Hire Parker Today

Hire Parker Today

Hire Parker

Hire Parker

Privacy Policy

Last Updated:

1. Introduction

Real Simple Labs, Inc. ("Real Simple Labs," "we," "our," or "us") operates Parker AI (also marketed as HeyParker.ai) ("Parker" or the "Service"), an AI agent platform that provides intelligent automation and assistance services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

2. Information We Collect

2.1 Account Information

  • Email address and authentication credentials

  • Profile information (name, organization)

  • Billing and payment information

2.2 Usage Data

  • API requests and responses

  • Agent interactions and conversation logs

  • Performance metrics and usage analytics

  • Device and browser information

  • IP addresses and location data

2.3 AI Training Data

  • User inputs and prompts submitted to AI agents

  • Feedback on AI responses and corrections

  • Custom agent configurations and workflows

2.4 Technical Data

  • Server logs and error reports

  • Database queries and response times

  • Authentication tokens and session data

3. How We Use Your Information

3.1 Service Provision

  • Process and respond to your AI agent requests

  • Maintain and improve platform functionality

  • Provide customer support and troubleshooting

3.2 AI Model Enhancement

  • Train and improve our AI models (with appropriate anonymization)

  • Develop new features and capabilities

  • Optimize response accuracy and performance

3.3 Platform Operations

  • Monitor system performance and security

  • Conduct analytics for service improvement

  • Ensure compliance with usage policies

4. Data Processing and Storage

4.1 Infrastructure

  • Application hosting and serverless compute on Vercel

  • Database, authentication, and file storage managed through Supabase, with encryption at rest (Supabase's underlying infrastructure runs on Amazon Web Services)

4.2 Data Retention

  • Conversation logs: 90 days (unless explicitly deleted)

  • Account data: Duration of account plus 30 days

  • Analytics data: 24 months in aggregated form

  • Billing records: As required by law

4.3 Data Security

  • TLS encryption for data in transit between your browser, our application, and our infrastructure providers

  • Encryption at rest for stored data, provided by our database and storage vendor (Supabase)

  • Authentication via short-lived access tokens with rotation, including for the Save to Parker browser extension

  • Application-level access controls scoped by organization, brand, and role

  • Backup and disaster-recovery operated by our infrastructure providers (Supabase, Vercel)

  • No method of transmission or electronic storage is completely secure; we cannot guarantee absolute security

5. Third-Party Services

We integrate with the following services that may process your data:

5.1 Essential Services

  • Supabase: database, authentication, and file storage (Supabase's underlying infrastructure runs on Amazon Web Services)

  • Vercel: web application hosting, edge network, and serverless compute

  • Google: sign-in identity provider for the Google OAuth method (one of two sign-in options Parker offers, alongside email and password; both are available in the Save to Parker browser extension)

5.2 Analytics and Monitoring

  • Sentry: server-side error tracking — receives request URL, HTTP method, response status, error message, and stack trace when a server-side error occurs (no saved-idea content, no media files, no session tokens)

  • Performance monitoring tooling

  • Usage analytics (anonymized)

5.3 Payment Processing

  • Secure payment processors for billing

  • PCI-compliant transaction handling

6. AI-Specific Privacy Considerations

6.1 Model Training

  • Personal data is anonymized before use in model training

  • You can opt out of having your data used for training

  • We implement differential privacy techniques where applicable

6.2 AI Responses

  • AI responses are generated based on your inputs and our models

  • We do not guarantee accuracy of AI-generated content

  • Conversations may be reviewed for quality assurance

6.3 Data Minimization

  • We only collect data necessary for AI functionality

  • Automatic deletion of unnecessary conversation data

  • Regular audits of data collection practices

7. Your Rights and Controls

7.1 Access and Portability

  • Request copies of your personal data

  • Export conversation history and agent configurations

  • API access to retrieve your data programmatically

7.2 Correction and Deletion

  • Update or correct your account information

  • Delete specific conversations or entire account

  • Right to be forgotten (where legally applicable)

7.3 Control Over AI Training

  • Opt out of data use for model training

  • Request exclusion of specific conversations

  • Control over data sharing with third parties

8. Data Sharing and Disclosure

We do not sell your personal data.

