This Privacy Policy explains how BlackBit Brain (“BBB”, “we”, “us”) collects, uses, and safeguards personal data when you visit blackbitbrain.com or use our products. We are headquartered in Doha, Qatar, and we operate within the framework of:
- The Saudi Arabia Personal Data Protection Law (PDPL)
- The UAE Personal Data Protection Law (UAE PDPL)
- The Qatar Personal Data Protection Privacy Law (PDPPL)
- The EU General Data Protection Regulation (GDPR), where applicable
Where these frameworks differ, we apply the most protective standard.
What we collect
We collect the minimum necessary personal data for the purposes described below:
- Account data: name, business email, company, role.
- Billing data: handled by Stripe, our payment processor. We do not store credit card numbers; Stripe assigns each customer a token we use for billing references.
- Usage data: per-tenant operational metrics — which departments you activated, how many drafts your agents produced, which drafts were approved or rejected, how often a human reviewer overrode an agent suggestion, time-to-resolution on customer-care tickets, calibration scores from the Foundry drill harness, and similar.
- Inbound social messages: when you connect a social account, BlackBit Brain ingests messages directed at that account. These are stored in your tenant’s encrypted columns and are accessible only via your authenticated session.
- Tenant credentials: OAuth tokens for connected platforms. These are sealed under your tenant-specific data encryption key (DEK), itself wrapped by your master key (KEK), which you control.
How we use your data
We use your data only for purposes you would reasonably expect:
- To provide BlackBit Brain’s product (drafts, complaint workflow, audit logs, etc.).
- To bill for the services you use.
- To communicate about service changes, security incidents, and important updates.
- To improve our agents and the product overall (see “How we improve our agents” below).
How we improve our agents using your data
BlackBit Brain ships AI agents that get better over time. The way they get better is by learning from how they perform — which drafts were approved, which were edited, which were rejected; which routing decisions worked; which skills calibrated higher; which patterns reviewers consistently overrode. This is the Foundry drill harness in operation, and it is part of how we deliver the product you’re paying for.
Concretely, we use the following to improve agents and skills:
- Aggregated calibration signals — score deltas from the daily drill harness, tier promotion / demotion events, dual-judge agreement rates, response-time deltas.
- Approve / reject patterns — which drafts your reviewers accepted, edited, or rejected, plus the structural reason (tone, accuracy, brand voice, completeness, cultural fit).
- Anonymized skill demonstrations — successful task outcomes get distilled into reusable skill templates after stripping personal identifiers, brand-specific tokens, customer names, and any other identifying content.
- Error / escalation patterns — when agents escalated to a human, when a high-risk action was caught by the approval gate, when an audit-log entry was flagged. These patterns help us harden the system for everyone.
What this means in practice:
- Your raw customer messages are never used to train base models. The original content — what your customer wrote, what your agent drafted, what your reviewer typed — remains in your tenant.
- What leaves your tenant is the signal, not the content — e.g., “a draft of category X was rejected by a reviewer for reason Y” rather than the draft itself. Personal data, brand-specific phrasing, customer identifiers, and tenant-identifying tokens are stripped before any cross-tenant aggregation.
- No cross-tenant data leakage: an agent serving Customer A never sees Customer B’s data, ever, by row-level security at the database layer (Postgres RLS, FORCE’d on every table).
- The agents that get smarter are all agents — improvements land as platform updates available to every customer at your tier, not just the customer whose data informed the lesson.
Lawful basis
We rely on legitimate interest (Article 6(1)(f) GDPR; analogous provisions in PDPL / UAE PDPL / Qatar PDPPL): we have a legitimate interest in improving the agents you’re paying us to operate, and the signal-level data we use is anonymized + aggregated enough that it does not override your rights. We have run the balancing test and document it on request.
Opt-out
You can opt your tenant out of cross-tenant aggregation at any time:
- Enterprise + Sovereign: opt-out is part of your contract by default. Tell your account manager and we’ll flip the flag.
