Privacy Policy

Overview

Bleep (“we”, “us”, or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our data loss prevention service.

Bleep's architecture is designed around a fundamental privacy principle: all scanning and detection happens locally on your device or network. The content of your AI requests never leaves your environment and never reaches Bleep's servers. Our cloud services handle only account management, license validation, and billing.

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the service.

Information We Collect

Account Information

When you register for an account, we collect:

• Name and email address
• Company name and domain
• Billing information (processed securely by Stripe; we do not store card numbers)
• Account preferences and settings

Usage Data (Cloud)

When your Bleep installation communicates with our cloud for license validation and account management, we collect:

• IP address used for license validation API calls (not proxy traffic)
• License key and subscription status
• Application version and platform information
• Aggregated detection metrics (counts by type only, no content)
• Browser type and device information (for web dashboard access)

Data Processed Locally (Never Sent to Bleep)

The Bleep proxy runs entirely on your device or network. All scanning, pattern matching, and content inspection happens locally. The content of your AI requests and responses is processed in-memory on your machine and is never transmitted to Bleep's servers. We have no ability to access, view, or store the content that flows through your local proxy.

Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

• Contract performance — Processing your account information and billing data is necessary to provide the service you subscribed to.
• Legitimate interest — We collect usage metrics and license validation data to maintain service security, prevent fraud, and improve our product.
• Legal obligation — We retain certain records (e.g., billing data) as required by tax and financial regulations.
• Consent — If we send marketing communications in the future, we will obtain your consent first. You may withdraw consent at any time.

How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain our service
• Process your transactions and manage your subscription
• Validate licenses and enforce subscription terms
• Send you service-related notifications and updates
• Respond to your comments, questions, and support requests
• Analyze aggregated usage patterns to improve our service
• Detect, prevent, and address technical issues
• Comply with legal obligations

Data Retention

We retain your account information for as long as your account is active or as needed to provide you services. Usage logs are retained for 90 days by default, though enterprise customers may configure custom retention periods.

You may delete your account at any time from Dashboard → Settings → Delete Account. Account deletion is immediate and permanent: your account, all associated data, licenses, enrolled devices, and subscriptions are removed at the time of deletion. Active Stripe subscriptions are automatically cancelled so no further charges are incurred.

We may retain certain anonymized or aggregated data that cannot be used to identify you, as well as records required by law or legitimate business purposes (e.g., billing records for tax compliance).

Data Security

We implement appropriate technical and organizational security measures to protect your data:

• All data in transit is encrypted using TLS 1.3
• Data at rest is encrypted using AES-256 (provided by Supabase)
• Access controls and audit logging for all systems
• Authentication and database hosted on Supabase (SOC 2 Type II certified)
• Payment processing handled by Stripe (PCI DSS Level 1 certified)
• Web hosting on Vercel with edge network distribution

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users without undue delay and no later than 72 hours after becoming aware of the breach, in accordance with GDPR Article 33. Notification will include the nature of the breach, the likely consequences, and the measures taken to address it.

Sub-Processors

We use the following third-party sub-processors to deliver our service. Each maintains its own security certifications and privacy commitments:

None of these sub-processors have access to the content processed by your local Bleep proxy. They only process the cloud-side data described in this policy (account info, billing, license validation).

Cookies

Our website uses a minimal set of cookies:

• Authentication session cookie — Set by Supabase to maintain your login session. This is a strictly necessary cookie and does not require consent.
• Security cookies — CSRF protection and similar security tokens required for safe operation of the web dashboard.

We do not use any third-party analytics, advertising, or tracking cookies. We do not use Google Analytics or any similar services.

Your Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights regarding your personal data:

• Access — Request a copy of your personal data
• Rectification — Request correction of inaccurate data
• Erasure — Request deletion of your personal data
• Portability — Request transfer of your data in a machine-readable format
• Objection — Object to processing based on legitimate interest
• Restriction — Request restriction of processing
• Withdraw consent — Where processing is based on consent, withdraw it at any time

To exercise any of these rights, please contact us at contact@bleep-it.com. We will respond to your request within 30 days. You also have the right to lodge a complaint with your local data protection supervisory authority.

California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with additional rights:

• Right to know — You may request the categories and specific pieces of personal information we have collected about you.
• Right to delete — You may request deletion of your personal information.
• Right to opt-out of sale — We do not sell your personal information to third parties.
• Right to non-discrimination — We will not discriminate against you for exercising your privacy rights.

“Do Not Sell My Personal Information”: Bleep does not sell, rent, or trade your personal information to third parties for monetary or other valuable consideration. We do not participate in data broker networks or share data for cross-context behavioral advertising.

Automated Decision-Making

Bleep does not engage in automated decision-making or profiling that produces legal effects or similarly significant effects on individuals. The local proxy's pattern detection is a security tool that flags potential data leaks — it does not make decisions about individuals.

International Data Transfers

Your account and billing information may be transferred to and processed in the United States, where our sub-processors operate. We ensure that such transfers comply with applicable data protection laws through appropriate safeguards such as Standard Contractual Clauses (SCCs). The content processed by your local Bleep proxy is not transferred internationally — it remains on your device.

Children's Privacy

Our service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us and we will take steps to delete such information.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the “Last updated” date. For significant changes, we will also notify you via email. You are advised to review this Privacy Policy periodically for any changes.

Contact Us

If you have any questions about this Privacy Policy, please contact us:

• Email: contact@bleep-it.com
• Address: 548 Market St, Suite 35435, San Francisco, CA 94104