Reduck Privacy Policy

Let's begin with some information about our Services

Automation Flow (or Flow): an automated workflow that performs tasks on websites.

Actions: operations, steps, or transactions executed by Automation Flows, including screenshots and content of websites visited.

Incidental Data Subjects: individuals other than Users whose personal data may be incidentally captured through their use of the Services, including when appearing in screenshots or web content processed by the Services.

Input: any data, file, document, or content you provide to the Automation Flows, including natural language prompts, CSV files, configuration parameters, website credentials, target URLs, and workflow instructions.

Output: results produced by Automation Flows, including downloaded files, extracted data, execution logs, error notifications, and any other results generated by Flow executions.

Cache (or Cached Patterns): automation patterns derived from successful Flow executions stored to optimize performance.

CLI: the Reduck command-line tool that enables users to execute Automation Flows from their terminal.

MCP Integration: integration with Model Context Protocol servers that enable Reduck to interact with external services and APIs, or that enable third-party applications and AI agents to access Reduck's capabilities as an MCP server.

SDK: the Reduck developer toolkit that enables third-party applications, AI agents, and automation frameworks to programmatically access the Services and execute Automation Flows through Reduck's infrastructure.

Third-Party Agent: any external software, AI agent, automation framework, or application that accesses the Services through the SDK or MCP Integration on behalf of a user.

Credits: the virtual currency used to pay for Flow executions.

You, User: any person who uses or accesses the Services.

Information We Collect

Account Information

We collect information you provide directly when you register or use the Services, including name, email address, account credentials, payment method details, and profile information such as company name or job title. This data must be collected in order for you to access the services.

Analytics

When you visit Reduck.ai, we collect limited analytics data through Plausible Analytics, a privacy-focused tool that does not use cookies or track personal information. This includes page views, referral sources, and country-level geographic location. In practice, we respect "Do Not Track" and "GPC" signals because we do not track your behavior.

Automation Data

When you use the Services and execute Flows, we collect and process data related to your automation activities and their execution. This includes screenshots and visual content captured from your browser (such as website content, personal information visible on screen, data from browser tabs and windows, notifications, and pop-ups), as well as data processed through the platform, Flows you execute, websites you automate, natural language prompts and commands, performance metrics, Cached Patterns derived from successful Flow executions, MCP Integration data, data transmitted by Third-Party Agents acting on your behalf, and any credentials you choose to store (encrypted).

Usage Information

When you are using our Services, we automatically collect log data (IP address, browser type, pages visited, time spent), device information (type, operating system, browser version), location derived from IP address, usage patterns and preferences, and Flow execution history, success rates, and error logs.

Cookies

We use cookies only for essential Services functionality (authentication, security). We do not use tracking cookies.

Sensitive data

Our service is not designed to process sensitive data and distinguish from any other personal data as part of Automation Flows. Accordingly, Automation Flows may incidentally process sensitive data, depending on the content visible in your browser during execution. Sensitive data typically includes information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health data, sex life or sexual orientation, as well as genetic and biometric data, and may also include highly confidential personal or business information. You are responsible for ensuring that the use of the Services does not involve the processing of such sensitive data. If you wish to automate tasks that may involve sensitive data, please contact us at support@reduck.ai to assess appropriate arrangements.

How We Use Your Information

Service Provision

Execute your Automation Flows, maintain and optimize the Cache system, process transactions, manage your account, and provide customer support particularly by debugging issues, optimizing Automation Flows and refining Cached Patterns. It also includes the communication of technical notices, updates, security alerts and the monitoring of threats.

Lawful Basis: Our contract with you.
Concerned data: Account Information, Automation Data, Usage Information.

Our Services require the installation of an SDK on your device in order to function. We will ask for your consent to perform this installation. You may withdraw your consent at any time.

Similarly, we may install cookies on your device for specific purposes such as authentication and security, for which we have a legitimate interest to do so.

Services Improvement

Analyze usage patterns, develop new features and use cases, and conduct research to improve our technology.

Lawful Basis: We have a legitimate interest in ensuring that Automation Flows remain functional and reliable in very diverse web environments. Because websites frequently update their structure, content, and authentication mechanisms, processing Automation Data is necessary to detect where Automation Flows fail, understand why, and adapt the underlying systems, selectors, and Cached Patterns accordingly.
Concerned data: Account Information, Automation Data, Usage Information.

Website analytics

When you visit Reduck.ai, we collect analytics and behavioral data through PostHog. This includes page views, referral sources, approximate geographic location, mouse movements, clicks, scrolls, and session recordings. This data helps us understand how visitors interact with our website in order to improve its design and content. We will ask for your consent before collecting this data through a cookie banner. You may withdraw your consent at any time.

Lawful Basis: Your consent.
Concerned data: Analytics, Usage Information.

