Privacy Policy
Effective date: the date you first accept this Policy in the application.
Important: This document is a plain-language starting point. It is not legal advice and is not a substitute for review by qualified privacy counsel in each jurisdiction in which you operate.
This Policy explains what personal data TrioProd ("TrioProd", "we", "our", "us"), the company that operates the Babika platform, collects when you use our platform, websites, dashboards, APIs, and related services (collectively, the "Service"), how we use that data, who we share it with, how long we keep it, the choices you have, and the rights available to you under applicable law.
1. What we collect
We try to collect only what we need to run the Service. The categories are:
Account data. Name, email, profile image, and the Clerk user identifier we use to authenticate you. We do not store your password, authentication is handled by our identity provider Clerk.
Workspace and content data. The collections, items, fields, prompts, articles, comments, settings, and other content you and your teammates create or upload while using the Service. We process this data to provide the Service, generate AI output you request, and surface it back to you.
Integration data. When you connect a third-party platform (Webflow, WordPress, HubSpot, Shopify, Google Analytics, Google Search Console, and similar), we store the credentials or OAuth tokens you provide, encrypted at rest, scoped to your team, and used only to read and write the data you authorize.
Usage and operational data. Pages visited, features used, request paths, HTTP status codes, error reports, performance traces, IP address, browser type, and operating system. We use this to keep the Service stable, debug problems, and improve performance.
Billing data. Plan, subscription status, and credit balance. Payment card data is collected and stored by our payment processor (Stripe). We receive limited tokens and metadata back; we do not store full card numbers.
Communications. Support requests, in-product feedback, and email exchanges with our team.
Cookies and similar technologies. Strictly necessary cookies for sign-in, session management, and security, plus first-party analytics cookies that help us understand product use. You can manage cookies in your browser.
2. AI prompts and outputs
When you ask the Service to generate, score, classify, or transform content, the prompts and the content involved are sent to the model provider you have selected (Anthropic, OpenAI, Google, and others). What that provider may retain or use for its own purposes is governed by its agreement with us:
- We use providers under their enterprise/API terms that, at the time of
writing, contractually prohibit training on customer prompts and outputs.
- Providers may retain prompts and outputs for short abuse-monitoring windows
(typically up to 30 days) and then delete them.
You should not send the Service personal data you are not authorized to share with these providers.
3. Why we process your data
We process personal data to:
- create and operate your account and team;
- deliver the features you request (including AI generation and integrations);
- bill you, prevent fraud, and meet our tax and accounting obligations;
- secure the Service, prevent abuse, and investigate incidents;
- improve and develop the Service based on aggregate usage data;
- communicate with you about your account, security, and service updates;
- comply with applicable law and respond to lawful requests.
Under the GDPR, the lawful bases we rely on are: performance of a contract (running the Service for you), legitimate interest (security, fraud prevention, product improvement), legal obligation (tax, audit), and consent (only where required, e.g. for non-essential marketing).
4. How we share your data
We do not sell your personal data. We share it only with:
- Service providers (subprocessors) that help us run the Service, under
written contracts that require confidentiality and security. The current list includes: Clerk (authentication), Anthropic / OpenAI / Google AI (LLM inference), Stripe (payments), Neon (managed PostgreSQL), Google Cloud Platform (compute and storage), Vercel (web hosting), Sentry (error reporting), PostHog (product analytics), and Resend (transactional email). We will keep an up-to-date list available on request and on a public subprocessor page.
- People you choose. Your teammates within your workspace can see workspace
content and shared settings. If you connect an integration, data is shared with that third-party platform per the scope you grant.
- Authorities and legal process. Where required by law, court order, or
valid government request, or to protect the rights, property, or safety of TrioProd, the Babika platform, our users, or the public.
- Corporate transactions. If we are involved in a merger, acquisition,
financing, or sale of assets, your data may be transferred as part of that transaction, subject to standard confidentiality protections.
5. International transfers
We are based in the United States and may process your data in the U.S. and other countries where our service providers operate. Where required (for example for transfers from the European Economic Area, the United Kingdom, or Switzerland to the United States), we rely on the Standard Contractual Clauses or equivalent transfer mechanisms with our subprocessors.
6. How long we keep your data
We keep your data for as long as your account is active and as long as needed to provide the Service and meet our legal obligations. When you delete content through the Service, we remove it from active systems within 30 days and from backups within their normal rotation. We may retain a minimum set of records (audit logs, billing records, acceptance records for these Terms and Policy) for the periods required by law.
7. Security
We protect your data with controls including: encryption in transit (TLS), encryption at rest for databases and object storage, tenant-scoped credential encryption, scoped access tokens, least-privilege role-based access for internal staff, multi-factor authentication, dependency and infrastructure patching, centralized logging, and a documented incident-response process. No system is perfectly secure; please report suspected vulnerabilities to security@babika.ai.
8. Your rights
Depending on where you live, you may have the following rights:
- Access the personal data we hold about you.
- Rectify inaccurate personal data.
- Delete your personal data ("right to be forgotten"), subject to legal
exceptions.
- Restrict or object to certain processing.
- Portability: receive your data in a structured, machine-readable format
and transfer it to another controller.
- Withdraw consent at any time where we rely on consent (without affecting
prior lawful processing).
- Complain to your local data-protection authority.
To exercise these rights, email privacy@babika.ai. We may need to verify your identity before acting.
9. Children
The Service is not intended for children under 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, contact us and we will delete it.
10. Automated decision-making
The Service uses AI to generate, score, and classify content at your request. Those operations are not legally significant automated decisions about you; you remain in control and can edit, discard, or republish any AI output. We do not make automated decisions about you that produce legal or similarly significant effects.
11. Changes to this Policy
We may update this Policy from time to time. When we do, we will publish the new version in the application and require you to accept it before you can continue using the Service. The version you accept is recorded with a timestamp in our system.
12. Acceptance record
When you accept this Policy in the application, we record your user identifier, the document version you accepted, the timestamp, your IP address, and your browser's User-Agent string. This record exists solely to prove acceptance for compliance and audit purposes.
13. Contact
Questions about this Policy or your data: privacy@babika.ai.