Privacy Policy

The Important Part First

Your conversations and documents are never used to train AI models. Bells Up AI accesses all AI providers — including OpenAI, Anthropic, and Google — through paid API agreements that specifically prohibit them from using your data to train their AI models. We do not use your conversations or documents to train our own models, either.

Your conversations are not stored on our servers unless you choose to save them. You may choose to save individual conversations by using the "Save" toggle. Your stored conversations are encrypted.

Document uploads: When you upload a document to a conversation, it is stored temporarily on our servers in an encrypted holding area, then deleted automatically when your session expires — within 24 hours of inactivity and no later than 72 hours after upload. If you save the conversation (Professional tier only), the document persists in encrypted storage for as long as the conversation is saved. Document content is sent inline to the AI provider you select when you send a message that uses it; documents are not stored through any provider file-storage service. Documents are never used to train any model.

You may delete saved conversations and their documents at any time, on demand. You may also delete your entire account from your account settings.

What We Process and Why

Account Data

We collect your email address, name, and a hashed password when you create an account. We use this data to authenticate you, communicate service updates, and manage your subscription. If you reached us through a marketing link, we may also record the campaign parameters (such as UTM tags) associated with your signup.

Organization Data

When your account is created, it is associated with an organization that may include an organization name. Organization owners can view usage information for other members of their organization, including which AI models were used and approximate conversation length, but cannot access the content of any member's conversations.

Bells Up AI staff may access aggregate usage metadata, including but not limited to conversation counts, timestamps, and model types used, for support and platform operations, but our platform's administrative tools do not allow Bells Up AI staff to view the content of your conversations or documents.

Conversation Content in Transit

When you send a message, we transmit your conversation to the AI provider you have selected in order to generate a response. Transmitting your messages to AI providers is processing of your personal data, even though we may not retain the content.

Saved Conversations (Optional)

If you turn on the Save Conversation toggle, the content of your message and the AI response is stored on our servers, and is encrypted at rest using AES-256-GCM encryption. Each conversation uses its own encryption key. You can delete saved conversations at any time.

Request Metadata

We collect and store request metadata for rate limiting, abuse detection, and security: timestamps, which AI model was used, which feature was used, response latency, and token counts (a measure of input and output length — not the actual text). IP addresses are collected at authentication and account-lifecycle events — including account signup, login and session refresh, password reset, acceptance of legal terms, and organization-invitation acceptance — and when administrators take administrative actions. The text of your messages, AI responses, or conversation titles is not saved to our usage logs. Metadata is retained for the life of your account. On account erasure, limited usage and identity records — usage totals, sign-in and security events, and consent records, never content — are retained for bounded periods under the independent lawful bases described in Section 8; the remainder is destroyed with the account.

Aggregate Analytics

We use the request metadata described above to understand aggregate usage patterns (such as daily request volume, peak usage times, and model performance). This helps us maintain and improve the service.

Feedback

If you submit feedback through the in-app feedback button, we collect the feedback category and your message, together with routing context: your name, email address, organization name, plan tier, and basic device and browser information. Feedback is forwarded to our team via a third-party messaging service (Slack) for review.

Billing and Payment Data

When you subscribe to a paid plan, we process the following billing data: your Stripe customer identifier, your subscription plan and seat count, and billing-address information that Stripe collects for tax-calculation purposes. We do not store your payment card details. Card data is held by Stripe, our payment processor, and is never transmitted to or stored on our servers. Billing records are retained in accordance with applicable tax and financial record-keeping law (see Section 8).

Checkout Location Check

Paid subscriptions are available only to customers in the United States and Canada. When you begin checkout for a paid subscription, we derive an approximate country from your IP address to confirm the paid service is available in your location, and we do not start a paid subscription from outside the United States and Canada. This check runs on our own infrastructure using an offline geolocation database; your IP address is not transmitted to any third-party geolocation service for this purpose, we use only the resulting country (not a precise location), and we do not retain your IP address for this check. When a checkout is declined, we record only the country code — to understand where demand is coming from — and it is not linked to you, your account, or your IP address. If you believe you were declined in error, contact us at info@bellsup.ai.