Marketing

Personalize your experience and send promotional communications if you have opted in or if you have not opted out when you already use our services.

Lawful Basis: We have a legitimate interest in sending you our latest commercial offers. When consent is necessary for marketing, we rely on your consent to do so. You may opt-out at any time through the dedicated link included in each communication.
Concerned data: Usage Information, Account Information.

Data privacy compliance and compliance with authorities' request

Manage requests from individuals to exercise their rights and comply with our legal obligations in case of authorities' request.

Lawful Basis: Our legal obligations.
Concerned data: potentially any kind of data.

No Sale or Sharing of Personal Data. We do not sell your personal data. We do not disclose, rent, or otherwise make your personal data available to third parties in exchange for monetary consideration or for their own independent marketing or commercial purposes. Any sharing of personal data is limited to what is necessary to provide the Services, comply with legal obligations, or operate our business as described in this Privacy Policy.

Information Sharing and Disclosure

When a Third-Party Agent accesses the Services on your behalf via the SDK or MCP Integration, we process the data transmitted by that agent in accordance with this Privacy Policy. We are not responsible for the data collection practices or terms of service of Third-Party Agents. You are responsible for reviewing and agreeing to the privacy policies of any Third-Party Agent you use with the Services.

On our side, your data is only transmitted to trusted partners who are strictly authorized to process it, as detailed below. These recipients are bound by strict confidentiality obligations:

• Our subsidiaries and affiliates
• Our service providers such as:
  • Hosting providers
  • Payment service providers
  • AI model providers
  • Communication service providers (e-mail/text message)

We may also communicate your data to public authorities and bodies to whom we must communicate some of your personal data to comply with legal obligations, to protect our rights or those of third parties, or to any potential or actual purchaser of our assets and business.

Data Retention

We retain personal information only as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.

• Account Information is retained while your account is active. We consider your account to be inactive two years after your last login and will delete your account.
• Our Analytics data does not contain any information that could personally identify you and is provided solely in aggregate form.
• Automation Data is stored for as long as you have an account with us, so that you can access your Flows and your Cache. Downloaded files and Outputs are not retained on our servers unless you explicitly choose to store them.
• Usage Information is aggregated and anonymized ninety (90) days after collection.

Apart from these general cases, specific situations require us to maintain data for longer periods:

• Billing information must sometimes be retained for several years due to national accounting laws in the countries where we operate.
• In the event of a pre-litigation or litigation dispute with you, we will retain all necessary data until all possible legal remedies have been exhausted.

Your Rights and Choices

Access and Update

You can access and update certain account information through your account settings.

Data Subject Rights

Depending on your location and applicable law, you may have the right to: request access to and a copy of your personal information, request correction of inaccurate or incomplete data, request deletion of your personal information, request restriction of processing, request data portability, object to processing for certain purposes, withdraw consent where processing is based on consent. You may withdraw consent at any time via your Account settings or by contacting support@reduck.ai, and file a complaint with your local data protection authority.

To exercise any of these rights, contact us at support@reduck.ai. We will respond within 30 days and may verify your identity before responding.

Incidental Data Subjects

Reduck does not intentionally collect personal data relating to individuals other than its users. However, depending on the specific use cases defined and executed by users, personal data of third-party individuals may be incidentally captured (for example, through screenshots or automated interactions with web content). Such collection is neither deliberate nor targeted by Reduck and results solely from the actions and instructions of users. Reduck does not create or maintain any independent database of such third-party individuals. If an individual becomes aware that their personal data may have been processed in this context, they may contact us at any time at support@reduck.ai. In all cases, such data is processed only transiently and will be deleted together with the data of the user whose activities led to its incidental collection, in accordance with our retention policies.

California Privacy Rights (CCPA)

California residents have the right to know what personal information is collected, used, shared, or sold; the right to delete personal information held by us; the right to opt out of the sale of personal information (note: we do not sell personal information); and the right to non-discrimination for exercising privacy rights.

Children's Privacy

The Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we learn that we have collected such information without parental consent, we will delete it promptly. If you believe we have information from a child under 18, please contact us at support@reduck.ai.

International Data Transfers

We are based in the United States. Information we collect may be transferred to, processed, stored, and used in the United States and other jurisdictions. When we engage in cross-border data transfers, we ensure appropriate safeguards are in place to comply with applicable data protection laws.

If you are an EU resident we undertake to ensure an adequate level of protection for your data, in particular by signing standard contractual clauses with our service providers. You can contact us to obtain a copy of these protections.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time by posting the revised version on this page and updating the "Last Updated" date. For material changes that significantly impact your rights or how we process your data, we will provide at least 30 days' notice via email or a notice within the Services. Your continued use of the Services after changes take effect constitutes acceptance of the revised Privacy Policy.