Privacy Policy

Last updated: 22 May 2026

This Privacy Policy describes how DOUBLE OO LLC ("Company", "we", "us", "our") collects, uses, and shares information when you use Busy Bee and any associated applications, software, and websites (collectively, the "Services").

This Privacy Policy is incorporated into and forms part of our Terms of Use. By using the Services, you agree to the practices described here. If you do not agree, please do not use the Services.

If you use Busy Bee on behalf of your employer or another organization under a Team Plan or Master Services Agreement, that organization is the data controller for the information processed through your account, and our role is limited to that of a data processor acting on their instructions. Contact your administrator for the privacy policy that governs your use in that context.

1. Information We Collect

We collect information in three ways: information you give us, information we collect automatically when you use the Services, and information we receive from third parties you connect.

Information you give us

Account information. Your name, email address, password (hashed), and any optional profile details you provide when you create an account or join a workspace.
Billing information. Payment card details and billing address. Card numbers are handled directly by our payment processor (Stripe) and never touch our servers; we receive only a token and the metadata required to display your billing history.
Content you upload or generate. Anything you type into the chat input, files you upload, datasets you ingest, documents added to knowledge bases, project context, and the deliverables produced by your agents. Collectively this is "Your Content" as defined in the Terms of Use.
Communications. Emails you send to us, support tickets, survey responses, and feedback.

Information we collect automatically

Usage data. Pages you view, features you use, tasks created, agent runs, error logs, time spent, referring URLs, and similar product analytics. We use this to operate the Services, debug problems, and improve the product.
Device and connection data. IP address, browser type, operating system, device identifiers, and approximate location (city level, derived from IP). We do not collect precise GPS location.
Cookies and similar technologies. See Section 6.

Information we receive from third parties

Connected accounts. When you authorize an integration (GitHub, Slack, Notion, Google Workspace, Asana, etc.), we receive the access tokens and the specific data scopes you grant. We use this only to power the agents you ask to use those integrations.
Authentication providers. If you sign in with Google, Microsoft, or another SSO provider, we receive the email address and basic profile data they share. We do not receive your password.
Subprocessors. Our service providers (listed in Section 3) may pass certain operational metadata back to us (e.g., delivery status of a sent email, error logs from a model API).

2. How We Use Information

We use the information we collect to:

Provide and operate the Services. Run your agents, render the UI, store your projects and deliverables, process your prompts through AI models, and deliver the results back to you.
Bill and account. Calculate Credit consumption, charge your payment method, send invoices and receipts, and manage your subscription.
Support you. Respond to questions, debug issues you report, and improve the help documentation.
Improve the product. Aggregate and de-identify usage data to understand what works and what doesn't, and to plan new features.
Communicate with you. Send transactional emails (account verification, billing notices, security alerts), product updates, and (only if you opt in) marketing messages.
Maintain security. Detect abuse, prevent fraud, enforce our Terms of Use, and protect the Services and our users.
Comply with the law. Respond to subpoenas, court orders, and lawful government requests; defend our legal rights.

We do not train our models on Your Content without explicit opt-in

Your prompts, uploads, and the agent output we produce for you are not used to train Busy Bee's models or any third-party AI provider's underlying models unless you explicitly opt in. We may use aggregated, de-identified usage patterns (e.g., "X% of users use feature Y") to improve the product. We do not sell your personal information.

We share information only as described in this section.

Service providers (subprocessors)

We rely on a small set of vendors to operate the Services. Each one is bound by a data processing agreement that restricts how they can use your data. Our current subprocessors include:

AI model providers. Anthropic, OpenAI, Moonshot AI, Alibaba Cloud (DashScope, for image generation), Z.AI. Prompts you send are forwarded to whichever provider serves the model tier you have selected. These providers have their own privacy and data-retention terms.
Infrastructure. Amazon Web Services and Cloudflare (compute, storage, edge), Backblaze B2 (file storage), Kubernetes-based orchestration providers (sandbox compute).
Payments. Stripe (card processing, billing).
Email. Mailgun (transactional and marketing email delivery).
Analytics. PostHog (product analytics, session metrics).
Source control and developer tools (only when you connect them): GitHub, Slack, Notion, Google Workspace, Asana, and any other integration listed in our Connectors documentation.

This list is updated as we add or remove providers. The latest list is always available on request at howdy@busy-bee.ai.

Affiliates and corporate transactions

We may share information with affiliated entities under common ownership, and with successors in the event of a merger, acquisition, or sale of assets, subject to the same protections described in this Privacy Policy.

Legal and safety

We may disclose information when we have a good-faith belief that disclosure is necessary to (a) comply with a subpoena, court order, or other legal process; (b) protect the rights, property, or safety of the Company, our users, or the public; (c) investigate fraud or violations of our Terms of Use; or (d) defend against legal claims.

If you connect a third-party integration or share content (e.g., publish a public Deployment), the information you direct us to share goes wherever you point it. That sharing is governed by the third party's policies, not ours.

