Privacy Policy

Last updated: March 19, 2026

SKUBE LABS, INC. ("we", "us", "our") operates robert.app ("the Service"). This policy describes what data we collect, how we use it, and your rights. We are a Delaware C-Corporation based in the United States.

1. Data We Collect

Information you provide

  • Account information: name, email address, profile image
  • Content you create: documents, comments, files, uploads, chat messages
  • AI interactions: prompts you send to AI features and the responses generated
  • Payment information: billing details processed by Stripe (we do not store card numbers)
  • Communications: emails you send us, support requests

Information collected automatically

  • Usage data: features used, pages visited, session duration
  • Device data: browser type, operating system, screen resolution
  • Session data: IP address, approximate location (city/country), timestamps
  • Collaboration data: presence indicators and edit activity during real-time editing sessions

Information from third parties

  • Authentication provider (WorkOS): identity verification data when you sign in via SSO or OAuth
  • Connected integrations (e.g. Google Drive): file metadata and content you choose to sync

2. How We Use Your Data

  • Provide, maintain, and improve the Service
  • Authenticate your identity and manage your account
  • Process AI requests by sending your prompts to third-party AI providers to generate responses
  • Process payments and manage subscriptions
  • Sync and display your content in real-time collaboration
  • Send transactional emails (account confirmations, security alerts)
  • Monitor for errors, abuse, and security threats
  • Comply with legal obligations

We do not use your content to train AI models. Content sent to AI features is processed solely to generate a response to your request. For more detail, see our AI Policy.

3. Third-Party Services

We share data with third parties only as needed to operate the Service. We do not sell your personal information.

  • AI providers (OpenAI, Google, Anthropic): receive your prompts and relevant context to generate responses. These providers are contractually prohibited from using your data for model training.
  • Authentication (WorkOS): manages sign-in, SSO, and identity verification
  • Payments (Stripe): processes billing and subscriptions
  • Infrastructure (Convex, Cloudflare): hosts our database, files, and API. AI requests are routed through Cloudflare AI Gateway for delivery and caching.
  • Video processing (Mux): encodes and streams video files you upload
  • Web search (Exa): searches the public web when used through AI features
  • Analytics (PostHog): product analytics to understand how the Service is used and improve it
  • Error monitoring (Sentry): captures error reports and performance data to help us fix issues
  • Email (Resend): delivers transactional emails
  • Transcription (Deepgram, AssemblyAI): transcribes audio and video files you upload
  • Data pipeline (Tinybird): processes aggregated analytics and content discovery data
  • Background processing (Trigger.dev): handles file processing and async tasks

4. Cookies and Local Storage

We use essential cookies and browser storage for authentication, session management, and remembering your preferences. We do not use third-party advertising cookies.

We use PostHog for product analytics, which may use cookies or local storage to understand how the Service is used. This data is used solely to improve the Service and is not shared with advertisers. You may opt out of analytics by enabling Do Not Track or Global Privacy Control in your browser.

5. Data Retention

We retain your data for as long as your account is active. Specific retention periods by data category:

  • Your content (documents, files, comments): retained until you delete it. Deleted content enters a 30-day soft-delete period, then is permanently removed.
  • AI interaction logs (prompts and responses): retained in your workspace until you delete them or your account.
  • Usage and analytics data: retained for up to 24 months, then anonymized or deleted.
  • Server logs (IP addresses, request data): retained for up to 90 days for security and debugging.
  • Payment records: retained as required by tax and financial regulations (typically 7 years).

If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or billing purposes as noted above.

6. Data Security

All data is encrypted in transit using TLS. Files are stored with encryption at rest. We implement rate limiting, bot detection, and abuse prevention. We conduct regular error monitoring and security reviews. No method of transmission or storage is 100% secure, but we take reasonable steps to protect your data.

7. Your Rights

Depending on where you live, you may have the following rights regarding your personal data:

  • Access: request a copy of the data we hold about you
  • Correction: request we correct inaccurate data
  • Deletion: request we delete your personal data
  • Portability: export your content and data
  • Opt-out: we do not sell your data, but you may opt out of non-essential data collection

We honor Global Privacy Control (GPC) signals. To exercise any of these rights, contact us at privacy@robert.app. We will respond within 30 days.

8. California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act. You have the right to know what personal information we collect, request its deletion, and opt out of its sale. We do not sell personal information. To submit a request, contact us at privacy@robert.app. We will not discriminate against you for exercising your rights.

9. European Users (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, we process your data on the following legal bases:

  • Contract performance: to provide the Service you signed up for
  • Legitimate interest: for analytics, security, and service improvement
  • Consent: for optional features and communications
  • Legal obligation: to comply with applicable laws

You have the right to access, rectify, erase, restrict processing, object to processing, and port your data. You also have the right to lodge a complaint with your local data protection authority. To exercise your rights, contact us at privacy@robert.app.

10. Sub-Processors and DPA

The third-party services listed in Section 3 act as sub-processors of your personal data. We maintain agreements with each sub-processor that include data protection obligations consistent with this policy. If we add or replace a sub-processor, we will update Section 3 of this policy and notify affected users with active accounts.

If your organization requires a Data Processing Agreement (DPA) for GDPR or other regulatory compliance, contact us at privacy@robert.app and we will provide one.

11. International Transfers

Our Service is operated from the United States. If you are located outside the US, your data will be transferred to and processed in the US. For EEA and UK users, we rely on Standard Contractual Clauses (SCCs) as the transfer mechanism where required. We assess the data protection practices of our sub-processors and the legal frameworks of receiving countries to ensure adequate safeguards are in place.

12. Children's Privacy

The Service is not directed at children under 13. We do not knowingly collect personal data from children under 13. If we discover we have collected such data, we will delete it promptly. If you believe a child has provided us with personal data, please contact us at privacy@robert.app.

13. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes by email or through a notice in the Service. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

14. Contact

SKUBE LABS, INC.
privacy@robert.app