Privacy Policy

This Privacy Policy explains how BridgeMind handles personal information when you use bridgemind.ai, the BridgeMind API, BridgeSpace, BridgeVoice, BridgeCode, Jarvis, related downloads, waitlists, events, and support channels.

This policy covers both browser-based services and our desktop applications. Some data is processed on our servers, and some data is stored or processed locally on your device.

For residents of the European Economic Area (EEA), the United Kingdom, and Switzerland, this policy also describes our roles and your rights under the EU General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”), the UK GDPR, and the Swiss Federal Act on Data Protection (“FADP”). For interactions with our AI features, it also describes how we meet the transparency obligations of Article 50 of the EU AI Act (Regulation (EU) 2024/1689).

• Account and identity data, such as email address, password or social-login flow details, user ID, roles, email-verification status, and subscription tier.
• Billing and subscription data, such as Stripe customer IDs, subscription IDs, plan, status, renewal dates, and limited transaction metadata. We do not store full payment card numbers.
• Product content you create or store with us, such as projects, prompts, agents, agent messages, project knowledge, skills, resources, vocabulary entries, API-key metadata, and related workspace data.
• Communications and submissions, such as contact messages, newsletter and waitlist signups, job applications, bug reports, bug bounty submissions, event registrations, project-sharing submissions.
• Usage, device, and security data, such as IP address, browser and device information, session and CSRF cookies, auth refresh activity, rate-limit and audit logs, and error telemetry.
• Desktop-app local data, such as encrypted sign-in credentials, device fingerprints, local settings, selected microphones, custom dictionaries, local database files, and downloaded Whisper model files.
• AI and audio data when you use AI features. In BridgeVoice local mode, audio is processed on-device. In BridgeVoice cloud mode, audio files and optional prompt/language hints are sent to the BridgeMind API for transcription. In BridgeSpace, BridgeCode, and Jarvis, your prompts, conversation history, and selected context (such as files or screen content you share) are sent to the BridgeMind API and our AI model providers to generate a response.

We collect information directly from you when you create an account, buy a subscription, submit a form, create content, or contact us.

We also collect information automatically from browsers, desktop apps, and APIs, including analytics events, security logs, cookie data, and device or app configuration data needed to run the service.

We may receive information from third parties you choose to use with BridgeMind, including authentication providers, payment processors, analytics providers, and AI service providers.

• Provide, secure, maintain, and improve BridgeMind, BridgeSpace, BridgeVoice, BridgeCode, Jarvis, and related services.
• Authenticate users, manage accounts, issue and refresh sessions, and enforce subscription or feature-access controls.
• Process purchases, renewals, cancellations, invoices, and customer-support requests.
• Store, sync, and return user content and settings across our web and desktop products where applicable.
• Provide AI features such as cloud transcription, agentic coding assistance, voice-driven workflows, prompt enhancement, and related product functionality you request.
• Detect abuse, spam, fraud, policy violations, and security incidents, including by using CAPTCHA, audit logging, rate limits, and monitoring.
• Analyze usage and product performance, subject to your consent choices where required.
• Comply with legal obligations and enforce our agreements.

If you are located in the EEA, the UK, or Switzerland, we process your personal data only where we have a lawful basis to do so under Article 6(1) of the GDPR (and corresponding provisions of the UK GDPR and the Swiss FADP). We rely on the following bases, mapped to the purposes described in Section 4:

• Performance of a contract (Article 6(1)(b)): creating and operating your account, authenticating you, providing the services you sign up for, storing and returning your content and settings, processing payments and renewals, delivering AI features you request, and responding to product-support requests arising from your use of the services.
• Legitimate interests (Article 6(1)(f)): protecting the security and integrity of our services, preventing fraud and abuse, maintaining audit logs and rate-limit records, operating CAPTCHA and anti-automation controls, measuring aggregate product performance and reliability, communicating essential service updates, and defending legal claims. We balance these interests against your rights and freedoms before relying on this basis.
• Consent (Article 6(1)(a)): non-essential cookies and analytics, product and marketing emails where required by law, and any other processing for which we ask you to opt in. You can withdraw consent at any time through the relevant in-product setting, the cookie banner, or by contacting us — withdrawal does not affect the lawfulness of processing before withdrawal.
• Legal obligation (Article 6(1)(c)): keeping tax, accounting, and billing records, responding to lawful requests from public authorities, and complying with applicable data-protection, consumer-protection, and anti-fraud laws.
• Vital interests (Article 6(1)(d)) and public interest (Article 6(1)(e)): relied on only in the unusual case of an emergency affecting a person's life or a required cooperation with authorities.

Where we rely on legitimate interests, you have the right to object (see Section 12). Where processing is based on consent, you have the right to withdraw consent at any time.

Interaction with an AI system (EU AI Act Article 50). When you chat with an agent, use voice commands, or otherwise interact with an AI feature in BridgeSpace, BridgeCode, Jarvis, BridgeVoice, or the BridgeMind website, you are interacting with an artificial intelligence system and not with a human. We provide this notice in accordance with Article 50 of the EU AI Act (Regulation (EU) 2024/1689). Output produced by these systems may be inaccurate, incomplete, or unsuitable for your intended use, and you should review and validate it before relying on it.

