logo

Privacy Policy

1. Introduction

This Privacy Policy explains how BHAG AI (“BHAG”, “we”, “us”, or “our”), operated by individual entrepreneur Aleksei Stepankov, collects, uses, and protects personal information when you access or use the BHAG AI platform and related services (“Service”).

Your privacy is important to us.

We aim to be clear about what data we collect, how we use it, and what rights you have.

By using the Service, you agree to this Privacy Policy.

If you do not agree, you must stop using the Service.

1.1. Relationship With Paddle

All purchases, payments, and invoices are handled by Paddle, our authorized reseller and Merchant of Record.

  • Paddle acts as an independent data controller for all billing-related information.
  • This Privacy Policy applies only to data processed by BHAG, not by Paddle.

For information about Paddle’s data practices, please refer to Paddle’s Privacy Policy.

1.2. Scope

This Privacy Policy applies to:

  • the BHAG AI website and application,
  • your interactions with our support channels (including Crisp chat),
  • analytics and operational systems used to provide the Service.

It does not apply to:

  • Paddle’s payment processing systems,
  • third-party websites or services you access through BHAG,
  • data practices of external AI model providers (though we explain how we use them).

1.3. Definitions

  • “Personal Data” — information that identifies or can reasonably identify an individual.
  • “User Content” — idea descriptions or other inputs you submit for generating research outputs.
  • “Reports” / “Results” — AI-generated outputs produced from your inputs.
  • “Processing” — any operation performed on Personal Data (collection, storage, use, deletion, etc.).

1.4. Eligibility and Children’s Privacy

The Service is intended for individuals 18 years of age or older.

We do not knowingly collect personal data from anyone under 18.

If you believe a minor has provided personal data, please contact us at support@bhag.ai so we can delete it.

2. Data We Collect

We collect only the data necessary to operate, secure, and improve the BHAG AI Service.

This includes information you provide directly, data collected automatically when you use the Service, and information processed by essential third-party providers.

We do not collect sensitive personal data (such as government IDs, financial details, or biometric information).

We do not process personal data of third parties through User Content.

2.1. Information You Provide

2.1.1. Account Information

When you create an account, we collect:

  • Email address (required)
  • Password or authentication credentials
  • Account creation and login timestamps
  • Language or interface preferences (if applicable)

2.1.2. Optional Profile Information

You may choose to provide additional optional information:

  • Name (for personalization)
  • Role or profession (to understand who uses BHAG)
  • Country (for localization and analytics)
  • Onboarding answers (e.g., your goals or expectations)

These fields are voluntary and not required to use the Service.

2.1.3. User Content

We process the text you submit for generating Discovery Reports, such as:

  • idea descriptions
  • product or market concepts
  • contextual inputs

User Content must not include personal data of third parties.

It is used solely to generate AI-based outputs.

2.1.4. Communications

If you contact us (e.g., via email or Crisp chat), we process:

  • your email address
  • messages and support inquiries
  • limited metadata required to operate support tools (e.g., browser type, IP region)

2.2. Information Collected Automatically

2.2.1. Technical and Device Information

We automatically collect:

  • IP address (for security, fraud detection, and routing)
  • Browser type and version
  • Device type and operating system
  • Referrer URLs
  • Timezone and locale
  • Basic system information required to render the UI

2.2.2. Usage and Analytics Data

Through tools such as Google Analytics and, where enabled, Amplitude, we collect:

  • page views and navigation flow
  • clicks and interaction patterns
  • onboarding and feature usage
  • anonymized session data
  • error events and performance metrics

We do not collect keystrokes or private form content.

2.2.3. Log Data

For security and diagnostics, we maintain logs containing:

  • timestamps
  • API request metadata
  • rate-limit events
  • error traces
  • system performance data

Logs do not store your User Content.

2.3. Data Processed by Third-Party Providers

2.3.1. Paddle (Merchant of Record)

We do not collect or store payment card data.

Paddle processes all billing information independently, including:

  • payment method details
  • billing address or country
  • tax information (e.g., VAT ID)
  • transaction history

Paddle acts as an independent data controller for billing data.

2.3.2. AI Model Providers

To generate Reports, we securely transmit only User Content necessary for processing to providers such as:

  • OpenAI (gpt)
  • Anthropic (claude)
  • Google (gemini)
  • X.AI (grok)

We do not send:

  • your email
  • your name
  • profile information
  • billing data
  • analytics identifiers

Providers do not use your data for training their public models.

