Published on: December 25, 2025

Effective date: December 25, 2025

BEUBBLE PRIVACY POLICY

This Privacy Policy for BEUBBLE company ("Company," "we," "us," or "our") describes how and why we might collect, store, use, and/or share your personal information when you use our Services, which include our website, our applications, and any other interaction channels we operate. BEUBBLE Company, based in the USA, acts as the Data Controller and is responsible for the processing of your personal data.

This policy is designed to help you understand our data practices and your privacy rights. Please read it carefully. By using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our terms, please discontinue your use of our Services immediately.

For general privacy inquiries, you can contact us at [email protected]

1.Collection of Personal Data, Purposes, and Legal Bases

Data Provided Directly by the User

Account and authentication data include first name, last name, email address, phone number, encrypted password, and date of birth, in order to enable the creation and secure access to the account.

User-provided content and interactions include prompts, uploaded files, interaction history with the artificial intelligence, and content generated through the Services.

Payment and transaction data are collected to ensure billing management and the performance of contractual obligations.

User communications, including support requests and exchanges with teams, may be retained for support purposes and to improve the Services.

Data Collected Automatically

Technical logs and security data include the IP address, device identifiers, and activity logs, in order to ensure service security and prevent fraud.

Usage and analytics data encompass the viewed content, used features, and navigation patterns, enabling service analysis and continuous improvement.

Device data consist of information such as operating system (OS), browser type, and device characteristics, supporting compatibility and performance optimization.

Approximate location data (country/region) are inferred from the IP address for personalization purposes and to comply with legal requirements.

Data from External Sources

Data may be received from third-party services, including external online tools or websites accessed or integrated as part of the output generation process, when necessary to deliver or enhance the performance of the Services.

Data Retention Periods

Account data are retained for the full lifetime of your account, plus 30 days after deletion, per contractual and legal requirements.

User content is retained for 12 months of inactivity.

Security logs are kept for 12 months.

Usage data are retained for 24 months before anonymization.

Payment and billing data are kept for up to 10 years for strict legal reasons.

WE DO NOT CONDUCT INDIVIDUAL DECISION-MAKING BASED SOLELY ON AUTOMATED PROCESSING, INCLUDING PROFILING.

Cookies and Tracking Technologies

Tracking technologies include essential cookies, analytics cookies (such as those used for aggregated insights), and advertising cookies (including those from email marketing tools), with preference management available directly through browser settings or a dedicated control page.

2.Use of Data

Your data are used to:

Provide the requested Services (account management, AI features, payments, support).
Improve and personalize our Services (analytics, new feature development).
Communicate with you (administrative notices, marketing if opt-in).
Ensure security and legal compliance (fraud prevention, audits).

3. Sharing, International Transfers, and Security

Limited Sharing

Personal data are not sold. Any sharing remains strictly limited to: service providers acting under binding data processing agreements; competent authorities when required to comply with legal obligations or to protect rights; and affiliated entities or potential acquirers in the context of a merger, acquisition, or corporate reorganization, subject to prior notice.

International Transfers

Data Security

We protect your data with strong security measures designed to prevent, identify, and respond to threats. We restrict data access, use advanced technical safeguards, and test our systems regularly.

In the event of a data security incident, we will act promptly to address it. We will notify the relevant authorities and affected individuals as required by applicable laws.

4. Your Global Rights

You have rights over your personal data. You may exercise them free of charge, unless your request is excessive. Your Rights Include:

Accessing your data
Correcting inaccurate data
Requesting deletion (right to be forgotten)
Receiving your data in a portable format
Restricting how we process your data
Withdrawing your consent at any time

Contact us by email at [email protected], via our portal at privacy.beubble.com, or by postal mail. We will verify your identity and respond within one month.

Jurisdiction

Any dispute shall first be submitted to an amicable settlement process initiated by filling out the official contact form. If unresolved, a mandatory videoconference settlement meeting shall be held. Failing an amicable resolution through these steps, the courts of the jurisdiction of the siege social of Beubble Company shall have exclusive jurisdiction.

5. Personal Data Relating to Children

Our Services are not intended for children, and we do not knowingly collect or process Personal Data relating to children. If we discover, or are notified by a third party, that Personal Data belonging to a child has been collected, we will investigate and, where appropriate, take the necessary steps to delete such Personal Data, to the extent permitted by applicable law.

6. Changes and Contact

Any changes to this Policy will be notified by email or on our website 30 days before they become effective. Continuing to use our Services after notification means you accept the updated Policy.

7. Annex– Privacy Provisions for the EEA, United Kingdom, and Switzerland

If you access or use the Services while located in the EEA, the United Kingdom, or Switzerland (collectively, the “European Region”), the following additional provisions apply.

Legal bases for processing

We process your Personal Data only when allowed under applicable laws.

The legal grounds on which we rely correspond to the purposes outlined in this Privacy Policy and may include, as appropriate:

Your consent
The performance of a contract with you
Compliance with our legal obligations
Our legitimate interests or those of third parties

PLEASE BE AWARE THAT DECLINING TO PROVIDE CERTAIN TYPES OF PERSONAL DATA MAY LIMIT THE FUNCTIONALITY OF SOME ASPECTS OF THE SERVICES.

Processing Purpose	Personal Data Categories	Legal Bases
Provision of Basic Services This purpose includes creating and managing your account, secure authentication, executing voice and text commands, accessing PDF documents, integrating with connected services, and providing technical support.	- Account Data: identifiers, preferences, settings - User Content: queries, commands, analyzed documents - Technical Data: cookies, authentication tokens, connection logs - Session Data: conversation history, interaction contexts	- Contract Performance: These processing activities are necessary to provide the features you explicitly request when using our service. Without this data, we could not execute your commands or maintain your account.
AI Model Improvement This purpose aims to train and optimize our artificial intelligence algorithms, improve response accuracy, develop new features, and research usage patterns.	- Usage Data: interactions, behaviors, implicit preferences - Performance Data: response quality, processing time, errors - Aggregated Data: usage statistics, general trends - Technical Data: performance metrics, system logs	- Explicit Consent: We request your specific authorization for this purpose. You can withdraw your consent at any time. - Legitimate Interests: For anonymized data, we rely on our legitimate interest in improving our services.
Security and Compliance This purpose includes protecting our systems, fraud prevention, detecting abusive activities, responding to legal obligations, and maintaining compliance evidence.	- Audit Data: security logs, activity traces - Technical Data: IP addresses, browser information - Regulatory Data: consent evidence, transaction history - Security Signals: suspicious behaviors, intrusion attempts	- Legal Obligation: We are required to retain certain data to comply with regulatory requirements. - Legitimate Interests: We have a legitimate interest in protecting our systems and users from malicious activities.
Communication and Support This purpose covers sending important notifications, transactional communications, responding to assistance requests, and informing about critical updates.	- Contact Details: email, contact numbers - Preferences: languages, communication channels - History: support conversations, incident tickets - Metadata: timestamps, interaction frequencies	- Contract Performance: These communications are essential to inform you of changes affecting your service. - Consent: For marketing communications, we rely on your prior consent.