When you sign up we collect your email address (via Supabase Auth) so we can identify you. When you use the platform we record the runs you execute, the verb names, the models used, the token counts, the cost, and the latency. We do NOT store the full text of your inputs or outputs beyond the active chat thread you can see and delete yourself.
We use your data to (1) provide the service you signed up for, (2) bill you accurately, (3) compute aggregate platform metrics (latency, uptime, total spend) that we publish on bupkis.app with all per-user information removed, and (4) email you transactional messages about your account (purchase receipts, refund confirmations, security alerts).
We do NOT train AI models on your inputs or outputs. We do NOT sell your data. We do NOT share it with advertisers. We have no advertising business.
We share your data with the following service providers strictly to deliver the Bupkis service. Each has its own privacy policy and we have data processing agreements (DPAs) in place where required.
You can request a copy of your data, request deletion of your account, or correct inaccurate information at any time. Email privacy@bupkis.app and we will respond within 30 days. EU residents have additional rights under GDPR · California residents under CCPA. Same email for both.
Account data is retained for as long as your account is active. When you delete your account we soft-delete immediately and hard- delete (including all run history, agent forks, marketplace installs) within 30 days. Stripe data follows their retention policy (typically 7 years for tax/regulatory reasons).
All data is encrypted in transit (TLS) and at rest (Supabase Postgres column encryption + Vercel/Stripe at-rest defaults). Admin access is gated by 2FA + IP allowlist + same-origin checks. See our security page for details.
Privacy questions · privacy@bupkis.app
Legal · DPA / subprocessor changes · legal@bupkis.app
Security disclosure · security@bupkis.app