Privacy Policy

Account Data

We collect your email address, name, and a hashed password when you create an account. We use this data to authenticate you, communicate service updates, and manage your subscription.

Organization Data

When your account is created, it is associated with an organization that may include an organization name. Organization owners can view usage information for other members of their organization, including which AI models were used and approximate conversation length, but cannot access the content of any member's conversations.

Conversation Content in Transit

When you send a message, we transmit your conversation to the AI provider you have selected in order to generate a response. Transmitting your messages to AI providers constitutes processing under GDPR, even though we may not retain the content.

Saved Conversations (Optional)

If you turn on the Save Conversation toggle, the content of your message and the AI response is stored on our servers, and is encrypted at rest using AES-256-GCM encryption. Each conversation uses its own encryption key. You can delete saved conversations at any time.

Request Metadata

We collect and store request metadata for rate limiting, abuse detection, and security: your IP address, timestamps, which AI model was used, response latency, and token counts (a measure of input and output length — not the actual text). The text of your messages, AI responses, or conversation titles is not saved to our usage logs. Under normal circumstances, we retain metadata logs for 90 days.

Aggregate Analytics

We use the request metadata described above to understand aggregate usage patterns (such as daily request volume, peak usage times, and model performance). This helps us maintain and improve the service.

Feedback

If you submit feedback through the in-app feedback button, we collect the feedback category and your message. Feedback is forwarded to our team via a third-party messaging service (Slack) for review.

For users in the European Economic Area and the United Kingdom, we process personal data under the following legal bases as required by Article 6 of the General Data Protection Regulation (GDPR):

Performance of a contract (Art. 6(1)(b)): We process your account data, conversation content in transit, organization data, and billing data as necessary to provide the Bells Up AI service.

Consent (Art. 6(1)(a)): If you choose to save a conversation using the Save toggle, we store it in encrypted form on the basis of your consent. You may withdraw consent at any time by disabling the toggle or deleting the conversation, without affecting the lawfulness of prior processing.

Legitimate interest (Art. 6(1)(f)): We process request metadata (IP addresses, timestamps, token counts, model used) and aggregate analytics for platform security, abuse detection, and service improvement. We process feedback submissions to improve the service. These processing activities involve metadata and voluntary submissions only — never conversation content.

We use one functional cookie: an HttpOnly, Secure authentication token that maintains your login session. This cookie is transmitted only over encrypted connections. We do not use analytics cookies, advertising cookies, or any third-party tracking technologies. This cookie qualifies as strictly necessary under the EU's ePrivacy Directive (Art. 5(3)) and therefore no additional consent is necessary.

Your data may be shared with the following categories of recipients:

Our staff, located in the United States and Portugal, access the server for administration and maintenance.

We do not share your conversation content with any third party other than Amazon Web Services, our infrastructure provider, and, if applicable, the AI provider you select for a given message.

When you send a message, your prompt is transmitted to the AI provider you have selected. Each provider operates under API terms that prohibit using your inputs and outputs to train or improve their models.

Bells Up monitors provider terms on an ongoing basis. The in-app privacy panel reflects each provider's current data handling commitments, including data retention practices. We encourage you to review the privacy panel before including highly sensitive information in a prompt, as provider practices may change over time.

Providers Hosted via AWS Bedrock

Anthropic (Claude), Meta (Llama), DeepSeek, Mistral, and Qwen models are accessed through AWS Bedrock. All Bedrock-hosted providers are processed under the AWS Data Processing Addendum. AWS does not use Bedrock API inputs or outputs to train any models, and your content is not stored by AWS after processing.

Direct API Providers

OpenAI (GPT models): Accessed via the OpenAI API. Under OpenAI's API Data Usage Policy, API inputs and outputs are not used to train OpenAI models.

Google (Gemini models): Accessed via the Gemini API. Under Google's API Terms of Service, API inputs and outputs are not used to train Google models.

xAI (Grok models): Accessed via the xAI API. Under xAI's API terms, API inputs and outputs are not used to train xAI models.

Bells Up AI's infrastructure is located in the United States. If you access the platform from the European Economic Area or the United Kingdom, your personal data will be transferred to the United States for processing.

These transfers are conducted under the EU-U.S. Data Privacy Framework, where applicable, and the Standard Contractual Clauses (SCCs) approved by the European Commission (Implementing Decision 2021/914). Our principal sub-processor, Amazon Web Services, is certified under the EU-U.S. Data Privacy Framework and offers SCCs as part of its Data Processing Addendum, which govern our usage of the service.

Staff access from Portugal to US-based infrastructure is covered by internal administrative measures and the transfer mechanisms described above.

You may request a copy of the applicable transfer safeguards by contacting privacy@bellsup.ai.

Encryption in transit: TLS 1.2 or higher with HSTS enforced on all connections.

Encryption at rest: Saved conversations are encrypted using AES-256-GCM with keys managed by AWS Key Management Service. Each conversation has its own encryption key. Decryption keys exist only in memory during a request and are never written to disk or cached.

Authentication: Access tokens are held in browser memory only — never in browser storage. Refresh tokens are stored in HttpOnly cookies that cannot be accessed by JavaScript. Access tokens expire after 15 minutes.

Access controls: Production infrastructure access is restricted by IAM policies. Our application cannot access your decrypted conversation content without an active, authenticated request from you.

Input and output sanitization: User inputs and AI outputs are sanitized before processing and rendering to prevent injection attacks.

