← Back to Bedore.AI
Privacy Policy
Last updated: April 16, 2026
1. Overview
Bedore.AI ("we", "us") respects your privacy. This policy explains what data we collect, how we use it, and your rights regarding that data. We collect the minimum data necessary to provide and improve the Service.
2. Data We Collect
| Data | Purpose | Retention |
|---|
| Name, email address | Account creation, communications | Until account deletion + 30 days |
| Usage metrics (token counts, login times) | Billing, plan enforcement, analytics | 12 months rolling |
| Payment information | Billing via Stripe | Managed by Stripe (see their privacy policy) |
| Workspace content (files, code, data) | Providing the Service | Until account deletion + 30 days |
| Server logs (IP addresses, user agents) | Security, troubleshooting | 90 days |
3. How We Use Your Data
- Provide the Service: run your workspace, process AI requests, enforce usage limits.
- Billing: process payments, send invoices, manage subscriptions.
- Communications: send transactional emails (password resets, plan changes, trial notifications).
- Security: detect and prevent unauthorized access, abuse, and fraud.
- Improvement: analyze aggregate usage patterns to improve the Service (never individual workspace content).
4. Third-Party Services
We use the following third-party services to operate:
| Service | Purpose | Data Shared |
|---|
| Stripe | Payment processing | Name, email, payment details |
| Resend | Transactional email | Email address, message content |
| Cloudflare | CDN, DDoS protection, DNS | IP address, request metadata |
| AI providers (Anthropic, Moonshot) | AI assistance in workspaces | Prompts and responses during AI sessions |
Each provider operates under their own privacy policy. We select providers with strong privacy and security practices.
5. AI and Your Data
- Prompts you send to the AI assistant are forwarded to the configured AI provider for processing.
- We do not use your prompts or AI outputs to train models.
- AI providers may have their own data retention policies. See their respective privacy policies for details.
- Sensitive data (PII) should not be sent to AI providers without appropriate data processing agreements in place.
6. Data Security
- All data in transit is encrypted via TLS (Cloudflare).
- Credentials are encrypted at rest using AES-256 (Fernet).
- Each workspace is isolated in its own container with dedicated resources.
- Multi-factor authentication (TOTP) is required for all workspace logins.
- We conduct regular security scans (ClamAV, AIDE, rkhunter, Wazuh).
7. Your Rights
- Access: request a copy of your data at any time.
- Correction: update your personal information via the Service or by contacting us.
- Deletion: request account deletion. Your data is removed within 30 days.
- Portability: export your workspace data at any time (it's your standard Linux home directory).
8. Cookies
We use session cookies for authentication. We do not use tracking cookies or third-party analytics trackers.
9. Children's Privacy
The Service is not directed to children under 18. We do not knowingly collect data from minors.
10. Changes to This Policy
We may update this policy from time to time. We will notify you of material changes via email. Continued use after changes constitutes acceptance.
11. Contact
Privacy questions? Contact us at [email protected].