This Privacy Policy explains how Ray AI Inc., a Delaware corporation (251 Little Falls Drive, Wilmington, DE 19808, USA) (“Ray AI”, “we”, “us”, “our”) collects, uses, discloses, and protects personal data when you use the Sidle service (the “Service”).
We comply with the EU General Data Protection Regulation (GDPR) for users in the European Economic Area / United Kingdom, and the California Consumer Privacy Act / California Privacy Rights Act (CCPA / CPRA) for California residents.
Controller: Ray AI Inc., 251 Little Falls Drive, Wilmington, DE 19808, USA.
Privacy contact: privacy@getray.ai
Data Protection Officer / EU Representative:
Mr. Martin Bastius, heyData GmbH
Email: datenschutz@heydata.eu
Phone: +49 89 41325320
Email address, name, hashed password, session tokens. Provided by you at sign-up.
We store an encrypted copy of your LinkedIn session cookie (Fernet AES-128) and your LinkedIn username so the browser extension can operate on your behalf. The cookie is decrypted only in-memory during a connection task.
For each campaign you run, we collect public LinkedIn profile data of leads (name, headline, profile URL, public identifier). You are the controller of this data; we are a processor (Section 7).
IP address, user-agent, request logs, error logs (anonymized after 90 days); extension heartbeat timestamps; task results.
Stripe processes your payment details (card number, billing address, tax ID). We never see or store full card numbers — only a Stripe customer/subscription ID, your billing email, and the last 4 digits for display.
| Purpose | Legal basis (GDPR) |
|---|---|
| Provide the Service (account, extension operation, campaign execution) | Contract performance (Art. 6(1)(b)) |
| Billing & tax compliance | Contract + legal obligation (Art. 6(1)(b)(c)) |
| Security, fraud prevention, abuse detection | Legitimate interest (Art. 6(1)(f)) |
| Service-improvement analytics (aggregated, no profiling) | Legitimate interest (Art. 6(1)(f)) |
| Marketing emails (if you opted in) | Consent (Art. 6(1)(a)) |
| Compliance with subpoena / lawful request | Legal obligation (Art. 6(1)(c)) |
We share data with the following sub-processors, each under a Data Processing Agreement:
| Sub-processor | Purpose | Location |
|---|---|---|
| Stripe, Inc. | Payments, billing, invoices | USA |
| Hetzner Online GmbH | Server hosting (Falkenstein) | Germany (EU) |
| Anthropic, PBC | AI lead-qualifier API | USA |
| Resend, Inc. | Transactional email | USA |
Transfers to US-based sub-processors (Stripe, Anthropic, Resend) are protected by the EU–US Data Privacy Framework (DPF) where the recipient is self-certified under the program. For all other transfers we rely on the Standard Contractual Clauses (SCC) Module 2 (Controller-to-Processor) issued by the European Commission (Decision 2021/914), supplemented by a Transfer Impact Assessment (TIA) which is available on request from privacy@getray.ai. Ray AI Inc. itself is incorporated in the United States and processes personal data under the SCCs.
You have the right to access, rectify, erase, restrict, port, and object to the processing of your personal data. You may withdraw consent at any time and lodge a complaint with your local supervisory authority. To exercise these rights, email privacy@getray.ai.
California residents have the right to know what personal information we collect, to delete it, to correct inaccuracies, to opt out of “sale” or “sharing” (we do not sell or share for cross-context behavioral advertising), and to limit the use of sensitive personal information. Email privacy@getray.ai with “CCPA Request” in the subject line.
When you collect LinkedIn profile information of third parties via Sidle, you are the data controller with respect to those leads; we act as a processor on your behalf. You represent and warrant that you have a lawful basis (e.g., legitimate interest under Art. 6(1)(f) GDPR for B2B prospecting, or consent where required) to process and contact such individuals.
A Data Processing Agreement (DPA) is available upon request from privacy@getray.ai.
We use industry-standard security measures: TLS 1.3 in transit, Fernet-encrypted LinkedIn cookies at rest, Argon2id password hashing, brute-force protection (django-axes), Docker network segmentation, container hardening, and daily automated backups with 14-day retention. No system is 100% secure; please report vulnerabilities responsibly to privacy@getray.ai.
We use only essential cookies (session, CSRF). No third-party tracking or advertising cookies are set.
The Service is not directed to anyone under 18. We do not knowingly collect personal data from minors.
We may update this Privacy Policy from time to time. Material changes will be notified by email and posted here with a new “Last updated” date.
Ray AI Inc.
251 Little Falls Drive, Wilmington, DE 19808, USA
Privacy: privacy@getray.ai
General: info@getray.ai