This check does not produce legal or similarly significant effects within the meaning of GDPR Art. 22; it determines only whether a paid subscription can be purchased in your location, and you may contact us at info@bellsup.ai to discuss availability.

Referral Program Data

If you participate in our referral program, we process your organization's referral code, any referral code you used when subscribing, and referral status and credit records associated with your account. When a referral converts to a paid subscription, we record the referring and referred attorneys' email addresses as part of the referral record, for credit attribution and fraud prevention. Referral codes themselves do not contain personal information.

Document Uploads

When you upload a document to a conversation, the following processing occurs:

Unsaved (ephemeral) conversations. The document is stored in a temporary encrypted area on our servers for the duration of your active session. It is deleted automatically when the session expires — within 24 hours of inactivity and no later than 72 hours after upload. You cannot extend this window. This temporary storage is necessary to transmit the document to the AI provider when you send a message.

Saved conversations (Professional tier). If you save the conversation, the document is moved to encrypted persistent storage and retained for as long as the conversation is saved. Deleting the conversation also removes the associated documents.

Encryption. Documents are double-encrypted: each document is encrypted at the application layer using the conversation's encryption key (AES-256-GCM), with each document cryptographically bound to its specific identifier. The storage layer applies an additional S3 server-side encryption layer managed by AWS KMS.

Transmission to AI providers. When you send a message in a conversation where you have uploaded a document, the document content is transmitted inline to the AI provider you have selected for that message — as part of the request, not through any provider file-storage service. AI providers are therefore recipients of document content when documents are used in conversation. The provider-side residue described in Section 6 applies to this transmitted content.

Legal Basis for Processing (GDPR)

Bells Up AI markets and offers its paid subscriptions to customers in the United States and Canada (see Terms of Service §02). If you are in the European Economic Area, we process personal data applying the framework of Article 6 of the General Data Protection Regulation (GDPR):

Performance of a contract (Art. 6(1)(b)): We process your account data, conversation content in transit, saved conversations and documents, organization data, billing and payment data, and referral program data as necessary to provide the Bells Up AI service. Saving a conversation is a feature of the Service; we store and encrypt that content as part of delivering the service. You may delete any saved conversation at any time.

Legitimate interest (Art. 6(1)(f)): We process request metadata (IP addresses, timestamps, token counts, model used), signup campaign-attribution parameters, and aggregate analytics for platform security, abuse detection, and service improvement. When you begin a paid-subscription checkout, we derive an approximate country from your IP address to confirm the paid service is available in your location (see Section 1). We process feedback submissions to improve the service. These processing activities involve metadata and voluntary submissions only — never conversation content.

Legal obligation (Art. 6(1)(c)): We retain billing, tax, and financial records as required by applicable tax and accounting law (see Section 8).

Role of the parties for client data. Conversation content and documents may include personal data about individuals other than you — for example, your clients. For that data, you or your firm are the controller and Bells Up AI acts as a processor, handling it only as necessary to provide the Service at your direction; you are responsible for the lawful basis for that data. This policy describes the personal data for which Bells Up AI is the controller. Customers requiring a data processing agreement under Article 28 GDPR may contact privacy@bellsup.ai.

What We Do Not Do

PracticeOur Policy
Log conversation contentNever logged in our application or infrastructure logs.
Train AI on your contentWe do not use your conversations or documents to train any AI model — ours or a third party's.
Sell your dataWe do not sell personal data to any third party.
Advertising cookiesWe use no advertising or tracking cookies.
Share data with advertisersWe have no advertising relationships that involve user data.
Store conversations by defaultUnsaved conversation content is not written to permanent storage by Bells Up AI.

Biscuits and Similar Technologies

We use one functional cookie: an HttpOnly, Secure refresh token that maintains your login session. This cookie is transmitted only over encrypted connections. We do not use analytics cookies, advertising cookies, or any third-party tracking technologies. This cookie qualifies as strictly necessary under the EU's ePrivacy Directive (Art. 5(3)) and therefore no additional consent is necessary.

Separately from cookies, the application stores a small amount of functional data in your browser's local storage, on your own device: interface preferences (such as panel widths), and short-lived working copies of unsaved conversation drafts and in-progress workflow results, so they are not lost if your browser reloads the page. This working data stays on your device — it is not transmitted to or readable by us as stored — and it expires automatically within 24 hours and is cleared when you log out. We use no client-side storage for tracking of any kind.