- Starter + Growth: email [email protected] with subject “Opt out of agent improvement program”. We confirm within one business day. Your tenant’s signal data is excluded from the next aggregation cycle (within 24 hours).
Opting out does not degrade the service you receive — your agents still get every platform-wide improvement that lands. It only means your tenant’s signal doesn’t contribute to the next round of platform-wide improvements.
What we do not do
We never:
- Sell your data to third parties.
- Use your raw messages, drafts, or customer content to train base models (Anthropic / OpenAI / Cohere / local Ollama). These models never see your tenant’s content for training purposes — only inference, scoped to your tenant.
- Add you to marketing newsletters without explicit opt-in.
- Share your data with any government or law enforcement agency without serving you notice first (see /legal/data-sovereignty).
How we protect your data
- Per-tenant DEK encryption for all sensitive columns (OAuth tokens, integration credentials).
- Row-level security on every database table, scoped to your organization.
- Data residency in ap-south-1 (Mumbai), aligned with PDPL adequacy provisions. On-prem deployment available for Enterprise customers.
- Write-once audit log of every state change. Tamper-evident by design.
- TLS 1.3 for all data in transit.
- Backups encrypted with separate keys; daily snapshots; retention configurable per tier.
Your rights
Under PDPL, GDPR, and the other frameworks above, you have the right to:
- Access the personal data we hold about you (Data Subject Access Request, or DSR).
- Correct inaccurate data.
- Delete your data (subject to legal retention obligations, e.g. tax records).
- Export your data in a portable format. We provide JSON / CSV exports via API or admin UI at any time.
- Object to specific processing activities.
- Withdraw consent for any consent-based processing.
To exercise any of these rights — access, correction, deletion, restriction, portability, objection, withdrawal — file a Data Subject Request to [email protected]. We respond within 30 days (often within 5 business days). Privacy questions that aren’t formal requests go to [email protected].
Lawful bases (PDPL, GDPR, UAE PDPL, Qatar PDPPL)
We rely on the following lawful bases, depending on the activity:
| Activity | Lawful basis |
|---|---|
| Provisioning your tenant, billing, support | Contract (Art. 6(1)(b) GDPR; analogous PDPL provisions) — necessary to deliver the service you signed up for |
| Service communications (incidents, downtime, billing notices) | Contract + Legal obligation (security incident notice) |
| Marketing newsletters | Consent (Art. 6(1)(a) GDPR) — opt-in only, withdrawable at any time |
| Agent improvement program (Section above) | Legitimate interest (Art. 6(1)(f) GDPR) — balanced against your rights; you can opt out |
| Audit log retention | Legal obligation (tax, regulatory record-keeping where applicable) + legitimate interest (security forensics) |
| Cookie use (preferences, privacy-respecting analytics) | Legitimate interest for strictly-necessary cookies; consent for analytics |
If you would like our balancing-test memo for any legitimate-interest activity, email [email protected].
Data retention
We retain data for the minimum period necessary to deliver the service, comply with law, and resolve disputes.
| Data category | Retention period | Notes |
|---|---|---|
| Account profile | Active tenant lifetime + 90 days after termination | Then permanently deleted from production; backups retained 90 additional days |
| Customer Data (drafts, messages, audit log) | Active tenant lifetime + 90 days after termination | Same schedule as above |
| Billing records | 7 years after last transaction | Tax + regulatory requirement |
| Anonymized signal data (agent improvement) | Indefinite, in aggregate form | Personal identifiers removed at ingestion |
| Marketing-list email | Until you unsubscribe | Single-click unsubscribe in every email |
| Server logs (request logs, error logs) | 30 days rolling | No customer PII in these logs by design |
| Security incident logs | 7 years | Regulatory + forensic |
| Sub-processor audit records | 7 years | DPA evidence |
When data ages out, it is purged from production within 24 hours and from backups within 90 days. Encryption keys for purged data are rotated, so the residual ciphertext in any cold backup is unrecoverable.