We may share information in these circumstances:

8.1 With Your Consent

  • When you explicitly authorize sharing

  • For integrations you've enabled

8.2 Service Providers

  • Third-party vendors supporting our operations

  • Hosting and infrastructure providers (Vercel for application hosting; Supabase for database, authentication, and file storage)

  • Identity providers (Supabase Auth, which validates both email/password and Google OAuth sign-in; Google, for the Google OAuth method)

8.3 Legal Requirements

  • To comply with legal obligations

  • To protect our rights and users' safety

  • In response to valid legal requests

9. International Data Transfers

  • Data may be processed in regions operated by our hosting and infrastructure providers (Vercel and Supabase)

  • We implement appropriate safeguards for international transfers

  • Compliance with GDPR, CCPA, and other applicable regulations

10. Cookies and Tracking

10.1 Essential Cookies

  • Authentication and session management

  • Platform functionality and preferences

10.2 Analytics Cookies

  • Usage patterns and performance metrics

  • Error tracking and debugging information

10.3 Cookie Control

  • Manage cookie preferences in your account settings

  • Browser-level cookie controls respected

11. Data Breach Notification

In the event of a data breach:

  • We will notify affected users within 72 hours

  • Relevant authorities will be informed as required

  • We will provide clear information about the incident and our response

12. Children's Privacy

Our platform is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13.

13. Updates to This Policy

  • We may update this policy periodically

  • Users will be notified of material changes

  • Continued use constitutes acceptance of updates

14. Contact Information

For privacy-related questions or requests:

Email: support@realsimplelabs.com

15. Jurisdiction and Compliance

This policy is governed by the laws of the State of California and complies with:

  • General Data Protection Regulation (GDPR)

  • California Consumer Privacy Act (CCPA)

  • Other applicable privacy laws

16. Save to Parker Browser Extension

This section describes how the "Save to Parker" Chrome browser extension (the "Extension") collects, uses, and protects your information. The Extension is a separate distribution of Parker that you install from the Chrome Web Store. By using the Extension, you agree to the data handling practices described in this Privacy Policy, including this section. To the extent of any conflict between this section and the rest of this Policy in matters specific to the Extension, this section controls.

16.1 Supported Platforms and Where the Extension Runs

The Extension provides its "Save to Parker" feature on the following surfaces — the only places it injects a Save button, scrapes content, fetches additional metadata, or sends anything to Parker:

  • Facebook Ad Library (facebook.com/ads/library)

  • Facebook posts and photos — organic content on facebook.com: post permalinks (facebook.com/<page>/posts/…, /permalink.php, /story.php, /share/p/…), photo pages (/photo/…, /photo.php), and the main profile and Page timeline. This includes posts and photos that are public as well as those visible to you within your own signed-in Facebook session. The Extension does not provide its Save feature on Facebook Reels, Watch videos, Groups, Events, Marketplace, or Stories.

  • Pinterest pin detail pages (*.pinterest.com/pin/…) and pin cards on Pinterest feed, board, profile, and search pages, across all country subdomains

  • TikTok video and photo detail pages (tiktok.com/…/video/…, tiktok.com/…/photo/…) and TikTok feed, Explore, and Search results pages where the Save button can be attached to the videos and photo posts you open (e.g. tiktok.com/foryou, tiktok.com/explore, tiktok.com/search)

  • YouTube Shorts (youtube.com/shorts/…)

Where the Extension is installed. Because Facebook, TikTok, YouTube, and Pinterest are single-page applications — the URL changes when you navigate between pages but the browser does not perform a full page load — the Extension's content scripts are registered (per Chrome Web Store manifest declarations) on the full domains facebook.com, tiktok.com, youtube.com, and *.pinterest.com. This is necessary so that the Extension can attach a Save button when you navigate to a supported surface (e.g. when you open a Pinterest pin from the Pinterest homepage without a page refresh).

Transient in-memory observation on the broader install domains. To support single-page-application navigation, the Extension's content scripts run on every page within the four install domains and observe certain network responses your browser already requests as part of normal use of those sites. This observation is transient and in-memory only: the Extension retains a small recent buffer of API responses (capped at 200 entries) whose URLs match a fixed allowlist of paths used by the supported surfaces — specifically /api/graphql/ (Facebook), /resource/PinResource/ and /v3/pins/ (Pinterest), /youtubei/v1/ (YouTube), and a small set of TikTok feed, discovery, and detail paths (e.g. /aweme/detail, /api/item/detail, /api/post/item_list, /api/recommend/item_list, /api/explore/item_list, /api/search/item/full, /api/search/general/full). Responses outside this allowlist are dropped and never retained. Additionally, on YouTube only, the Extension hooks the browser's Media Source Extensions APIs so that, when you click Save on a YouTube Short, the bytes the browser is already streaming for that Short can be uploaded to your Parker account; this hook is not installed on any other domain.

What the Extension does on non-supported pages within those domains. On any page within the four install domains that is not one of the supported surfaces listed above, the Extension does not inject a Save button, does not scrape page content, and never sends anything to Parker servers. The transient in-memory buffer described above is automatically discarded when the tab is closed or navigated away, and entries beyond the 200-entry cap are evicted as new matching responses arrive. Per §16.4 (Limited Use of User Data), no information from non-supported pages is persisted, transmitted to Parker, shared with third parties, or used for any purpose other than enabling the save action when you later land on a supported surface.