Categories of Recipients

Your data may be shared with the following categories of recipients:

RecipientRoleData InvolvedLocation
Amazon Web ServicesProcessorAll platform data (infrastructure, encryption, AI model hosting via Bedrock)United States
OpenAIProcessorConversation content in transit (when you select a GPT model)United States
GoogleProcessorConversation content in transit (when you select a Gemini model)United States
xAIProcessorConversation content in transit (when you select a Grok model)United States
SlackProcessorFeedback submissions (your message plus name, email, organization, plan tier, and device information) and sales inquiries (name, firm, email, requested seats)United States
ResendProcessorEmail addresses and names for transactional email delivery (account creation, password resets, service notifications)United States
StripeProcessorBilling address (for tax), subscription and seat metadata, payment-event records, and referral discount coupon identifiers when applicable. Card data is held by Stripe directly and is never transmitted to our servers.United States
XeroProcessorBilling and tax records for financial record-keeping purposes.United States
Google WorkspaceProcessorInternal team communications and support correspondenceUnited States
PipedriveProcessorProspective and current customer contact informationUnited States

Our staff access the server for administration and maintenance under the access controls described in Section 9.

OpenAI, Google, and xAI act as our processors in generating responses to your messages. To the extent those providers retain API inputs and outputs for their own abuse-monitoring, safety, and legal-compliance purposes under their own terms (see Section 6), they act as independent controllers of that limited retained data.

We do not share your conversation content with any third party other than Amazon Web Services, our infrastructure provider, and — where you select a direct-API provider (OpenAI, Google, or xAI) for a message — that provider, including any documents you upload and use in that conversation.

AI Providers and Data Handling

When you send a message, your prompt is transmitted to the AI provider you have selected. Each provider operates under paid API agreements that prohibit using your inputs and outputs to train or improve their models.

Bells Up AI monitors provider terms on an ongoing basis. The in-app privacy panel reflects each provider's current data handling commitments, including data retention practices. We encourage you to review the privacy panel before including highly sensitive information in a prompt, as provider practices may change over time.

Providers Hosted via AWS Bedrock

Anthropic (Claude), Meta (Llama), DeepSeek, Mistral, and Qwen models are accessed through AWS Bedrock under the AWS Data Processing Addendum. AWS does not use Bedrock API inputs or outputs to train any models, and your content is not retained by AWS after processing. Your data does not flow to the underlying model vendors.

Direct API Providers

OpenAI (GPT models): Accessed via the OpenAI API. Under OpenAI's API Data Usage Policy, API inputs and outputs are not used to train OpenAI models.

Google (Gemini models): Accessed via the Gemini API. Under Google's API Terms of Service, API inputs and outputs are not used to train Google models.

xAI (Grok models): Accessed via the xAI API. Under xAI's API terms, API inputs and outputs are not used to train xAI models.

Direct-provider retention residue. When you send a prompt or document to a direct-API provider (OpenAI, Google, or xAI), that content is transmitted inline as part of the request — not through any provider file-storage service. Those providers may retain API inputs and outputs for a limited period for abuse monitoring, safety, and legal-compliance purposes before deletion: approximately 30 days for OpenAI and xAI, and up to 55 days for Google (Gemini). The in-app privacy panel states the current window for each provider. We do not use any provider's zero-data-retention option. This residue is outside our control and is not removed by deleting your account with us; for that limited retained data, the provider acts as an independent controller, processing under its own terms rather than on our instructions. Providers accessed through AWS Bedrock (Claude, Llama, DeepSeek, Mistral, Qwen) are processed under the AWS Data Processing Addendum and are not subject to this residue window.

International Data Transfers

Bells Up AI's infrastructure is located in the United States. If you access the platform from the European Economic Area, your personal data will be transferred to the United States for processing.

Where our service providers receive personal data originating from the EEA, those transfers rely on the recipient's certification under the EU-U.S. Data Privacy Framework or on the Standard Contractual Clauses approved by the European Commission (Implementing Decision 2021/914). Our principal sub-processor, Amazon Web Services, is certified under the EU-U.S. Data Privacy Framework and incorporates SCCs in its Data Processing Addendum, which govern our use of the service.