4. Data Retention

We keep your information for as long as your account is active and for a reasonable period afterward to comply with legal obligations, resolve disputes, enforce our agreements, and prevent abuse.

Active accounts. Your account information, projects, tasks, conversations, and deliverables are retained while your account is open.
Closed accounts. When you close your account, we delete or anonymize personal information within 90 days, except for data we are legally required to retain (e.g., billing records under tax law, typically 7 years in the U.S.).
Backups. Personal information may persist in encrypted backups for up to 90 days after deletion from active systems.
Aggregated and de-identified data. We may retain this indefinitely, since it can no longer be associated with you.

You can request earlier deletion of specific items (see Section 5).

5. Your Rights

Depending on where you live, you have some or all of the following rights regarding your personal information:

Access. Request a copy of the personal information we hold about you.
Correction. Ask us to fix information that is inaccurate.
Deletion. Request that we delete your personal information (subject to legal exceptions).
Portability. Request a machine-readable export of your data.
Restriction or objection. Limit or object to certain uses of your personal information.
Withdraw consent. If we are processing your data based on your consent, you can withdraw it at any time.
Non-discrimination. We will not deny you the Services or charge you a different price for exercising any of these rights.

To exercise any of these rights, email howdy@busy-bee.ai with "Privacy Request" in the subject line. We will respond within 30 days (or sooner if required by your local law). We may need to verify your identity before fulfilling the request.

California residents (CCPA / CPRA)

You have additional rights under the California Consumer Privacy Act and the California Privacy Rights Act, including the right to know the categories of personal information we collect, the purposes for which we use it, and the categories of third parties we share it with. The information in this Privacy Policy satisfies those disclosure requirements. We do not sell your personal information, and we have not sold or shared personal information for cross-context behavioral advertising in the past 12 months.

If you are in the European Economic Area, the United Kingdom, or Switzerland, your personal information is processed on the legal bases of: (a) the performance of our contract with you (the Terms of Use); (b) our legitimate interests in operating, securing, and improving the Services; (c) your consent, where applicable (e.g., marketing); and (d) compliance with legal obligations. You have the right to lodge a complaint with your local data protection authority if you believe we have violated your rights.

6. Cookies and Similar Technologies

We use cookies and similar technologies (local storage, session storage) for the following purposes:

Strictly necessary. Authentication (keeping you signed in), CSRF protection, load balancing. These cannot be turned off in our settings, but you can block them in your browser settings; the Services will not function without them.
Functional. Remembering your theme preference, last-selected workspace, sidebar collapse state.
Analytics. PostHog session and event tracking, used to understand product usage. You can opt out via your browser's "Do Not Track" header or by emailing howdy@busy-bee.ai.

We do not use cookies for cross-site advertising. We do not embed third-party ad pixels.

7. Security

We protect your information with industry-standard measures:

Encryption in transit. All connections to the Services use TLS 1.2 or higher.
Encryption at rest. Database storage is encrypted at rest. Secrets and credentials (API keys, OAuth tokens, integration credentials) are encrypted with envelope encryption before being written to the database.
Access controls. Only a small number of authorized engineers can access production systems, with role-based access and audit logs.
Tenant isolation. Each organization's data is scoped by an organization ID at every database read; cross-tenant access requires a specific platform-admin grant and is logged.
Sandbox isolation. Builder-mode sandboxes run in ephemeral, namespaced containers with strict network egress policies.

No system is perfectly secure. If you become aware of a security issue affecting your account, contact us immediately at howdy@busy-bee.ai with "Security" in the subject line.

8. Children's Privacy

The Services are not intended for children under 13, and we do not knowingly collect personal information from anyone under 13. If you believe we have collected information from a child under 13, please contact us at howdy@busy-bee.ai and we will delete it promptly. Some features of the Services require users to be 18 or older; see the Terms of Use for details.

9. International Transfers

We are based in the United States, and our subprocessors are located in the U.S., the EU, and other countries. If you use the Services from outside the U.S., your information will be transferred to, stored in, and processed in the U.S. and other countries. We rely on standard contractual clauses and other lawful transfer mechanisms where required by applicable data protection law.

10. Third-Party Links and Integrations

The Services may link to third-party websites or allow you to connect third-party accounts. Once you click a link or authorize an integration, the third party's privacy policy governs how they handle your data. We do not control these third parties and are not responsible for their privacy practices.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

update the "Last updated" date at the top of this page;
post a notice in the product the next time you sign in; and
email registered users at the address on file.

Changes take effect immediately for users without an account and thirty (30) days after notice for users with an account. Continuing to use the Services after the effective date means you accept the updated Privacy Policy.

12. Contact Us

If you have questions, concerns, or requests about this Privacy Policy or our handling of your data, contact us at:

Email: howdy@busy-bee.ai

DOUBLE OO LLC