The Extension does not run on, read from, or modify any website outside the four install domains listed above.

16.2 Data the Extension Reads from Supported Platforms

When you visit a supported surface listed in §16.1, the Extension reads:

  • Page metadata visible in your browser: the URL of the post or ad you are viewing, the post's caption or description, the author's display name and handle, publicly displayed engagement counts (likes, comments, views, shares), and the media (images or video) the platform is rendering for you.

  • API responses your browser receives: the Extension passively observes the JSON responses that the platform's web app already requests, in order to identify the specific item you wish to save. Observation is strictly read-only — the Extension does not modify, suppress, or redirect any platform request or response.

  • For Facebook Ad Library specifically: while you have a Facebook Ad Library tab open, the Extension reads two tokens that Facebook places in your page for the page's own scripts to use: a CSRF token (fb_dtsg) and a session token (lsd). Both tokens are read from the GraphQL request bodies that Facebook's own web app sends and from <input> and <script> elements in the page DOM. The Extension only uses these tokens locally, inside your tab, to issue a single authenticated request to Facebook's GraphQL endpoint — fetching the canonical advertiser metadata for the specific ad you are saving — and that request is fired only when you click "Save to Parker" on that ad. No Facebook session tokens or cookies are ever transmitted to Parker servers.

  • For Facebook posts and photos specifically: as with the Ad Library flow above, the Extension reads the same two tokens Facebook places in your page for its own scripts to use — a CSRF token (fb_dtsg) and a session token (lsd) — from the GraphQL request bodies Facebook's own web app sends and from the page DOM. It also observes a set of routine, non-identifying session parameters (roughly twenty technical values such as __rev, __dyn, and jazoest, which Facebook requires on its own GraphQL requests) from the requests your browser already makes during normal use of Facebook. When you click "Save to Parker" on a post or photo and the information already visible in the page is incomplete (common on Facebook's photo-viewer layout, where engagement counts are loaded only into a dialog), the Extension uses these tokens and parameters to issue a single authenticated request to Facebook's GraphQL endpoint — fetching the post's canonical author, caption, engagement counts, and media, the same data Facebook loads to render the post for you. This request is fired only inside your tab, only in direct response to your clicking Save, and only for the specific post or photo you are saving. To issue it, the Extension reuses the opaque query identifiers (doc_id values) Facebook serializes into its own requests, which it caches locally as described in §16.5. No Facebook session tokens or cookies are ever transmitted to Parker servers.

  • For Pinterest specifically: when you click "Save to Parker" on a Pinterest pin, the Extension reads Pinterest's CSRF token (the csrftoken cookie that Pinterest sets on its own domain) and a public Pinterest application-version identifier from the page, and issues a single authenticated request to Pinterest's /resource/PinResource/get/ endpoint to fetch the canonical pin object for the pin you are saving. This request is made only in direct response to your clicking Save, only inside your tab, only for the specific pin you are saving, and only using the session you have already established with Pinterest. No Pinterest session tokens or cookies are ever transmitted to Parker servers.

  • For YouTube Shorts specifically: the Extension captures the video bytes that your browser is already streaming and decoding to render the Short you are watching. No separate download from YouTube's content delivery network is initiated by the Extension.

16.3 Data the Extension Sends to Parker

When you click "Save to Parker" and confirm a save, the Extension sends the following to your Parker account:

  • The URL of the saved post or ad.

  • Caption or description text, author display name, author handle, publicly displayed engagement counts, and the platform-specific identifier of the saved item.

  • A copy of the media (image or video) you are saving.

  • The organization, brand, and board you selected in the save dialog, plus any optional notes you typed.

The Extension does not send to Parker any other browsing history, page content from non-supported sites, or platform credentials.

16.4 Limited Use of User Data

In compliance with the Chrome Web Store User Data Privacy Policy and its "Limited Use" requirement, our use of data accessed through the Extension adheres to the following commitments:

  • We use Extension data only to provide and improve the user-facing features described in this Privacy Policy and visible from the Extension's UI — specifically, saving posts, ads, and pins to your Parker visual ideas board.

  • We do not transfer Extension data to third parties for purposes unrelated to providing the save-to-Parker feature, except as described in §8 (Data Sharing and Disclosure) or as required by law.

  • We do not use Extension data for serving advertisements, including personalized, retargeted, or interest-based advertising.

  • We do not allow humans to read Extension data, except (i) with your explicit consent — including consent you provide when you contact us with a specific support request that requires us to access the specific Extension data needed to resolve that request; (ii) for security investigations or to comply with applicable law; or (iii) when the data is aggregated and anonymized and used for internal operations consistent with this Policy.

16.5 Browser-Stored Data

The Extension stores the following inside Chrome's chrome.storage.local API on your device:

  • Your Parker access token, refresh token, and token expiry timestamp (used to authenticate with Parker's backend).