2.3.3. Support Tools (Crisp)

Crisp may process:

  • your email (if provided)
  • support messages
  • limited technical metadata

Used exclusively for customer support.

2.3.4. Hosting & Infrastructure

We use:

  • Hetzner (United States) — servers, databases
  • Cloudflare — CDN, security, DNS

These providers process standard technical metadata as part of service operation.

2.4. Information We Do Not Collect

We do not collect or store:

  • personal data of your customers, users, or third parties
  • documents or files uploaded by users (we don’t support file uploads)
  • payment card details
  • sensitive personal data (health, biometrics, religion, etc.)
  • information intentionally submitted by individuals under 18

3. How We Use Your Data

We use the data we collect strictly for operating, securing, and improving the BHAG AI Service.

We do not sell personal data, use it for advertising, or train external AI models with it.

3.1. To Provide and Operate the Service

We process your data to:

  • create and manage your account
  • authenticate your login
  • run AI-based research and generate Discovery Reports
  • store and display your research history
  • deliver customer support
  • maintain core functionality (UI, localization, infrastructure)

Without this processing, we cannot provide the Service.

3.2. To Maintain Security and Prevent Abuse

We use technical and log data to:

  • detect suspicious or fraudulent activity
  • prevent misuse of trials, refunds, and multiple accounts
  • protect accounts from unauthorized access
  • monitor platform stability and integrity
  • comply with Paddle’s anti-fraud and risk rules

These measures help keep the platform safe for all users.

3.3. To Improve the Service

We use aggregated and anonymized usage data to:

  • understand how users interact with BHAG
  • optimize onboarding and user experience
  • improve the quality and consistency of AI outputs
  • build new features and refine existing ones
  • identify errors and performance issues

We do not use your User Content to train external AI models.

3.4. To Communicate With You

We may send you messages related to:

  • service operation (e.g., “your report is ready”)
  • account access and security
  • support responses
  • important product or policy updates

You may opt out of non-essential communications.

3.5. To Process Payments (via Paddle)

Paddle processes your payment information.

We may access high-level transaction metadata (not card data) to:

  • verify purchases
  • assist with refunds
  • investigate fraud or disputed transactions
  • provide customer support

All billing data is processed under Paddle’s Privacy Policy.

We may process certain data to:

  • meet applicable tax, regulatory, or accounting obligations
  • respond to lawful requests from authorities
  • enforce our Terms of Service

We only disclose what is necessary.

3.7. To Personalize Your Experience

If you choose to provide optional profile details (e.g., name, role, expectations), we may use them to:

  • adjust onboarding to your use case
  • tailor communication style
  • improve product relevance and guidance

Personalization is limited and optional.

3.8. For Internal Research and Analytics (Aggregated Only)

We may use anonymized, aggregated data for:

  • product analytics
  • performance analysis
  • business planning
  • research and statistical purposes

This data cannot identify you.

4. Legal Bases for Processing (GDPR)

If you are located in the EU, EEA, UK, or Switzerland, we process your personal data under one or more of the following legal bases:

4.1. Performance of a Contract

We process your data when necessary to:

  • create and maintain your account
  • authenticate your access to the Service
  • generate Discovery Reports
  • provide customer support
  • process payments (via Paddle)

Without this processing, we cannot deliver the Service.

4.2. Legitimate Interests

We process certain data to pursue our legitimate business interests, including:

  • improving the Service and user experience
  • ensuring security and preventing fraud or abuse
  • monitoring platform performance and reliability
  • understanding aggregated usage patterns
  • communicating essential product information

We balance these interests against your privacy rights and minimize data wherever possible.

We rely on your consent when:

  • you choose to enable analytics cookies (where required)
  • you provide optional profile information
  • you subscribe to non-essential communications

You may withdraw your consent at any time without affecting prior lawful processing.

We may process and retain certain data when required to:

  • comply with tax, accounting, or regulatory requirements
  • respond to lawful requests from authorities
  • enforce our Terms of Service

4.5. Protection of Rights and Safety

In rare cases, we may process or disclose data when necessary to:

  • protect the rights, safety, or security of users or the public
  • prevent harm or address suspected misconduct

This basis is used only when strictly required.

5. How We Store and Protect Your Data

We take the security of your data seriously and use industry-standard technical and organizational measures to protect it.

5.1. Data Storage Locations

Your data is stored and processed on secure cloud infrastructure, primarily in the United States, using:

  • Hetzner — application servers and databases
  • Cloudflare — CDN, caching, network protection

Some technical data may be temporarily processed in other regions by AI model providers or CDN networks to deliver the Service efficiently.