You may request a copy of the applicable transfer safeguards by contacting privacy@bellsup.ai.

Data Retention

Organizing principle — content vs. records. User content (conversations, messages, document files, conversation titles) exists only to provide the service. It is destroyed on erasure and has no standing retention period. Structured records — usage, identity, audit, and billing data that never contain conversation content — are retained for bounded periods under independent lawful bases, described below.

Content has no standing retention period. Individual saved conversations and their documents can be deleted on demand at any time. Whole-account erasure destroys all saved content permanently (see Section 11 for the deletion process and the backup-residue window).

DataRetentionBasis
User content (conversations, messages, titles, documents, encryption keys)Life of the account; destroyed on erasure. Individual conversations deleted on demand at any time. Free accounts: erased promptly on account deletion. Paid accounts: erased after the 7-day hold (see Section 11). Inactive Free accounts may be deleted after 180 days of inactivity, with at least 180 days' prior notice (see Terms of Service §02).Held solely to provide the service; no continuing basis after erasure (GDPR Art. 17).
Ephemeral document uploads (unsaved conversations)Auto-deleted within 24 hours of session inactivity; hard cap of 72 hours.Held solely for the duration of the session to provide the service.
Pre-verification signup records (email address, IP address, referral code, and marketing-attribution parameters captured when you begin signup, before email verification)Deleted shortly after the registration completes or expires; no later than 30 days.Held to complete registration; fraud and abuse prevention (GDPR Art. 6(1)(b), 6(1)(f)).
IP addresses and request metadata (rate limiting, abuse detection)Life of the account; on erasure, retained only as described in the post-erasure rows below.Legitimate interest — platform security and abuse detection (GDPR Art. 6(1)(f)).
Post-erasure identity and authentication records (tombstoned email and username; sign-in events including IP and user-agent; consent records; quota-cap events)12 months from account erasure.Fraud and abuse prevention; defence of legal claims (GDPR Art. 6(1)(f), Recital 47; Art. 17(3)(b)/(e)).
Metered usage records (api_usage, daily_spending — usage totals, never content)Life of the account, plus 12 months after account erasure.Billing-dispute and chargeback defence (GDPR Art. 17(3)(e)).
Referral program records (referral codes, referral status, credit balances, redemption history, and — for converted referrals — referring and referred attorney email addresses; no conversation content)Life of the account. On erasure, free-text notes are scrubbed immediately; remaining referral records are retained for 12 months from account erasure.Performance of contract (GDPR Art. 6(1)(b)); fraud and abuse prevention for post-erasure retention (GDPR Art. 6(1)(f), Recital 47).
Security and audit logs (IP, user-agent, UUIDs, timestamps, event types — records, never content; stored in CloudWatch, IAM-locked)3 years.Security incident investigation and defence of legal claims (GDPR Art. 17(3)(e)); legitimate interest in security and in supporting customers' professional record-keeping — attorneys may need a multi-year access and activity history for bar, malpractice, and audit obligations (Art. 6(1)(f), Recitals 47 and 49).
Billing and tax records (Stripe and Xero records, billing audit log, subscription and payment metadata)Per applicable tax and financial record-keeping law, typically 6–7 years. No Stripe-side deletion at account erasure.Legal obligation (GDPR Art. 17(3)(b)).
Disaster-recovery backups (encrypted database backups held in access-controlled cloud storage)Approximately 30 days.Disaster recovery and business continuity.
Content-deletion records (audit log of user-initiated conversation deletions — conversation UUID, counts of items destroyed, timestamps; no title, filename, or message text)3 years (aligned to security/audit logs above). User-scoped; not accessible to org admins.Proof of deletion for customer data-accounting and malpractice defence; accountability (GDPR Art. 5(2)) and legitimate interest (Art. 6(1)(f)).
Feedback submissionsRetained for up to 24 months from submission, then deleted or anonymized.Legitimate interest (GDPR Art. 6(1)(f)).
Invitation records (invitee email and name on pending and terminal org_invitations rows)12 months from the most recent invitation action.Fraud and abuse prevention; defence of legal claims (GDPR Art. 6(1)(f), Recital 47; Art. 17(3)(e)).

