Privacy Policy

Ideactor (the "Lab"), operated by Roboken Inc., safeguards your inventive inputs, conversation logs, and related personal information under the General Data Protection Regulation (GDPR), the California Consumer Privacy Act as amended by the CPRA (CCPA), and Japan's Act on the Protection of Personal Information (APPI). This protocol extends to sensitive data, including personality traits and chat history.

Scope & Legal Compliance

• Frameworks: We process personal data in alignment with GDPR (EU/EEA), CCPA/CPRA (California), and APPI (Japan), applying equivalent protections globally.
• Coverage: This policy governs data collected when you access, test, or deploy Ideactor, including sensitive signals such as personality traits, Health Scores, and conversation logs.
• Roles: Roboken Inc. acts as the data controller for service operations and as a processor when handling your submitted inventive content per your instructions.

Data We Collect

• Account Data: Nickname, email, authentication credentials, account status, and billing identifiers (if applicable).
• Persona Data (Sensitive): Big Five personality traits and Health Scores (Consistency, Safety, Hallucination, Drift, Integrity) used to calibrate responses.
• Conversation Logs: Prompts, responses, attachments, and related metadata (timestamps, session identifiers, inference depth, emotional level assessments, and consistency scores).
• Raw Input & Outputs: Text, images, datasets you provide and the synthesized conceptual seeds generated by Ideactor.
• Technical Data: IP addresses, device and browser details, operating system version, screen resolution, time zone, and security telemetry needed for integrity and fraud detection.
• Client-Side Storage: Essential cookies plus localStorage on your device for persona preferences and chat history; these remain on your device unless you choose to sync or transmit them.

Purpose & Lawful Use

• Idea Synthesis & Delivery: To operate Ideactor, generate conceptual outputs, and tune reactor performance (contract necessity).
• Support & Safety: To resolve issues, preserve service integrity, and prevent abuse or fraud (legitimate interests and legal obligations).
• System Evolution: To improve accuracy and safety using de-identified or aggregated data; personal identifiers are removed where feasible.
• Compliance: To meet audit, accounting, and lawful disclosure duties under GDPR, CCPA/CPRA, and APPI.
• No Sale of Personal Data: We do not sell or share personal data for cross-context behavioral advertising.

Retention & Disclosure Boundaries

• Account Data Retention: Maintained for the life of your account and securely deleted within a 30-day grace period after confirmed account deletion, unless longer retention is required by law.
• Usage & Log Data Retention: Conversation logs, technical telemetry, and analytical records are retained for up to 24 months before anonymization or deletion, with earlier purge upon validated erasure request where applicable.
• Confidentiality: Inventive content and designated private ideas are not disclosed or licensed to third parties without your direction.
• Third-Party Processing: Limited to vetted service providers bound by data processing agreements and confidentiality, engaged solely to support Ideactor.

Your Rights & Controls

• Access: Obtain a copy of personal data we hold about you.
• Rectification: Correct inaccurate or incomplete personal data.
• Erasure (Right to be Forgotten): Request deletion of personal data, subject to legal retention duties.
• Portability: Receive your personal data in a structured, commonly used, machine-readable format.
• Restriction: Request limitation of processing in specific circumstances.
• Objection & Withdrawal: Object to processing based on legitimate interests and withdraw consent where consent is the basis (including analytics cookies).
• CCPA/CPRA Rights: Request disclosure of categories/specific pieces of personal information, correction, deletion, and opt-out of any sale or sharing of personal data; limit use of sensitive personal information.

To exercise these rights, contact the Data Protection Officer at dpo@ideactor.net. Verification steps may be required before fulfilling a request.

Security, Transfers, Cookies & Contact

• Encryption & Transport: TLS 1.3 is enforced for data in transit; AES-256 is used for encryption at rest, including backups.
• Access Control & Testing: Role-Based Access Control (RBAC), least-privilege permissions, audit logging, and regular vulnerability assessments/penetration testing are applied to protect systems.
• International Transfers: Data may be processed on servers outside Japan (e.g., the United States) under Standard Contractual Clauses (SCC) or equivalent safeguards, with processors bound to comparable data protection obligations.
• Children's Privacy: Ideactor is not intended for individuals under 16. If such data is discovered, accounts are disabled and data is purged upon verified request.
• Cookies & Technical Storage: We use Essential cookies (authentication, security), Functional cookies (preferences, language), and Analytical cookies (performance metrics, opt-out available). Persona preferences and chat history stored in localStorage remain on your device unless you actively sync or transmit them; you may clear them via browser settings.
• Contact & Operator: Roboken Inc. operates Ideactor. Reach the Data Protection Officer at dpo@ideactor.net for any privacy concerns.