We do not intentionally store personal data outside our primary hosting region unless required to operate the Service.

5.2. Security Measures

We implement multiple safeguards to protect your data, including:

  • encryption in transit (HTTPS/TLS)
  • restricted internal access to production systems
  • authentication and authorization controls
  • network firewalls and intrusion detection
  • monitoring and logging of security-relevant events
  • regular updates and security patches

We review and update our security practices on an ongoing basis.

5.3. Use of Third-Party AI Model Providers

To generate Discovery Reports, portions of your User Content may be processed by AI providers such as OpenAI, Anthropic, Google, and X.AI.

We do not send:

  • your email
  • your name
  • your profile details
  • any payment or identifying information

AI providers process submitted content solely to generate output and, according to their published policies, do not use it for model training.

We send only the minimum text required to perform your research.

5.4. No Storage of Sensitive Data or Uploaded Files

We do not store:

  • customer or third-party documents
  • images or attachments
  • sensitive categories of personal data

We retain only the information necessary to operate the Service.

5.5. Retention of Research Data

Discovery Reports and User Content are stored in your account until:

  • you delete them, or
  • you delete your account, or
  • you request removal.

We do not automatically expire your research data unless required for operational purposes.

5.6. Account Data Retention

When you delete your account:

  • personal account data (email, profile details) is deleted within a reasonable period (typically 30 days),
  • anonymized or aggregated data may be retained for analytics or security purposes,
  • Paddle may retain billing records as required by law.

5.7. Protection Against Unauthorized Access

To protect accounts from unauthorized access, we:

  • enforce secure authentication,
  • maintain strict internal access controls,
  • restrict administrative privileges to essential personnel only.

You are responsible for safeguarding your own login credentials.

5.8. Incident Response

If we become aware of a data breach affecting your personal data:

  • we will notify you without undue delay, and
  • describe the nature of the incident and mitigation steps,
  • comply with applicable notification requirements (e.g., GDPR, UK GDPR, CCPA).

6. Who We Share Your Data With (and Why)

We do not sell your personal data.

We only share data with trusted service providers when necessary to operate the Service, deliver core functionality, or meet legal obligations.

6.1. Paddle (Merchant of Record)

All purchases are processed by Paddle, which acts as the seller of record and an independent data controller for billing information.

Paddle receives:

  • payment method details
  • billing address or country (for tax purposes)
  • transaction metadata

We do not access or store your payment information.

For more information, refer to Paddle’s Privacy Policy.

6.2. AI Model Providers

To generate Discovery Reports, portions of your User Content may be sent to AI providers such as:

  • OpenAI (gpt)
  • Anthropic (claude)
  • Google (gemini)
  • X.AI (grok)

We never transmit personal account information such as:

  • email
  • name
  • profile data
  • billing information

AI providers process content solely to generate output and, per their policies, do not use it for model training.

We send only the minimum content required for research.

6.3. Hosting and Infrastructure Providers

We use reputable providers to host and deliver the Service:

  • Hetzner — servers, databases, backend systems
  • Cloudflare — CDN, security, routing

They may process:

  • IP addresses
  • technical metadata
  • encrypted traffic

These providers act as processors and are bound by contractual confidentiality and security obligations.

6.4. Customer Support Tools

To provide support and resolve issues, we use:

Crisp.chat

Crisp may receive:

  • your email (if you provide it)
  • chat messages
  • basic technical metadata (device, browser, region)

This data is used solely to assist you.

6.5. Analytics Providers

We use analytics services to understand usage patterns and improve the product, including:

  • Google Analytics
  • Amplitude (if enabled)

These tools may process:

  • device and browser information
  • usage events
  • IP addresses (which can be anonymized)

We do not send personal identifiers (e.g., name, email) to analytics tools unless strictly necessary.

Analytics cookies require consent where applicable.

6.6. Email Delivery Services (If Used)

If we send emails or notifications, email providers may process:

  • your email address
  • message content (e.g., onboarding instructions or report notifications)

We do not use email services for unsolicited marketing without consent where required.

We may disclose data when required to:

  • comply with laws or legal processes
  • respond to valid government requests
  • protect the rights, safety, or security of users or the Service
  • enforce our Terms of Service
  • prevent fraud or abuse

We only share the minimum information necessary.

6.8. Business Transfers

If BHAG AI is ever involved in a merger, acquisition, or asset transfer, your personal data may be transferred as part of that transaction.

