Skip to main content

Privacy Policy

Last updated: May 9, 2026

1. Data Controller

Rainlight AI (“we,” “us,” or “our”) is the data controller responsible for processing your personal data. If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us at [email protected].

2. Information We Collect

We collect the following categories of personal information:

  • Identifiers: Name, email address, phone number, and IP address.
  • Commercial Information: Records of services purchased or considered, inquiry details, and project scope information.
  • Internet/Network Activity: Browsing history on our site, pages visited, referral URLs, and interactions with our website.
  • Device Information: Browser type, operating system, device identifiers, and screen resolution.
  • Communication Data: SMS messages, WhatsApp messages, email correspondence, and call scheduling information processed through our automation platforms.

We collect this information when you fill out our contact form, book a call, submit a request through our services, opt into SMS or WhatsApp communications, or interact with our website.

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data on the following legal bases:

  • Consent: Where you have given explicit consent for a specific purpose, such as opting in to receive SMS or WhatsApp messages (Article 6(1)(a) GDPR).
  • Contractual Necessity: Where processing is necessary for the performance of a contract or to take pre-contractual steps at your request, such as delivering our AI automation services (Article 6(1)(b) GDPR).
  • Legitimate Interests: Where processing is necessary for our legitimate interests, such as improving our services, analyzing website usage, and responding to inquiries, provided these interests do not override your fundamental rights (Article 6(1)(f) GDPR).
  • Legal Obligation: Where processing is required by applicable law, such as tax and accounting obligations (Article 6(1)(c) GDPR).

4. How We Use Your Information

We use your personal information for the following purposes:

  • To provide, maintain, and improve our AI automation consulting and implementation services.
  • To communicate with you about our solutions and respond to your inquiries.
  • To send transactional or informational SMS and WhatsApp messages about our services (with your consent).
  • To schedule and manage calls and consultations.
  • To analyze website usage and improve user experience.
  • To comply with legal obligations.

We do not sell your personal information to third parties.

No mobile information — including SMS opt-in data and consent — will be sold, shared with, or disclosed to third parties or affiliates for marketing or promotional purposes. If you have opted into SMS communications, we may use your phone number to send transactional or informational messages about our services. You can opt out at any time by replying STOP to any SMS message you receive from us.

5. SMS Communications (A2P Messaging)

If you provide your phone number and consent to receive text messages, you agree to receive automated promotional and transactional SMS messages from Rainlight AI via Rainlight AI's authorized communication platforms, including Twilio.

  • Message frequency varies depending on your engagement and the services you have signed up for.
  • Message and data rates may apply.
  • Reply HELP for help or STOP to opt out at any time.
  • You may receive a confirmation message after opting in.
  • SMS opt-in data and consent will not be sold or shared with third parties for their marketing or promotional purposes.

Consent to SMS messaging is not a condition of purchase. Opting in is voluntary and you may withdraw consent at any time by replying STOP. After opting out, you will receive one final confirmation message and no further SMS messages will be sent.

All SMS campaigns are registered in compliance with applicable carrier requirements, CTIA Messaging Principles and Best Practices, TCPA regulations, and 10DLC registration requirements.

6. WhatsApp Business Communications

We may use WhatsApp Business API to communicate with you for the purpose of providing customer support, sending service updates, delivering automation notifications, and facilitating project communication. WhatsApp messages are processed in accordance with Meta's Platform Terms and WhatsApp Business Policy. AI-powered responses on WhatsApp are used only for specific, purpose-driven business tasks (e.g., lead qualification, support routing) and are not open-ended general-purpose chatbots.

You can opt out of WhatsApp communications at any time by sending “STOP” or contacting us at [email protected].

7. Cookies and Tracking Technologies

We use essential cookies to ensure our website functions properly. We may also use analytics tools (such as Google Analytics) to understand how visitors interact with our site, including pages visited, time spent, and referral sources.

You can control cookie settings through your browser preferences. Most browsers allow you to refuse cookies or alert you when cookies are being sent. Please note that disabling cookies may affect the functionality of our website.

For users in the EEA: non-essential cookies are only placed with your consent. You may withdraw your consent at any time by adjusting your browser settings or contacting us.

8. Third-Party Services and Data Processors

Our website and services may use the following third-party services, each acting as a data processor on our behalf:

  • Calendly — for scheduling consultations and calls.
  • Twilio — for SMS communications and A2P messaging.
  • Meta (WhatsApp Business API) — for WhatsApp messaging and notifications.
  • Google Analytics — for website analytics and usage insights.
  • Vercel — for website hosting and delivery.
  • n8n — for workflow automation (self-hosted).

These services have their own privacy policies governing the use of your information. We have data processing agreements in place with our processors to ensure your data is handled in accordance with applicable data protection laws.

9. International Data Transfers

Your personal data may be transferred to and processed in countries outside of your country of residence, including the United States and other jurisdictions where our service providers operate. Where we transfer personal data outside the European Economic Area (EEA) or the United Kingdom, we ensure appropriate safeguards are in place, including:

  • EU-approved Standard Contractual Clauses (SCCs) with our data processors.
  • Transfers to countries with an adequacy decision by the European Commission.
  • The EU-US Data Privacy Framework where applicable.

You may request a copy of the safeguards in place by contacting us at [email protected].

10. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. Specifically:

  • Contact and inquiry data: Retained for the duration of our business relationship plus 3 years.
  • SMS and WhatsApp opt-in records: Retained for as long as the consent is active, plus a reasonable period to demonstrate compliance.
  • Analytics data: Retained for up to 26 months (per Google Analytics defaults) and then automatically deleted.
  • Financial and contractual records: Retained for 7 years as required by tax and accounting obligations.

11. Data Security

We implement appropriate technical and organizational measures to protect the security of your personal information, including encryption in transit (TLS/SSL), secure hosting infrastructure, access controls, and regular security reviews. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

12. Your Rights

For EEA and UK Residents (GDPR)

Under the General Data Protection Regulation, you have the following rights:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your personal data (“right to be forgotten”).
  • Right to Restrict Processing: Request that we limit how we use your data.
  • Right to Data Portability: Request a machine-readable copy of your data for transfer to another service.
  • Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.

You also have the right to lodge a complaint with your local data protection supervisory authority if you believe your rights have been violated.

For California Residents (CCPA/CPRA)

Under the California Consumer Privacy Act and the California Privacy Rights Act, you have the following rights:

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: Request deletion of your personal information.
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Opt-Out: We do not sell or share your personal information for cross-context behavioral advertising. If this changes, we will provide a “Do Not Sell or Share My Personal Information” link.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

Exercising Your Rights

To exercise any of the above rights, contact us at [email protected]. We will respond to verifiable requests within 30 days (or within the timeframe required by applicable law). We may need to verify your identity before fulfilling your request.

13. Data Deletion

You may request deletion of your personal information at any time. To submit a data deletion request, contact us at [email protected] with the subject line “Data Deletion Request” and include your phone number or email address as applicable. We will process your request within 30 days and instruct any third-party processors to delete your data where technically and legally possible.

For more detailed instructions, visit our Data Deletion Instructions page.

14. Children's Privacy

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal data from a child under the age of 18, we will take steps to delete that information promptly.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or regulatory guidance. When we make material changes, we will update the “Last updated” date at the top of this page. We encourage you to review this page periodically.

16. Contact Us

If you have any questions about this Privacy Policy, including regarding your data protection rights, SMS communications, WhatsApp data, or data deletion, please contact us at:

Rainlight AI

Email: [email protected]

Website: www.rainlightai.com

← Back to Home