Backup-residue window. After account erasure, deleted content ciphertext and wrapped encryption keys may persist in encrypted pre-deletion database backups for approximately 30 days before those backups expire and are automatically deleted. Exploiting this residue would require simultaneous access to a pre-deletion backup and our AWS KMS key — both are access-controlled and isolated. We treat this as a bounded, self-expiring window rather than a continuing copy. The deletion confirmation document we send you (see Section 11) identifies the date by which the backup window closes, so you have a single date to point to when certifying destruction to clients.

Direct-provider residue. Content transmitted to direct-API providers may be retained by those providers for abuse monitoring, safety, and legal-compliance purposes before deletion — approximately 30 days for OpenAI and xAI, and up to 55 days for Google (Gemini). We do not use any provider's zero-data-retention option. This is independent of our deletion process; see Section 6. Providers accessed through AWS Bedrock (Claude, Llama, DeepSeek, Mistral, Qwen) are processed under the AWS Data Processing Addendum and are not subject to this residue window.

Security

Encryption in transit: TLS 1.2 or higher with HSTS enforced on all connections.

Encryption at rest: Saved conversations are encrypted using AES-256-GCM with keys managed by AWS Key Management Service. Each conversation has its own encryption key. Decryption keys exist only in memory during a request and are never written to disk or cached.

Authentication: Access tokens are held in browser memory only — never in persistent browser storage. Refresh tokens are stored in HttpOnly cookies that cannot be accessed by JavaScript. Access tokens expire after 15 minutes.

Access controls: Production infrastructure access is restricted by IAM policies. Our application cannot access your decrypted conversation content without an active, authenticated request from you.

Output sanitization: AI outputs are sanitized before rendering to prevent injection attacks. User inputs are validated for length and encoding.

No prompt logging: Application logs contain no message content, AI responses, document content, or conversation titles.

Breach notification: In the event of a data breach involving personal data, we will notify the relevant supervisory authority within 72 hours where GDPR requires it, notify affected users without undue delay, and comply with applicable US state breach notification laws.

Law Enforcement and Compelled Disclosure

Bells Up AI will not voluntarily disclose the content of your conversations to law enforcement or any government entity.

If we receive legal process seeking your data, we will:

Scrutinize it. We will challenge subpoenas, court orders, and other demands we believe to be overbroad, vague, or legally deficient before producing anything.

Notify you. We will inform you of any request targeting your data unless a court order specifically prohibits us from doing so, allowing you the opportunity to assert your own legal rights.

If compelled to produce information, our architecture limits what we can produce:

Unsaved conversations are transmitted through our servers to the AI provider you select, but Bells Up AI does not write unsaved conversation content to permanent storage or retain it after processing. Because we do not retain unsaved conversation content, we cannot produce it from our systems in response to legal process.

Saved conversations are protected by envelope encryption. Each conversation you choose to save is encrypted with its own unique encryption key, managed through AWS Key Management Service. If ultimately compelled by valid legal process to produce saved content, we can decrypt and will produce only the specific conversations identified in the compulsion.

Operational metadata (such as timestamps, usage records, and security logs) may be subject to valid legal process, consistent with our retention policies in Section 8. We retain security and audit logs for up to 3 years; billing and tax records for the period required by applicable law. We do not retain unsaved conversation content and cannot produce what we do not hold.

Your Rights

All Users

Access, correction, and portability. You may contact us at privacy@bellsup.ai to request access to or correction of your personal data. We will respond within one month.

Data portability / export. You may request a portable copy of your saved conversation data by contacting us at privacy@bellsup.ai. We will prepare an export of your saved conversations and respond within one month. This is a manual process; there is currently no self-service export tool.

Per-conversation deletion. You may delete any individual saved conversation and its associated documents at any time, on demand, from within the platform. Deletion is permanent: the conversation's encryption keys are destroyed and the content cannot be recovered through Bells Up AI.

Account deletion — how to request it. Org admins and account owners may request deletion of the entire account (and for multi-member organizations, the entire organization) through the Delete Account control in account settings. You will be asked to confirm before the request is filed.