We will notify you before data becomes subject to a different privacy policy.

7. Data Retention

We retain personal data only for as long as necessary to provide the Service, comply with legal obligations, maintain security, and support legitimate business needs. Different categories of data are stored for different periods, as described below.

7.1. Account Information

We retain your account information (such as your email and optional profile fields) for as long as your account remains active.

If you request account deletion:

  • personal data is removed from active systems,
  • backups are overwritten following our standard backup cycle,
  • minimal data may be retained where legally required (e.g., fraud prevention, compliance).

7.2. User Content and Research Inputs

We store User Content (your idea descriptions, product insights, contextual information) so that you can generate and revisit Discovery Reports.

We retain User Content until you delete your account or request removal.

Residual copies may remain temporarily in encrypted backups until the next scheduled purge.

7.3. Discovery Reports and AI-Generated Outputs

Reports generated by the Service are kept in your account until you delete them or delete your account.

We do not automatically remove reports unless necessary for operational reasons.

Reports are not used to train external AI models.

7.4. Technical and Log Data

Technical logs (e.g., IP addresses, device metadata, error logs) are retained for a limited period to:

  • troubleshoot technical issues
  • ensure security and prevent abuse
  • monitor system performance
  • comply with operational or legal requirements

Retention periods typically range from 7 to 90 days, depending on the log type.

Certain security-related logs may be retained longer if needed to investigate malicious activity.

7.5. Analytics Data

Analytics data (e.g., Google Analytics, Amplitude) is retained according to the standard retention settings of each provider.

Where possible, analytics data is aggregated or anonymized to minimize personal information.

You may opt out of analytics cookies where required by law or via cookie preferences (if available).

7.6. Customer Support Messages

Support messages submitted via Crisp are retained according to Crisp’s default policies and used solely to provide customer support.

Messages are not automatically deleted when your account is closed, but you may request their removal.

7.7. Billing and Payment Records (Handled by Paddle)

We do not store payment method information or billing details.

All payment records (including invoices, tax data, and transaction history) are processed and retained by Paddle, our Merchant of Record, according to their legal obligations (often 7–10 years, depending on tax jurisdiction).

We cannot delete or modify Paddle’s billing records.

7.8. Account Deletion Requests

When you ask us to delete your account:

  1. Your personal data is removed from our active systems.
  2. User Content and Discovery Reports are erased.
  3. Analytics identifiers are deleted or anonymized.
  4. Support messages may be removed upon request.
  5. Only the minimum data required for legal or fraud-prevention purposes may be retained.

Deletion is typically completed within 30 days, unless retention is legally required.

7.9. Exceptions to Deletion

We may retain certain data if necessary to:

  • comply with legal or regulatory obligations,
  • resolve disputes,
  • enforce our Terms of Service,
  • prevent fraud or misuse,
  • maintain system backups that are automatically overwritten on a scheduled basis.

Any retained data is strictly minimized and securely stored.

8. Your Rights

Depending on your location, you may have certain rights regarding your personal data. We will respect and respond to these rights in accordance with applicable laws such as the GDPR, UK GDPR, CCPA/CPRA, and other regional privacy frameworks.

You may exercise any of these rights by contacting us at support@bhag.ai.

8.1. Right to Access

You may request:

  • confirmation of whether we process your personal data,
  • a copy of the personal data we hold about you,
  • information about how and why it is processed.

8.2. Right to Rectification

You may request that we correct or update inaccurate or incomplete personal data.

Certain details (such as name or profile information) can be edited directly in your account settings, if available.

8.3. Right to Erasure (“Right to Be Forgotten”)

You may request deletion of your personal data.

When you do:

  • your account is permanently deleted,
  • your User Content and Discovery Reports are removed from active systems,
  • minimal information may be retained only where legally required (e.g., fraud prevention, compliance).

We cannot delete billing records retained by Paddle, as Paddle acts as an independent data controller.

8.4. Right to Restrict or Object to Processing

You may request that we:

  • stop processing your personal data, or
  • limit how it is used.

We will comply unless there are overriding legal or operational reasons to continue processing (e.g., security, fraud prevention).

8.5. Right to Data Portability

Where technically feasible, you may request a machine-readable copy of:

  • your account information,
  • profile information,
  • User Content associated with your account.

This does not apply to analytics or logs that cannot be linked back to you in a meaningful way.

If we rely on your consent (for example, analytics cookies or optional profile fields), you may withdraw that consent at any time.

Withdrawal does not affect the legality of processing prior to withdrawal.

