose	Duration
Essential	Authentication, security, session management	Session
Functional	Preferences, language, display settings	1 year
Analytics	Usage tracking, performance monitoring	2 years
Affiliate	Tracking link attribution for referral commissions	30 days




9.2 Cookie Consent




We display a cookie consent banner for visitors from jurisdictions that require it (EU/UK). You can manage your cookie preferences at any time through the cookie settings panel on our website.




9.3 Do Not Track




We respect browser "Do Not Track" signals. When detected, we disable non-essential analytics cookies.




---




10. Children's Privacy




10.1 Age Restriction




The Services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from minors. If we discover that we have collected data from a minor, we will delete it promptly.




10.2 COPPA Compliance




We comply with the Children's Online Privacy Protection Act (COPPA). If you believe a child under 13 has provided personal information to us, contact us immediately.




---




11. Changes to This Policy




11.1 Updates




We may update this Privacy Policy from time to time. Material changes will be communicated via email or the Hub notification system with at least 30 days advance notice.




11.2 Effective Date




The effective date of the current version is listed at the bottom of this document. Continued use of the Services after the effective date of any update constitutes acceptance.




---




12. Contact




For privacy-related inquiries, data access requests, or complaints:



1. **Hub support system**: Submit a privacy request through the Hub dashboard
2. **Email**: Contact us at the privacy email address published on our website
3. **Mail**: Write to ROYL Technologies LLC at the address published on our website



For unresolved privacy complaints, you may contact your local data protection authority.




---




13. Related Rules




Rule	Relationship
`royl-technologies-terms-of-service.md`	Terms of Service governing all use
`royl-technologies-operating-agreement.md`	Company operating terms
`aeos-legal-registry.md`	Master legal document tracker
`aeos-data-security.md`	Technical data security standards




---




14. Quality Assurance Checklist




Data Collection



• **Transparency**: Are all data categories and sources disclosed?
• **Third-party providers**: Are all data-sharing partners listed?
• **AI data**: Is AI agent conversation and recording data handling addressed?



User Rights



• **CCPA**: Are all California resident rights listed with response timeline?
• **GDPR**: Are all EU/UK resident rights listed with response timeline?
• **Data portability**: Is the data export capability referenced?
• **Deletion**: Is the deletion process and timeline defined?



Security



• **Encryption**: Are TLS and AES-256 referenced?
• **Multi-tenant**: Is RLS-based tenant isolation described?
• **Breach notification**: Is the 72-hour notification window defined?



Compliance



• **No sale**: Is the "we do not sell" statement clear?
• **Children**: Is the 18+ age restriction and COPPA compliance stated?
• **Cookies**: Are cookie types and consent mechanisms described?
• **Retention**: Are retention periods defined for active, terminated, and financial data?



---




15. Conclusion




This Privacy Policy reflects ROYL Technologies LLC's commitment to transparency, security, and respect for user data. We collect only what is necessary to provide our Services, we protect it with industry-standard security measures, we do not sell it, and we give you control over your data through clear rights and easy-to-use tools. Privacy is not an afterthought — it is built into the foundation of the AEOS platform.




---




Version: 0.0.3

Status: Alpha

Updated: 2026-03-08

Review: 2026-03-31

Author: AEOS

Created: 2026-03-07

Maintainer: AEOS