Sub-processors
We use a small set of trusted sub-processors. Current list (as of the effective date at the top of this page):
| Sub-processor | Purpose | Region | Compliance posture |
|---|---|---|---|
| Supabase | Postgres database + auth | AWS ap-south-1 (Mumbai) | SOC 2 Type 2, HIPAA-eligible, GDPR-aligned |
| Cloudflare | CDN, DDoS, edge functions, DNS | Global anycast | SOC 2 Type 2, ISO 27001, GDPR-aligned |
| Stripe | Payment processing | Global | PCI-DSS Level 1, SOC 1/2, GDPR-aligned |
| Resend | Transactional email | US (EU region available) | SOC 2 Type 2 |
| Anthropic | Claude inference (when invoked) | US | SOC 2 Type 2, zero-retention enterprise tier |
| OpenAI | GPT inference (when invoked) | US | SOC 2 Type 2, zero-retention enterprise tier |
| Cohere | Command-R+ inference (when invoked) | US | SOC 2 Type 2 |
For Local-tier deployments, all of the above are optional. Local Ollama models run on your hardware; no third-party LLM inference is required.
We give Enterprise + Sovereign customers 30 days’ notice before adding a new sub-processor in a way that affects data residency, processing scope, or your contractual rights. Self-serve tiers get notice via the email on file.
Data breach notification
If we become aware of a personal-data breach affecting your tenant, we notify you:
- Without undue delay and within 72 hours of confirmed detection (PDPL + GDPR requirement).
- Via the email on file for your primary admin, with a phone follow-up for severity ≥ P2.
- With a written incident report including: nature of the breach, categories + approximate number of records affected, likely consequences, measures we’ve taken to contain + remediate, point of contact for further information.
Our incident response runbook is summarized in /legal/data-sovereignty under “How your data is encrypted” and operationally in the Engineering and Security & Trust departments.
Cookies
The marketing site (blackbitbrain.com) uses a minimal set of cookies. The application (app.blackbitbrain.com) uses session cookies set by Supabase Auth.
| Cookie | Set by | Purpose | Duration | Type |
|---|---|---|---|---|
__cf_bm | Cloudflare | Bot management | 30 minutes | Strictly necessary |
cf_clearance | Cloudflare | Challenge / CAPTCHA pass-through | 1 year | Strictly necessary |
bbb_lang | BlackBit Brain | Remember language preference (EN / AR) | 6 months | Functional |
_pl | Plausible Analytics | Aggregated page-view counts; no individual tracking, no cross-site profile | 1 day | Analytics |
sb-access-token / sb-refresh-token | Supabase Auth (app subdomain only) | Maintain your authenticated session | Per session / 7 days | Strictly necessary |
__stripe_mid / __stripe_sid | Stripe (only on /wizard checkout) | Fraud prevention during payment | 1 year / 30 minutes | Strictly necessary |
We do not use:
- Google Analytics, Facebook Pixel, LinkedIn Insight Tag, or any third-party tracking that profiles you across sites.
- Advertising cookies, retargeting cookies, or cross-domain user-ID cookies.
- Session-replay tools (FullStory, Hotjar, etc.).
You can decline non-essential cookies (the language cookie + Plausible analytics) without losing functionality. The remaining strictly-necessary cookies are required for sign-in, payments, and bot protection — declining them means the affected features won’t work.
Children
BBB is a B2B product. It is not directed at children under 16. We do not knowingly collect data from children.
Changes to this policy
We may update this policy as the product evolves. The effective date at the top of the page reflects the most recent change. We will notify customers via email of any material changes.
Contact
- Privacy questions: [email protected]
- Data Subject Requests (PDPL / GDPR rights): [email protected]
- Data Protection Officer: [email protected]
- Legal / regulator inquiries: [email protected]
- Mailing address: BlackBit Brain, Doha, Qatar