8.7. Right to Disable Cookies

You may control cookie use by:

  • adjusting browser settings,
  • declining analytics cookies where consent tools are available,
  • opting out directly within certain third-party tools (e.g., Google Analytics opt-out extensions).

Essential cookies cannot be disabled because the Service cannot operate without them.

9.8. Right to Lodge a Complaint

If you believe your privacy rights have been violated, you may lodge a complaint with the data protection authority in your region.

Examples include:

  • EU/EEA → your national Data Protection Authority
  • UK → Information Commissioner’s Office (ICO)
  • California → Office of the Attorney General
  • Other regions → your local regulator

We encourage you to contact us first so we can resolve the issue promptly.

8.9. Response Time

We aim to respond to all rights requests:

  • within 30 days, or
  • within the legally required timeframe for your jurisdiction.

If your request is complex or requires more time, we will notify you of the delay and explain the reason.

9. Cookies and Tracking Technologies

This section explains how BHAG AI uses cookies and similar technologies, what they do, and what choices you have.

The tone is legal-polished, compliant with GDPRePrivacyCCPA, and Paddle’s ecosystem requirements, without unnecessary bulk.

9.1. What Are Cookies?

Cookies are small text files stored on your device when you visit a website.

They help us operate the Service, maintain security, remember preferences, and understand how users interact with the platform.

We also use similar technologies such as:

  • local storage,
  • session storage,
  • device/session identifiers used by analytics tools,
  • Crisp chat metadata.

These technologies serve the same purposes as cookies.

9.2. Types of Cookies We Use

(a) Essential Cookies (Strictly Necessary)

Required for the Service to function. They enable:

  • secure login and authentication,
  • maintaining your session,
  • basic security protections (e.g., CSRF prevention),
  • storing minimal preferences (e.g., language settings).

These cookies cannot be disabled because the platform cannot operate without them.

(b) Analytics and Performance Cookies

We use analytics tools to understand product usage and improve the platform.

Depending on your region, these may require consent.

These cookies help us measure:

  • page views and navigation flows,
  • feature usage and interactions,
  • performance, load times, and errors,
  • aggregated traffic patterns.

Tools that may set analytics cookies:

  • Google Analytics
  • Amplitude (if enabled)
  • Crisp Chat (basic usage metadata)

We do not use analytics to collect sensitive information, keystrokes, or content entered in forms.

We do not use analytics for advertising or retargeting.

(c) Functional Cookies

These optional cookies improve your experience by remembering:

  • interface preferences,
  • language or onboarding choices,
  • optional UI settings.

If disabled, certain convenience features may not work as intended.

9.3. Your Choices

You can manage cookies in several ways:

  • adjust your browser settings to block or delete cookies,
  • decline analytics cookies where cookie consent banners are implemented,
  • opt out of analytics via browser-level tools or extensions, where supported,
  • disable certain analytics within third-party tools directly.

Please note:

  • Essential cookies cannot be turned off, as the Service requires them to function,
  • Blocking cookies may affect your ability to use the platform.

9.4. Third-Party Cookies

Some third-party services we use may place their own cookies or tracking technologies:

  • Google Analytics — usage analytics
  • Amplitude — product analytics
  • Crisp Chat — customer support widget
  • Cloudflare — security and performance optimization
  • Hetzner — may set load balancer session cookies

These providers process data under their own privacy policies.

We ensure they only receive the minimum information required for their function.

9.5. No Advertising, Retargeting, or Cross-Site Tracking

BHAG AI does not use any of its own:

  • advertising cookies,
  • marketing pixels,
  • retargeting systems,
  • cross-site tracking technologies,
  • social media tracking (e.g., Meta Pixel, TikTok Pixel),
  • third-party behavioral profiling.

This simplifies compliance and protects user privacy.

9.6. “Do Not Track” (DNT) Signals

Browsers may send a “Do Not Track” signal.

While we do not engage in cross-site tracking or advertising, third-party analytics tools may not consistently respond to DNT.

10. International Data Transfers

Because BHAG AI operates globally and relies on third-party infrastructure providers, your personal data may be transferred to and processed in countries outside your country of residence. These locations may have different data protection standards than those in your jurisdiction. We take appropriate steps to ensure that all international transfers comply with applicable privacy laws and provide an adequate level of protection.