What happens after you request deletion:

  • Free accounts are erased promptly after the request is confirmed — access ends immediately, erasure runs shortly afterward, and there is no multi-day hold period. There is nothing to cancel once the request is confirmed.
  • Paid accounts enter a 7-day hold period. The account remains fully usable during the hold. You may cancel the deletion by contacting privacy@bellsup.ai within 7 days. After the hold, erasure runs and cannot be undone.

What erasure destroys. For Professional accounts: all saved conversations, messages, conversation titles, uploaded documents, and the encryption keys that protect them. Once the keys are destroyed, the content cannot be recovered through Bells Up AI. For Free accounts: your account data, saved preferences, and associated encryption keys. If your Free account retains saved conversations or documents from a prior Professional subscription, those are also destroyed. Free-text referral notes are scrubbed at erasure; referral status and credit records are retained for a bounded period for fraud prevention (see Section 8).

What is retained after erasure. Billing and tax records, security and audit logs, and identity and usage records are retained for limited periods under independent lawful bases, as described in Section 8 (Data Retention). We will tell you exactly what is retained and for how long in the deletion confirmation document (below).

Backup-residue window. After erasure, deleted content may persist in encrypted database backups for approximately 30 days before those backups expire and are automatically deleted. This is a bounded, self-expiring window. Your deletion confirmation document will identify the specific date by which the backup window closes.

Direct-provider residue. If you used OpenAI, Google, or xAI models, prompts and documents you sent to those providers may be retained by them for abuse monitoring, safety, and legal-compliance purposes before deletion — approximately 30 days for OpenAI and xAI, and up to 55 days for Google (Gemini). This residue is outside our control and is not removed by deleting your account with us. Providers accessed through AWS Bedrock (Claude, Llama, DeepSeek, Mistral, Qwen) are processed under the AWS Data Processing Addendum and are not subject to this residue window.

Deletion confirmation document. When erasure is complete, we will send the requesting org admin (and all org admins) a written confirmation identifying: the request date, the completion date, the categories of data destroyed, the backup-residue expiry date, and the categories of data retained with the applicable basis and period. Paid-tier confirmations certify destruction of saved conversations and documents. Free-tier confirmations describe what was erased. For Free accounts retaining saved content from a prior Professional subscription, the confirmation identifies the categories of saved conversations and documents destroyed.

Response window. We will complete erasure within 30 days of your request, and in any event within one month.

US State Privacy Rights and Disclosures

California (CCPA/CPRA) and other US states: Bells Up AI does not sell your personal information. We do not share your personal information for cross-context behavioral advertising. These statements apply as those terms are defined under the California Consumer Privacy Act, as amended by the California Privacy Rights Act, and under comparable state privacy laws including those in Virginia, Colorado, Connecticut, and other states with comprehensive privacy legislation.

Categories of personal information we collect: Identifiers (name, email, IP address), internet or electronic network activity (usage metadata, model selection, token counts), and, if you choose to save conversations, customer content stored in encrypted form.

How we use it: To provide and secure the service, as described in Section 1 of this policy.

Who we disclose it to: The categories of service providers listed in Section 5, solely to provide the service. We do not disclose personal information to third parties for their own commercial purposes.

Your rights: Depending on your state of residence, you may have the right to know what personal information we collect, request deletion, request correction, and opt out of the sale or sharing of personal information. Because we do not sell or share personal information, there is no sale or sharing to opt out of.

To exercise any of these rights, contact privacy@bellsup.ai. Account and organization deletion may also be initiated directly from account settings by org admins. You may also designate an authorized agent to make a request on your behalf. We will not discriminate against you for exercising your rights.

Canada (PIPEDA and Quebec Law 25)

If you are in Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) gives you the following rights regarding the personal information we hold about you as its controller:

Access and correction — You may request access to the personal information we hold about you and ask us to correct information that is inaccurate or incomplete. These requests are handled through the access, correction, and deletion mechanisms described under All Users above, including account and organization deletion from your settings.

Withdrawal of consent — You may withdraw your consent to our processing of your personal information at any time, subject to legal and contractual restrictions and reasonable notice. Withdrawing consent may prevent us from providing some or all of the service.

