Privacy Policy

This Privacy Policy explains what Bugle (the "Service", operated by Nick Potter) collects, why, and what we do with it. It applies to everyone who uses Bugle.

The short version. We collect what we need to run the Service and improve it. We don't sell your data. We don't use your conversations to train AI models. Marketing email is opt-in only.

1. What we collect

• Account data: your email address, password (stored as a salted hash by our auth provider, never in plain text), and optional display name.
• Conversation data: the questions you ask, the answers we generate, and which source citations were attached.
• Feedback: 👍 / 👎 ratings, category selections, and any comments you submit on assistant messages.
• Diagnostic and abuse-prevention data: request timestamps, latency, error logs, and per-turn pipeline traces. These help us debug bad answers and prevent runaway usage.
• Marketing consent state: whether you opted in to product update emails, and when you did so.

Payment data. The Service is currently free — we do not process payments or collect any payment information. If we introduce paid plans in the future, payments would be handled by Stripe, and we would store only a Stripe customer/subscription reference and your plan status (never your full card number).

2. How we use it

• To operate the Service: authenticate you, persist your chat history so you can return to it, run the retrieval pipeline that powers cited answers.
• To improve answer quality: we review feedback and traces in aggregate to find and fix bad answers. We do not tie this review to your identity in any public report.
• To prevent abuse: we count requests per account against per-minute and daily caps so that a single account cannot run up our AI provider bills (see our Terms of Service).
• To communicate with you — see Section 4.

3. AI providers and where your queries go

Bugle sends the text of your question (plus recent conversation context, when relevant) to third-party AI providers to generate answers:

• Anthropic — generates the assistant's response and analyzes your question to plan retrieval.
• Voyage AI — converts text into embedding vectors for semantic search.
• Cohere — reranks retrieved source passages.

Each provider processes inputs according to their own data-handling terms. Bugle has configured these integrations so that your conversations are NOT used to train any provider's models.

4. Email and how to opt out

Transactional email (always on while you have an account). Account verification, password resets, security alerts, and similar operational notices. These are required to run the Service and cannot be opted out of while your account is active. If you don't want them, delete your account.

Marketing email (opt-in, opt-out at any time). Product announcements, feature updates, and occasional notes from the Bugle team. We only send marketing email if you explicitly opted in (at signup or later in settings). Every marketing email contains a one-click unsubscribe link. You can also email help@getbugle.com and we'll process the opt-out manually.

Withdrawing marketing consent does not affect transactional email or your ability to use the Service.

5. Who else sees your data

• Hosting and infrastructure providers who run the servers and databases the Service depends on (currently Vercel for application hosting and Supabase for the database). They process data on our behalf under their own terms.
• AI providers as described in Section 3.
• Email delivery (Resend) sends transactional and (if you opted in) marketing email on our behalf, processing your email address to do so.
• Payments (Stripe) — only if we introduce paid plans and you purchase one (the Service is free today). We'd share only what's needed to bill you, and never see your full card number.
• Law enforcement, only if compelled by a valid legal request, and with notice to you where legally permitted.

We do not sell your personal data. We do not share your data with advertisers or data brokers.

6. Data retention

• Conversations and feedback: retained while your account is active, and for up to 30 days after account deletion (to allow recovery and to investigate any abuse reports).
• Diagnostic and trace logs: retained for up to 90 days, then summarized into aggregate metrics and the per-conversation detail is deleted.
• Account record: deleted within 30 days of an account deletion request, subject to limited retention required by law.

7. Your rights

You can request any of the following by emailing help@getbugle.com from the address on your account:

• Export of the data we hold about you.
• Correction of inaccurate account data.
• Deletion of your account and associated data.
• Withdrawal of marketing consent.

We aim to respond within 14 days. Where applicable, residents of jurisdictions with broader privacy rights (e.g. GDPR, CCPA) may have additional rights — contact us and we'll honor them.

8. Children's privacy

Bugle is not directed to children under 13 and we do not knowingly collect data from children under 13. If you believe a child has created an account, contact us and we'll delete the account.

9. Security

We protect your data with industry-standard measures: encryption in transit (HTTPS everywhere), encryption at rest at our database and storage providers, salted password hashing handled by our auth provider, and role-based access controls. No system is perfectly secure; if we become aware of a breach affecting your data, we will notify you and the relevant authorities as required by law.

10. Cookies and tracking

We use only the essential cookies needed to sign you in and keep your session secure. We do not run third-party advertising trackers, cross-site tracking, or ad-network pixels, and we don't sell or share your data for advertising.

11. Changes

We may update this Privacy Policy over time. Material changes will be announced via email and reflected in the "Last updated" date above.

12. Contact

Questions, requests, or concerns about your data? Email help@getbugle.com.