  • A locally cached copy of your Parker user profile (account ID, email, display name) and your accessible organizations and brands, used to populate the popup and the save dialog without re-fetching from Parker on every interaction. This cache is refreshed when you click "Refresh connection" in the popup.

  • Your most recently selected organization, brand, and board (so the save dialog defaults are remembered).

  • An offline retry queue containing pending saves that the Extension was unable to deliver due to a temporary network issue (cleared once delivered).

  • A small map of Facebook-issued opaque GraphQL query identifiers (the doc_id values Facebook serializes into its own request URLs — typically 5–20 short numeric strings). These are cached across browser sessions so that, when Facebook rotates its internal query catalog, the authenticated metadata request described in §16.2 does not fail on the first save of a session. These identifiers are not personally identifying, are not derived from your Facebook account or activity, and are never transmitted to Parker servers.

This data is stored locally and is not synchronized to other devices via Chrome Sync. You can clear all of it at any time by clicking "Disconnect" in the Extension popup, which signs you out and erases all locally stored Extension data.

16.6 Authentication Flow

The Extension authenticates you using the same sign-in methods Parker offers on the web — Google OAuth, or email and password. When you click "Sign In" in the Extension popup, a sign-in window opens to app.heyparker.ai/auth/extension-loginwhere you can choose either method.

If you choose email and password, your credentials are sent over HTTPS to Parker's backend, which validates them against Parker's user database (hosted by our identity provider, Supabase) and immediately discards them. Passwords are never stored, logged, or transmitted by the Extension itself, and Parker's authentication route does not retain or log them beyond the single credential check Supabase performs on the request.

If you choose Google OAuth, you are redirected through app.heyparker.ai and auth.heyparker.ai (Parker's authentication subdomain, hosted by our identity provider) to complete sign-in.

In both cases, on success the Extension receives the same access and refresh tokens it would receive from a sign-in on the web; the Extension stores them locally as described in §16.5.

16.7 Your Rights and Controls

In addition to the rights described in §7 of this Policy, when using the Extension you may:

  • Sign out and erase local data by clicking "Disconnect" in the Extension popup.

  • Uninstall the Extension at any time via your browser's extensions management page (chrome://extensions). Uninstallation immediately stops all data collection by the Extension on your device.

  • Delete saved ideas from your Parker account via the web app. Deletion of saved ideas follows the retention rules in §4.2.

  • Submit a data deletion request for your entire Parker account at app.heyparker.ai/privacy/delete-data, which covers all data saved via the Extension.

16.8 Third-Party Platform Interactions

When the Extension makes a request to a supported platform on your behalf (for example, the Facebook GraphQL fetch described in §16.2), that request is governed by the receiving platform's own terms of service and privacy policy. Real Simple Labs is not responsible for how third-party platforms log, retain, or use the requests your browser makes during normal use of their services.

16.9 Third-Party Services Used by the Extension

The data the Extension sends to Parker (described in §16.3) is transmitted to and processed by the following third-party services. Each is also disclosed in §5 (Third-Party Services) for the broader Parker platform; this list calls out the services specifically involved in the Extension's data flow:

  • Google (Google OAuth): identity provider for the Sign in with Google flow, one of two sign-in methods the Extension offers. Google receives standard OAuth sign-in metadata (your Google account email and a consent acknowledgement) only when you choose this method; it does not receive saved ideas, browsing activity, or any platform content. If you sign in with email and password instead, Google receives nothing from the Extension.

  • Supabase: Parker's database, authentication, and file-storage provider. Supabase Auth validates both sign-in methods (email/password and Google OAuth). Supabase stores your Parker account, your saved ideas, and the media files (images and videos) you save via the Extension. The Extension uploads media directly to Supabase Storage using short-lived presigned upload URLs issued by Parker. Supabase's underlying infrastructure runs on Amazon Web Services.

  • Vercel: hosting and edge network for app.heyparker.ai, Parker's web application. The Extension's API requests (sign-in, save-idea, list-boards, refresh-context, etc.) are served by Parker code running on Vercel; data in transit through Vercel is the same data the Extension sends to Parker as described in §16.3.

  • Sentry: error-monitoring service for the Parker web application. When a server-side error occurs while handling an Extension API request, Sentry receives the request URL (with query parameters), HTTP method, response status, the error message, and a stack trace. Sentry does not receive saved-idea content, media files, or your Google session tokens. Sentry data is retained per Sentry's own retention policy, with access limited to Real Simple Labs personnel investigating the issue.

16.10 Children's Use

The Extension is subject to the same age restrictions described in §12. The Extension is not intended for, and should not be used by, individuals under the age of 18, or under the age required by the underlying platform's own terms (which may be higher in some jurisdictions).