BridgeVoice supports both local and cloud processing. In local mode, speech is transcribed on your device using local Whisper models. In cloud mode, audio is transmitted over the network to the BridgeMind API and then to our transcription provider to return text.

BridgeSpace, BridgeCode, BridgeVoice, and Jarvis may also store encrypted sign-in data, settings, model files, dictionaries, and other app state on your device. These applications may access local folders, files, terminal sessions, clipboard, microphone, accessibility permissions, or other system capabilities when you invoke those features.

We do not use your private agent conversations, prompts, transcriptions, or code to train foundation models. Our AI providers are engaged as processors under contractual terms that restrict their use of your content to providing the service to us.

We share information with service providers that help us operate BridgeMind, including infrastructure, authentication, billing, email delivery, analytics, error monitoring, CAPTCHA, and AI providers. Depending on the feature, those providers may include AWS, Stripe, SendGrid, Cloudflare Turnstile, PostHog, Google Analytics, Sentry, Groq, OpenRouter, and OpenAI.

We may also share information when required by law, to protect rights or security, in connection with a merger or asset sale, or with your direction.

We do not currently sell personal information for money, and we do not engage in “sharing” of personal information for cross-context behavioural advertising as defined under U.S. state privacy laws.

BridgeMind uses cookies and similar storage technologies for authentication, session security, CSRF protection, preferences, and analytics. Our website stores theme preferences and analytics consent choices in browser storage.

The current web stack includes Google Analytics and PostHog, and analytics collection is gated by the site's consent banner in the browser experience. Desktop apps may store settings locally outside of browser cookies. Strictly necessary cookies (auth, CSRF, session) do not require consent; non-essential analytics cookies are loaded only after you consent through the banner.

We retain personal information for as long as needed to provide the services, maintain legitimate business records, resolve disputes, comply with law, and enforce agreements.

Local desktop-app data remains on your device until you delete it or remove the app. On the server side, deactivated accounts and related data may be purged after our retention window if they are no longer needed. Billing records are retained for the period required by applicable tax and accounting law.

We use administrative, technical, and organizational safeguards intended to protect personal information. These include encrypted local credential storage in our desktop apps, authentication and session controls, rate limiting, audit logging, access controls, and third-party infrastructure and monitoring tools.

No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security.

BridgeMind is based in the United States, and our service providers may process information in the United States and other countries. When we transfer personal data from the EEA, the UK, or Switzerland to a country that has not been recognised as providing an adequate level of data protection, we rely on appropriate safeguards under Article 46 of the GDPR. These typically include the European Commission's Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, the Swiss addendum where applicable, and, where a provider is certified, the EU-U.S., UK Extension, and Swiss-U.S. Data Privacy Frameworks.

You may request a copy of the safeguards we rely on for a given transfer by contacting privacy@bridgemind.ai.

Depending on where you live, you may have rights under applicable privacy law. For residents of the EEA, the UK, and Switzerland, these rights include, subject to the conditions and exceptions set out in the GDPR, UK GDPR, and FADP:

• Access (Article 15): to obtain confirmation of whether we process your personal data and to receive a copy.
• Rectification (Article 16): to correct inaccurate or incomplete personal data.
• Erasure / “right to be forgotten” (Article 17): to request deletion of your personal data.
• Restriction (Article 18): to request that we limit processing in certain circumstances.
• Portability (Article 20): to receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.
• Objection (Article 21): to object to processing based on legitimate interests or to direct marketing.
• Withdraw consent (Article 7(3)): where processing is based on consent, at any time, without affecting the lawfulness of processing before withdrawal.
• Automated decisions (Article 22): we do not currently make decisions producing legal or similarly significant effects about you based solely on automated processing.

To exercise any of these rights, contact privacy@bridgemind.ai. We will respond within one month, extendable by up to two further months where necessary given the complexity and number of requests, consistent with Article 12(3) GDPR. We may need to verify your identity before acting on your request.

You also have the right to lodge a complaint with a supervisory authority in the EEA member state or the UK where you live, where you work, or where the alleged infringement took place. A list of EU supervisory authorities is available from the European Data Protection Board at edpb.europa.eu, and the UK supervisory authority is the Information Commissioner's Office (ICO) at ico.org.uk.

You can also manage many data points directly through your account settings, billing portal, local app settings, and operating-system permission controls.

Because BridgeMind is established outside the EEA and the UK, we are required in certain cases to designate representatives under Article 27 of the GDPR and Article 27 of the UK GDPR. Our representatives, once appointed, act as a point of contact for data subjects and supervisory authorities on questions relating to the processing of your personal data.

EU representative (GDPR Article 27): appointment in progress — contact details will be published here and available on request from privacy@bridgemind.ai.

UK representative (UK GDPR Article 27): appointment in progress — contact details will be published here and available on request from privacy@bridgemind.ai.

Designating a representative does not affect our own responsibility or liability under the GDPR or UK GDPR. You may continue to contact us directly at the address above regardless of whether you also contact a representative.

Our services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. For users in the EEA and the UK, we do not knowingly offer information-society services directly to children under 16 without parental consent where required by local law. If you believe a child has provided personal information to us, contact us so we can review and address it.

We may update this Privacy Policy from time to time. If we make a material change, we will update the date above and, when appropriate, provide additional notice.

Privacy questions or requests may be sent to privacy@bridgemind.ai.