Privacy Policy, bipsio

bipsio (“bipsio,” “we,” “us”) respects your privacy. This Privacy Policy explains what information we collect when you visit https://bipsio.com or use the bipsio platform, how we use it, and the choices you have.

1. Information we collect

From visitors to the marketing site

Anonymous usage analytics (pages viewed, referrer, device type) collected via PostHog when you have not opted out via a Do Not Track signal.
Form input you provide voluntarily, including email and firm name on the contact and sign-up forms.

From workspace users

Account profile, including name, work email, role and brokerage.
Mandate, gate, and shortlist data you create inside the workspace.
Files you upload, including off-market lists and offering memoranda attachments.
Authentication metadata (login times, IP address, browser fingerprint) for security and fraud prevention.

2. How we use information

To operate the Service and run Hugo against your mandates.
To send transactional email and important security notices.
To improve the product through aggregated, de-identified analytics.
To respond to support requests and onboarding conversations from our customer success team.

We do not sell personal information. We do not use customer mandate data to train third-party AI models.

3. How we share information

We share information only with vendors that operate the Service and only to the extent needed:

Anthropic, for the AI models that power Hugo. Inputs are not used to train models, per our Anthropic agreement.
Supabase, our managed database, for storing workspace data.
Resend, for transactional email delivery, including team invitations and account emails such as sign-up confirmation and password reset.
PostHog, for product analytics on the marketing site and inside the app.
Langfuse, for tracing and observability of Hugo's AI reasoning, including the prompts and listing data sent to the models.
Vercel or equivalent hosting partner, for the marketing site delivery network.
Third-party scrapers (Decodo, Scrape.do) that fetch public listing data on our behalf.

Each vendor is bound by a Data Processing Addendum that restricts use of customer data to providing the Service.

4. Data retention

Workspace data is retained for the life of your subscription plus thirty days, after which it is permanently deleted. Marketing analytics are retained for thirteen months in aggregated form.

5. Security

bipsio uses encryption in transit (TLS 1.2+) and at rest. Access to production systems is limited to a small number of employees with background checks and role-based access. bipsio is pursuing SOC 2 Type II certification; the audit is in progress and the report will be available on request once issued.

6. Your rights

Depending on your jurisdiction, you may have the right to access, correct, port, or delete personal information we hold about you. Send requests to hello@bipsio.com and we will respond within thirty days.

7. International transfers

bipsio is based in the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the United States, governed by Standard Contractual Clauses where applicable.

8. Children

The Service is not directed to children under sixteen. We do not knowingly collect personal information from children.

9. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be notified through the workspace and via email.

Contact

Privacy questions can be sent to hello@bipsio.com.

1. Information we collect

From visitors to the marketing site

Anonymous usage analytics (pages viewed, referrer, device type) collected via PostHog when you have not opted out via a Do Not Track signal.

Form input you provide voluntarily, including email and firm name on the contact and sign-up forms.

From workspace users

Account profile, including name, work email, role and brokerage.

Mandate, gate, and shortlist data you create inside the workspace.

Files you upload, including off-market lists and offering memoranda attachments.

Authentication metadata (login times, IP address, browser fingerprint) for security and fraud prevention.

2. How we use information

To operate the Service and run Hugo against your mandates.

To send transactional email and important security notices.

To improve the product through aggregated, de-identified analytics.

To respond to support requests and onboarding conversations from our customer success team.

We do not sell personal information. We do not use customer mandate data to train third-party AI models.

3. How we share information

We share information only with vendors that operate the Service and only to the extent needed:

Anthropic, for the AI models that power Hugo. Inputs are not used to train models, per our Anthropic agreement.

Supabase, our managed database, for storing workspace data.

Resend, for transactional email delivery, including team invitations and account emails such as sign-up confirmation and password reset.

PostHog, for product analytics on the marketing site and inside the app.

Langfuse, for tracing and observability of Hugo's AI reasoning, including the prompts and listing data sent to the models.

Vercel or equivalent hosting partner, for the marketing site delivery network.

Third-party scrapers (Decodo, Scrape.do) that fetch public listing data on our behalf.

Each vendor is bound by a Data Processing Addendum that restricts use of customer data to providing the Service.

5. Security