Privacy Policy

Last updated: December 21, 2025

This Privacy Policy explains how BEHAVIQ (“we”, “us”, “our”) collects, uses, shares, and protects information when you use our website and services (the “Service”). It is written to match the current scope of the Service: an AI chat experience grounded in behavioural science, with optional voice features, optional web search, and optional external tool integrations.

Summary

We collect account data (like your email), session/security data (like IP address), and usage/billing data (like subscription status and credit balance).
We process the messages you send (and any files/audio you provide) to generate responses using third-party AI and infrastructure providers.
We store chat transcripts as encrypted-at-rest objects (for example, in object storage) so you can view chat history across sessions.
We use trusted vendors (for example, Sentry) to monitor errors and performance so we can keep the Service reliable and secure.
We do not sell your personal information.

Information we collect

Account and authentication

Account identifiers: email address, account ID, and basic account metadata.
Credentials: password hashes (we do not store your plaintext password).
Email verification / OTP: one-time codes and verification records (stored in a secure form).
Social sign-in (if you use it): provider identifiers and tokens/metadata needed to maintain the integration.

Session, device, and security information

IP address, user agent, session tokens, and timestamps.
Approximate location derived from IP (e.g., city/region/country) when enabled to help prevent abuse and improve security.

Diagnostics and performance

Error reports such as stack traces, crash data, and event IDs.
Request metadata like timestamps, URLs, and performance timing.
Device/browser details to help us reproduce and fix issues.

Chat content

Messages you submit and the responses generated.
Citations / sources included in responses, where applicable.
Chat metadata such as timestamps, message counts, and a short last-message preview used for the chat history list.

Audio (voice features)

Speech-to-text (STT): audio you record is processed to produce a transcript. We generally do not need to store raw microphone audio to provide the feature.
Text-to-speech (TTS): when enabled, we generate audio for assistant messages; we may store generated audio so you can replay it without re-generating.

Files you upload (knowledge base)

Administrators can upload documents to build knowledge bases used by configured bots. We store file metadata (e.g., filename, content type, size, hash) and provider identifiers associated with uploaded files.

Billing, purchases, and support

Subscription status and billing-related identifiers (for example, Stripe customer and subscription IDs).
Credit pack purchases and credit grants.
Gift purchase details (such as recipient email) if you use gifting features.
Support communications you send us (e.g., via email).

Preferences and customization

If you choose to, you can provide customization inputs (for example, what you want the assistant to call you, and context you want considered). We store and use this to personalize responses.

How we use information

To provide the Service, including generating responses and enabling chat history.
To personalize your experience (e.g., applying your customization settings).
To authenticate you, maintain sessions, and secure the Service.
To administer subscriptions, credits, gifts, and invoices.
To troubleshoot, debug, and improve reliability and performance.
To comply with legal obligations and enforce our Terms.

Legal bases (EEA/UK)

If you are in the European Economic Area or the United Kingdom, we rely on the following legal bases where applicable:

Contract: to provide the Service you request (account access, chat features, subscriptions, credits).
Legitimate interests: to secure and improve the Service, prevent fraud/abuse, and maintain reliability.
Consent: where we ask you to enable optional features (for example, optional voice capture or optional external tool integrations).
Legal obligation: to comply with applicable laws and lawful requests.

How we share information

We share information with service providers and only as needed to operate the Service, including:

OpenAI (AI provider) to generate responses, run retrieval over knowledge bases, and perform optional web search and audio features.
Cloudflare (cloud infrastructure) to host the Service and store data (database and object storage).
Stripe (payments) to manage subscriptions and purchases (we do not store full card numbers).
Resend (email delivery) to send verification codes and transactional emails.
Google (OAuth) if you choose social sign-in.
Sentry (error monitoring and performance) to help us detect, diagnose, and fix issues.
External tool servers if you enable optional tool integrations (e.g., MCP servers). In that case, portions of your message may be sent to those tools to complete a request.

When you enable optional web search or external tool integrations, your prompt (or parts of it) may be used to query third-party sources outside our control, and those sources may have their own privacy practices.

We recommend that you avoid including highly sensitive personal information in prompts or uploads. While our providers publish information about how they handle API data, no system can guarantee perfect confidentiality.

We may also disclose information if required by law, to protect rights and safety, or in connection with a corporate transaction (e.g., merger or acquisition).

Cookies and similar technologies

We use cookies for authentication/session management. We may also store limited local settings in your browser (for example, UI preferences and acknowledgement of safety notices).

Marketing communications

We may send essential service updates (for example, security notices) regardless of marketing preferences. If we send marketing emails, you can opt out using the unsubscribe link provided in those messages.

Data retention

We retain information for as long as needed to provide the Service and for legitimate business purposes, such as security, dispute resolution, and compliance. Chat history is retained while your account remains active unless you request deletion. Billing records may be retained longer where required for accounting and legal obligations. Operational logs and diagnostics are typically kept for shorter periods.

Your rights and choices

Depending on where you live, you may have rights to access, correct, delete, or obtain a copy of your personal information, and to object to or restrict certain processing. To make a request, contact us at support@behaviq.io.

California (CCPA/CPRA)

If you are a California resident, you may have rights to know, access, correct, and delete personal information, and to opt out of the sale or sharing of personal information. We do not sell personal information. We also do not share personal information for cross-context behavioural advertising.

De-identified and aggregated data

We may create aggregated or de-identified information for analytics and service improvement (for example, counts of feature usage). We use and share this information in a way that is intended to prevent re-identification.

Security

We use administrative, technical, and physical safeguards designed to protect information. No system is 100% secure; please avoid sharing highly sensitive information in chat.

International transfers

Our service providers may process and store information in different countries. Where required, we use safeguards intended to protect information when transferred internationally.

Children’s privacy

The Service is not directed to children and is not intended for use by children under 13. If you believe a child has provided personal information, contact us.

Changes to this policy

We may update this policy from time to time. We will post the updated version on this page and update the “Last updated” date above.

Contact

Questions about privacy? Email support@behaviq.io.