Complaint to a regulator — If you have unresolved concerns, you may file a complaint with the Office of the Privacy Commissioner of Canada (OPC).

Quebec residents (Law 25) — If you are in Quebec, you have additional rights under Quebec's Law 25, and you may file a complaint with the Commission d'accès à l'information du Québec (CAI).

To exercise any of these rights, contact us at privacy@bellsup.ai. We may request verification of your identity before fulfilling a request.

Additional Rights Under GDPR (EEA)

Bells Up AI markets and offers its paid subscriptions to customers in the United States and Canada (see Terms of Service §02). If you are in the European Economic Area, you have the following rights regarding your personal data:

Access, rectification, erasure, restriction, portability, and objection — including the right to object to processing based on legitimate interest. We will cease processing unless we demonstrate compelling legitimate grounds. The right to erasure is exercised through the process described under All Users above. Erasure requests are subject to the retention carve-outs in Section 8 (Data Retention), which are lawful under GDPR Art. 17(3)(b) (legal obligation, for billing and tax records), Art. 17(3)(e) (defence of legal claims), or because the retained records remain necessary for the fraud-prevention and security purposes described in Section 8 (Art. 17(1)(a), Art. 6(1)(f)). Data portability requests under Art. 20 may be submitted to privacy@bellsup.ai; we will provide a portable copy of your saved conversation data within one month.

Lodge a complaint with a supervisory authority, in particular in the EEA member state of your residence, place of work, or of the alleged infringement.

To exercise any of these rights, contact us at privacy@bellsup.ai. We may request verification of your identity before fulfilling a request.

Providing your IP address is a technical necessity of using the service; we cannot provide the service to you without processing it. You are not required to provide any other personal data beyond what is necessary to create and maintain your account.

We use automated rate limiting and abuse detection that may result in temporary blocking of access. These measures are applied uniformly for security purposes and do not produce legal effects or similarly significant effects within the meaning of GDPR Art. 22. If you believe you have been incorrectly blocked, contact us at the email above.

Business Transfers

In the event that Bells Up AI, Inc. is acquired, merged, or sells substantially all of its assets, your personal data may be transferred to the acquiring entity. Any acquirer will be bound by the terms of this privacy policy with respect to data collected before the transfer. We will notify active users before any such transfer takes effect.

External Links

The Bells Up AI platform may contain links to third-party websites, including AI provider privacy policies and terms of service. We are not responsible for the privacy practices of those websites, and this policy does not apply to them.

Professional Responsibility

Your use of Bells Up AI's system does not create an attorney-client relationship between you and Bells Up AI or any of our employees. Information you receive from our employees or via the Bells Up AI platform does not constitute legal advice.

Attorneys are responsible for their own compliance with applicable professional responsibility rules, including but not limited to rules regarding client confidentiality, supervision of AI-assisted work product, and disclosure obligations. We encourage you to review relevant ethics opinions in your jurisdiction regarding AI tools in legal practice before using our platform with confidential or privileged information.

Children

Bells Up AI is intended for use by licensed attorneys and legal professionals. It is not directed at children under 13, and we do not knowingly collect personal data from children under 13.

Changes to This Policy

If we make material changes, we will update the effective date at the top of this page and, where appropriate, notify active users by email. Continued use of the platform after the effective date constitutes acceptance of those changes.

Biscuits

We suspect some of our users are exactly the type of people who carefully read a company's entire privacy policy. Congratulations for noticing this paragraph! Yes, the header of our cookie paragraph was labeled a "biscuit" policy. Mention "biscuits" the next time you see Rachel or Marc in-person and we'll buy you a beverage, a pastel de nata, or other tasty baked treat.

Data Controller

The data controller for personal data processed through the Bells Up AI platform is:

Bells Up AI, Inc.
PO Box 29246, Henrico, VA 23242-9246, United States
Email: privacy@bellsup.ai

We have not appointed a Data Protection Officer. You may contact us at the email above with any data protection questions.

Contact

Questions about this policy or requests to exercise your rights:

Bells Up AI, Inc.
PO Box 29246, Henrico, VA 23242-9246, United States
Email: privacy@bellsup.ai