Privacy Policy

Last updated: February 2026

This Privacy Policy describes how Curly Tale Games LLC, doing business as Rinth Labs, which operates the Atunex platform ("Atunex," "we," "us," or "our"), collects, uses, and protects information in connection with our website, platform, and ultrasonic positioning services.

Note on roles: Atunex serves both venue operators ("Customers") who deploy our platform, and end users ("Visitors") who interact with Atunex-powered experiences at venues. Atunex acts as a data processor for Visitor data on behalf of Customers, who are the data controllers. This policy covers both relationships.

1. Information We Collect

Information from Customers (Venue Operators)

We collect information you provide when signing up, entering a deployment agreement, or contacting us:

  • Contact information (name, email address, organization, role)
  • Pilot program or deployment application details
  • Billing and payment information (processed by Stripe — we never store full card numbers)
  • Content and configuration data you upload to the platform
  • Communications you send us via email or contact forms

Information from Visitors (End Users at Venues)

When a Visitor accesses an Atunex-powered experience at a venue:

  • Ultrasonic positioning data: The browser requests microphone access to listen for ultrasonic signals emitted by Atunex Note devices. Audio processing occurs entirely within the Visitor's browser. We receive only a signal identifier (which Note device was detected) — no raw audio is transmitted to our servers, no audio recordings are made or stored, and no biometric data is collected.
  • Session data: Anonymized positioning events (Note detected, timestamp) used to deliver content and provide analytics to the venue operator. This data is not linked to a persistent user identity.
  • Device information: Browser type and operating system, collected in aggregate for platform analytics only.

Visitors are presented with a clear disclosure before any microphone access is requested, identifying the venue and explaining the purpose. Visitors may decline microphone access at any time; declining will disable positioning features but does not affect their ability to visit the venue.

Website Visitors

When you visit atunex.com, we may automatically collect basic usage data (pages visited, referrer, browser type) through privacy-focused analytics. No personally identifiable data is collected through website analytics.

2. How We Use Your Information

Customer Data

We use Customer information to:

  • Process applications, agreements, and payments
  • Provide, maintain, and improve the platform and Services
  • Send transactional communications (receipts, deployment updates, security notices)
  • Respond to support inquiries
  • Send marketing communications with your consent (you may unsubscribe at any time)

Visitor Data

We use Visitor positioning data solely to:

  • Deliver the location-aware content or navigation experience configured by the venue operator
  • Provide anonymized, aggregate analytics to the venue operator (e.g., foot traffic patterns, popular areas)

We do not use Visitor data for advertising, profiling, or any purpose beyond providing the Services to the venue operator. Positioning data is processed in real-time and session data is not retained beyond 90 days. Aggregate analytics data may be retained longer in anonymized form.

3. Ultrasonic Technology & Microphone Access

Atunex Note devices emit inaudible ultrasonic tones. Detection occurs exclusively within the Visitor's browser using the Web Audio API — no audio data ever leaves the device. The technology does not record conversations, identify individuals, collect biometric data, or perform any audio analysis beyond detecting the specific ultrasonic frequency pattern of a Note device.

This technology is not subject to wiretapping laws because no communication is intercepted — only a purpose-built machine signal is detected. However, because the browser microphone permission is required, we ensure Visitors are fully informed and provide affirmative consent before any microphone access occurs.

4. Data Sharing and Disclosure

We do not sell your personal information. We may share information as follows:

  • Venue operators: Anonymized Visitor session analytics (Note detected, timing) are shared with the venue operator on whose platform the interaction occurred. Raw audio is never shared with anyone.
  • Service providers: Third-party vendors who assist in operating our platform (cloud hosting via AWS, payment processing via Stripe, email delivery). These providers process data only on our behalf and under our instructions.
  • Legal compliance: When required by law, court order, or governmental authority.
  • Business transfers: In connection with a merger, acquisition, restructuring, or sale of assets. You will be notified of any such transfer.

5. Cookies and Tracking

We use essential cookies for platform functionality (authentication, session management). We do not use third-party advertising cookies or behavioral tracking cookies. You can control cookie preferences through your browser settings; disabling essential cookies may impair platform functionality.

6. Data Retention

  • Customer account data: Retained for the duration of your account plus 3 years, or as required by law.
  • Visitor positioning session data: Retained for up to 90 days, then deleted.
  • Aggregate analytics: Retained indefinitely in anonymized form.
  • Payment records: Retained as required by applicable law (typically 7 years).

7. Data Security

We implement appropriate technical and organizational measures to protect personal information against unauthorized access, alteration, disclosure, or destruction. Data is stored on AWS infrastructure in the United States. No method of electronic storage is 100% secure; we cannot guarantee absolute security but will notify affected parties of any confirmed data breach as required by applicable law.

8. Your Rights (All Users)

You may request access to, correction of, or deletion of your personal data at any time by contacting privacy@atunex.com. We will respond within 30 days. To delete your account and associated data, contact us or use the account settings in the platform.

9. California Residents (CCPA / CPRA)

We do not sell or share personal information for cross-context behavioral advertising. California residents have the right to know what personal information we collect and how it is used, request deletion, correct inaccurate information, and opt out of any future sale of their data (though we do not currently sell data).

Sensitive Personal Information: Precise geolocation data is classified as sensitive personal information under the CPRA. Atunex collects Visitor positioning data (which Note device was detected within a venue) only with prior disclosure and browser permission, used solely to deliver the requested location-aware service. We do not use this data for any secondary purpose.

To exercise California privacy rights, contact privacy@atunex.com. We will not discriminate against you for exercising these rights.

10. EU / EEA Users (GDPR)

If you are located in the EU or EEA, the following applies under the General Data Protection Regulation (GDPR).

Legal Basis for Processing Customer Data:

  • Contract performance — processing your account, payments, and service delivery.
  • Legitimate interests — transactional communications and aggregate platform analytics.
  • Legal obligation — retaining transaction records as required by law.
  • Consent — marketing communications (you may withdraw at any time).

Legal Basis for Processing Visitor Data:

  • Consent — Visitors provide affirmative consent via the browser microphone permission prompt before any positioning data is collected. Visitors may withdraw consent at any time by revoking microphone access.

Your GDPR Rights: You have the right to access, correct, erase, restrict, object to, and port your personal data, and to lodge a complaint with your national data protection authority.

International Transfers: Data is stored on AWS infrastructure in the United States. Where required, we rely on standard contractual clauses or other lawful transfer mechanisms.

Data Processing Agreements: B2B Customers subject to GDPR who require a Data Processing Agreement (DPA) should contact privacy@atunex.com. We will provide a DPA upon request.

11. Children's Privacy

Our platform services are directed to businesses, not individuals under the age of 13. We do not knowingly collect personal information from children under 13. If a venue deploys Atunex in a context where children under 13 are likely to be users, the venue operator is responsible for obtaining appropriate parental consent in compliance with COPPA and applicable law.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify Customers of material changes by email and by posting the updated policy at atunex.com/privacy. Continued use of the Services after the effective date of changes constitutes acceptance.

13. Contact & Address

For privacy-related inquiries or to exercise your rights:

Curly Tale Games LLC, doing business as Rinth Labs (Atunex)
2150 West 117th Street #1343
Cleveland, OH 44111
United States
Email: privacy@atunex.com