10.1. Where Data Is Processed

Your data may be processed in the following regions, depending on how you use the Service:

  • United States — primary hosting (Hetzner), AI model providers, analytics tools
  • European Union / UK — Paddle (independent data controller), Cloudflare (where EU routing applies)
  • Other jurisdictions — where subprocessors or distributed infrastructure components operate as necessary for service delivery

We do not intentionally store personal data in locations without adequate protection unless appropriate safeguards are in place.

10.2. Safeguards for EU/EEA and UK Users

When personal data is transferred from the EU/EEA or UK to countries that do not provide an adequacy decision (such as the United States), we rely on one or more of the following mechanisms:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • UK International Data Transfer Addendum
  • Data Processing Agreements (DPAs) with subprocessors
  • Technical and organizational measures such as encryption, access controls, and data minimization

These measures help ensure that the protection of your personal data remains consistent with EU/UK requirements.

10.3. AI Model Providers

To generate Discovery Reports, we transmit only the User Content necessary for processing to trusted AI model providers such as:

  • OpenAI (gpt)
  • Anthropic (claude)
  • Google (gemini)
  • X.AI (grok)

We do not send:

  • your name
  • your email
  • your profile details
  • any billing or payment information

AI providers process submitted content solely to return output and, according to their published terms, do not use it for training their public models.

10.4. Hetzner (United States)

BHAG AI is primarily hosted on Hetzner in the U.S.

Hetzner provides:

  • GDPR-compliant infrastructure and processing agreements
  • encryption in transit (TLS) and options for encryption at rest
  • ISO 27001-certified data-center operations
  • strong physical and logical security controls

10.5. Cloudflare CDN

We use Cloudflare for:

  • global content delivery
  • DDoS protection
  • routing and performance optimization

Cloudflare may temporarily process:

  • IP addresses
  • basic routing data
  • security-related metadata

Cloudflare participates in the EU–US Data Privacy Framework, where applicable.

10.6. Paddle (Independent Data Controller)

Paddle is our Merchant of Record and independently manages:

  • payment processing
  • invoicing
  • tax calculations

Paddle processes billing data in its own infrastructure, which may involve transfers to the EU, UK, U.S., or other jurisdictions.

We do not control Paddle’s processing activities or data transfers.

For details, refer to Paddle’s Privacy Policy.

10.7. Other Third-Party Services

Certain third-party tools may process limited technical data, including:

  • Google Analytics
  • Amplitude
  • Crisp (support chat)
  • Cloudflare (security and routing)

These providers may route traffic globally for operational purposes (e.g., latency optimization, security scanning).

They receive only the minimal data required to perform their functions and are contractually obligated to maintain confidentiality and security.

10.8. Limited Transfers of Technical Metadata

Certain information — such as IP addresses, device metadata, or browser details — may be temporarily processed internationally due to the distributed nature of modern web infrastructure.

Such processing is required to:

  • deliver content reliably
  • optimize performance
  • maintain security

This processing does not include User Content or personal identifying information beyond what is strictly necessary.

In some jurisdictions, we may request your explicit consent before transferring personal data internationally.

By using the Service, you acknowledge that:

  • your data may be processed in countries with different privacy protections,
  • we apply appropriate safeguards to protect it,
  • international transfers are necessary to operate a global SaaS platform.

11. Children’s Privacy

The Service is not intended for — and may not be used by — individuals under 18 years of age.

We do not knowingly collect or process personal data from anyone under 18. If you are under 18, you must not use the Service or provide any personal information.

If we become aware that we have collected personal data from a minor without appropriate consent:

  • we will delete the information as soon as reasonably practicable, and
  • we may suspend or terminate the associated account.

If you believe that a minor may have provided personal data to us, please contact us at support@bhag.ai

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our Service, legal requirements, or data practices.

If we make material changes, we will notify you by:

  • email sent to the address associated with your account, or
  • a notice displayed within the Service.

Unless otherwise stated, updates become effective when the revised Policy is posted on this page.

Your continued use of the Service after the updated Policy becomes effective constitutes acceptance of the changes. If you do not agree with the updated terms, you should stop using the Service and may request account deletion at any time.

13. Contact Information

If you have any questions about this Privacy Policy or how your personal data is processed, you may contact us at:

individual entrepreneur Aleksei Stepankov

Email: support@bhag.ai Website: https://bhag.ai

For billing or payment-related inquiries (including invoices, taxes, payment records, or refunds handled after approval), please contact Paddle, our Merchant of Record, using the link included in your payment receipt.

If you are located in the EU, UK, or another region with data protection regulations, you may also contact your local data protection authority with concerns regarding your privacy rights. We encourage you to contact us first so we can address your request promptly.