No prompt logging: Application logs contain no message content, AI responses, document content, or conversation titles.

Breach notification: In the event of a data breach involving personal data, we will notify affected users and, where required, the relevant supervisory authority within 72 hours, and comply with applicable US state breach notification laws, to the extent required by applicable law.

Bells Up AI will not voluntarily disclose the content of your conversations to law enforcement or any government entity.

If we receive legal process seeking your data, we will:

Scrutinize it. We will challenge subpoenas, court orders, and other demands we believe to be overbroad, vague, or legally deficient before producing anything.

Notify you. We will inform you of any request targeting your data unless a court order specifically prohibits us from doing so, allowing you the opportunity to assert your own legal rights.

If compelled to produce information, our architecture limits what we can produce:

Unsaved conversations never exist on our servers. We cannot produce your unsaved conversations because we never store them. There is nothing to hand over.

Saved conversations are protected by envelope encryption. Each conversation you choose to save is encrypted with its own unique encryption key, managed through AWS Key Management Service.

Operational metadata (such as timestamps and usage records) may be subject to valid legal process, consistent with our retention policies.

All Users

You may contact us at privacy@bellsup.ai to request access to, correction of, deletion of, or portability of your personal data. We will respond within 30 days. Saved conversations can be deleted at any time from within the platform. You may close your account by contacting us at the email above.

US State Privacy Rights and Disclosures

California (CCPA/CPRA) and other US states: Bells Up AI does not sell your personal information. We do not share your personal information for cross-context behavioral advertising. These statements apply as those terms are defined under the California Consumer Privacy Act, as amended by the California Privacy Rights Act, and under comparable state privacy laws including those in Virginia, Colorado, Connecticut, and other states with comprehensive privacy legislation.

Categories of personal information we collect: Identifiers (name, email, IP address), internet or electronic network activity (usage metadata, model selection, token counts), and, if you choose to save conversations, customer content stored in encrypted form.

How we use it: To provide and secure the service, as described in Section 1 of this policy.

Who we disclose it to: The categories of service providers listed in Section 4, solely to provide the service. We do not disclose personal information to third parties for their own commercial purposes.

Your rights: Depending on your state of residence, you may have the right to know what personal information we collect, request deletion, request correction, and opt out of the sale or sharing of personal information. Because we do not sell or share personal information, there is no sale or sharing to opt out of.

To exercise any of these rights, contact privacy@bellsup.ai. You may also designate an authorized agent to make a request on your behalf. We will not discriminate against you for exercising your rights.

Additional Rights Under GDPR (EEA / UK)

If you are in the European Economic Area or the United Kingdom, you have the following rights regarding your personal data:

Access, rectification, erasure, restriction, portability, and objection — including the right to object to processing based on legitimate interest. We will cease processing unless we demonstrate compelling legitimate grounds.

Withdraw consent — where processing is based on consent (saved conversations), you may withdraw consent at any time without affecting the lawfulness of prior processing.

Lodge a complaint with your local supervisory authority. In Portugal, this is the Comissão Nacional de Proteção de Dados (CNPD) at www.cnpd.pt.

To exercise any of these rights, contact us at privacy@bellsup.ai. We may request verification of your identity before fulfilling a request.

Providing your IP address is a technical necessity of using the service; we cannot provide the service to you without processing it. You are not required to provide any other personal data beyond what is necessary to create and maintain your account.

We use automated rate limiting and abuse detection that may result in temporary blocking of access. These measures are applied uniformly for security purposes and do not produce legal effects or similarly significant effects within the meaning of GDPR Art. 22. If you believe you have been incorrectly blocked, contact us at the email above.

In the event that Bells Up AI, Inc. is acquired, merged, or sells substantially all of its assets, your personal data may be transferred to the acquiring entity. Any acquirer will be bound by the terms of this privacy policy with respect to data collected before the transfer. We will notify active users before any such transfer takes effect.

The Bells Up AI platform may contain links to third-party websites, including AI provider privacy policies and terms of service. We are not responsible for the privacy practices of those websites, and this policy does not apply to them.

Your use of Bells Up AI's system does not create an attorney-client relationship between you and Bells Up AI or any of our employees. Information you receive from our employees or via the Bells Up AI platform does not constitute legal advice.

Attorneys are responsible for their own compliance with applicable professional responsibility rules, including but not limited to rules regarding client confidentiality, supervision of AI-assisted work product, and disclosure obligations. We encourage you to review relevant ethics opinions in your jurisdiction regarding AI tools in legal practice before using our platform with confidential or privileged information.

Bells Up AI is intended for use by licensed attorneys and legal professionals. It is not directed at children under 13, and we do not knowingly collect personal data from children under 13.

If we make material changes, we will update the effective date at the top of this page and, where appropriate, notify active users by email. Continued use of the platform after the effective date constitutes acceptance of those changes.

We suspect some of our users are exactly the type of people who carefully read a company's entire privacy policy. Congratulations for noticing this paragraph! Yes, the header of our cookie paragraph was labeled a "biscuit" policy. Mention "biscuits" the next time you see Rachel or Marc in-person and we'll buy you a beverage, a pastel de nata, or other tasty baked treat.

The data controller for personal data processed through the Bells Up AI platform is:

We have not appointed a Data Protection Officer, as we do not meet the threshold for mandatory appointment under GDPR Art. 37. You may contact us at the email above with any data protection questions.

Our EU representative under GDPR Art. 27 is:

Questions about this policy or requests to exercise your rights: