This Privacy Policy describes our practices with respect to information we collect from or about you when you use our website, platform, services and features, and all associated software applications (collectively, “Services”).
Personal information we collect
We collect personal information relating to you (“Personal Information”) if you create an account to use our Services or communicate with us.
Account Information: When you create an account, we collect your email address and, if you register with a password, a securely hashed password. Where Google sign-in is offered, if you choose to sign in with Google, we receive your email address and basic profile information (such as your name and profile image). When you set up your organisation during onboarding, we collect the details you provide about it, which may include your company name, industry, team size, intended use of the Services and website.
Content You Submit to the Services: To provide the Services, we process the content you submit when you interact with our AI features, including your prompts, chat messages, instructions, uploaded or generated documents and images, and, where you use voice features, voice audio (collectively, “Content”). To generate responses and operate the Services, this Content is transmitted to and processed by our third-party AI model and infrastructure providers (see “Disclosure of personal information” below). If you connect third-party accounts (for example Slack, GitHub, or Google) to use agent tools, we (through our integration provider) access and act on the data in those accounts as you direct.
Communication Information: If you communicate with us, we may collect your name, contact information, and the contents of any messages you send (“Communication Information”).
Social Media Information: We have pages on Third Party Sites like Instagram, Facebook, Medium, Twitter/X, YouTube and LinkedIn. When you interact with our social media pages, we will collect Personal Information that you elect to provide to us, such as your contact details. In addition, the companies that host our social media pages may provide us with aggregate information and analytics about our social media activity (collectively, “Social Information”). See further details below in the “Links to other websites” section.
Other Information You Provide: We collect other information that you may provide to us, such as when you participate in our events or surveys (collectively, “Other Information You Provide”).
Personal Information We Receive Automatically From Your Use of the Services: When you visit, use, or interact with the Services, we receive the following information about your visit, use, or interactions (“Technical Information”):
Log Data: Information that your browser or device automatically sends when you use our Services. Log data includes your Internet Protocol address, browser/user agent string, session records and sign-up events for security and fraud-prevention purposes.
Usage Data: We may automatically collect information about your use of the Services, such as the types of content that you view or engage with, the features you use and the actions you take, as well as your time zone, country, the dates and times of access, user agent and version, type of computer or mobile device, and your computer connection.
Device Information: Includes name of the device, operating system, device identifiers, and browser you are using. Information collected may depend on the type of device you use and its settings.
Session replay: We use PostHog to record interaction-level session replays (page structure, clicks, scrolls, and navigation) to diagnose bugs and improve usability. All text and form inputs are masked, so the content of your chats, prompts, and documents is not captured.
Cookies: A “cookie” is a piece of information sent to your browser by a website you visit. You can set your browser to accept all cookies, to reject all cookies, or to notify you whenever a cookie is offered so that you can decide each time whether to accept it. However, refusing a cookie may in some cases preclude you from using, or negatively affect the display or function of, a website or certain areas or features of a website. For more details on cookies, please visit All About Cookies.
The Hirebase platform uses a small number of first-party cookies. Some are strictly necessary for the Services to function, principally an authentication/session cookie that keeps you signed in. If you enable two-factor authentication, short-lived cookies are used during the sign-in challenge. These are sent to our servers so we can recognise your session. We also set non-essential first-party cookies for referral attribution (hb_referral and hb_referral_clicked_at), which record a referral code and the time you arrived via a referral link so we can credit referrals.
We also use your browser’s local storage to hold non-essential settings locally (for example, your light/dark theme preference and dismissed prompts).
Third-party cookies are cookies from a domain different from the domain of the website you are visiting. Similar technologies, such as pixels, web beacons, or local storage, can also be used for these purposes. We use “cookies” to refer to cookies and similar technologies.
The Hirebase platform uses one third-party service that sets cookies and/or uses local storage: PostHog. PostHog is used for product analytics and error monitoring. PostHog uses cookies and local storage to measure how the Services are used (pages viewed, features used, errors encountered) and to provide session replay for debugging. It respects your browser’s “Do Not Track” signal.
When you purchase a subscription or credits, checkout is hosted by Stripe, which may set its own cookies on its checkout pages for fraud prevention. If you sign in with Google, Google may set cookies as part of that sign-in.
How we use personal information
We may use Technical and Personal Information for the following purposes:
- To provide, administer, maintain and/or analyze the Services;
- To improve our Services;
- To communicate with you; including to send you information about our Services and events;
- To develop new programs and services;
- To prevent fraud, criminal activity, or misuses of our Services, and to protect the security of our IT systems, architecture, and networks;
- To carry out business transfers; and
- To comply with legal obligations and legal process and to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or other third parties.
Aggregated or De-Identified Information
We may aggregate or de-identify Personal Information so that it may no longer be used to identify you and use such information to analyze the effectiveness of our Services, to improve and add features to our Services, to conduct research and for other similar purposes. In addition, from time to time, we may analyze the general behavior and characteristics of users of our Services and share aggregated information like general user statistics with third parties, publish such aggregated information or make such aggregated information generally available. We may collect aggregated information through the Services, through cookies, and through other means described in this Privacy Policy. We will maintain and use de-identified information in anonymous or de-identified form and we will not attempt to reidentify the information, unless required by law.
Disclosure of personal information
In certain circumstances we may provide your Personal Information to third parties without further notice to you, unless required by the law:
Vendors and Service Providers: To assist us in meeting business operations needs and to perform certain services and functions, we may provide Personal Information to vendors and service providers, including providers of hosting services, customer service vendors, cloud services, email communication software, web analytics services, and other information technology providers, among others. Pursuant to our instructions, these parties will access, process, or store Personal Information only in the course of performing their duties to us.
Sub-processors that process your Content and connected-account data: To operate the Services we rely on the following categories of sub-processor, which may process the Content and other Personal Information described above:
- AI model and inference providers: we send your prompts, chat messages, documents, image prompts, and voice audio to these providers to generate responses. Depending on the model used and the provider’s routing, this processing may occur outside your country.
- Connected-account / agent-tool integration provider, where you connect third-party accounts (e.g. Slack, GitHub, Google) for agent tools, this provider stores the OAuth access tokens for those accounts and reads from or writes to them as you direct.
- Meeting recording and transcription provider, where you use the meeting notetaker, this provider captures meeting audio, video, and transcripts, which may include the voices and contributions of other meeting participants.
- Messaging and notification providers which receive message content, identifiers, and notification payloads that may contain task content.
Business Transfers: If we are involved in strategic transactions, reorganization, bankruptcy, receivership, or transition of service to another provider (collectively, a “Transaction”), your Personal Information and other information may be disclosed in the diligence process with counterparties and others assisting with the Transaction and transferred to a successor or affiliate as part of that Transaction along with other assets.
Legal Requirements: We may share your Personal Information, including information about your interaction with our Services, with government authorities, industry peers, or other third parties (i) if required to do so by law or in the good faith belief that such action is necessary to comply with a legal obligation, (ii) to protect and defend our rights or property, (iii) if we determine, in our sole discretion, that there is a violation of our terms, policies, or the law; (iv) to protect the safety, security, and integrity of our products, employees, or users, or the public, or (v) to protect against legal liability.
Your rights
Depending on location, individuals may have certain statutory rights in relation to their Personal Information. For example, you may have the right to:
- Access your Personal Information and information relating to how it is processed.
- Delete your Personal Information from our records.
- Rectify or update your Personal Information.
- Transfer your Personal Information to a third party (right to data portability).
- Restrict how we process your Personal Information.
- Withdraw your consent—where we rely on consent as the legal basis for processing at any time.
- Object to how we process your Personal Information.
- Lodge a complaint with your local data protection authority.
Please submit your request via email to: admin@basedai.co.
Additional U.S. state disclosures
The following provides additional information about the categories of Personal Information we collect and how we disclose that information. You can read more about the Personal Information we collect in “Personal information we collect” above, how we use Personal Information in “How we use personal information” above, and how we retain Personal Information in “Security and Retention” below.
Identifiers, such as your name, contact details, IP address, and other device identifiers. We may disclose this information to our affiliates, vendors and service providers to process in accordance with our instructions; to law enforcement and other third parties for the legal reasons described above; to parties involved in Transactions; to corporate administrators of enterprise or team accounts; and to other users and third parties you choose to share it with.
Commercial Information, such as your transaction history. We may disclose this information to our affiliates, vendors and service providers to process in accordance with our instructions; to law enforcement and other third parties for the legal reasons described above; to parties involved in Transactions; and to corporate administrators of enterprise or team accounts.
Network Activity Information and how you interact with our Services. We may disclose this information to our affiliates, vendors and service providers to process in accordance with our instructions; to law enforcement and other third parties for the legal reasons described above; to parties involved in Transactions; and to other users and third parties you choose to share it with.
Geolocation Data. We may disclose this information to our affiliates, vendors and service providers to process in accordance with our instructions; to law enforcement and other third parties for the legal reasons described above; and to parties involved in Transactions.
To the extent provided for by local law and subject to applicable exceptions, individuals may have the following privacy rights in relation to their Personal Information:
- The right to know information about our processing of your Personal Information, including the specific pieces of Personal Information that we have collected from you;
- The right to request deletion of your Personal Information;
- The right to correct your Personal Information; and
- The right to be free from discrimination relating to the exercise of any of your privacy rights.
We don’t sell or share Personal Information for cross-contextual behavioral advertising (as those terms are defined under applicable local law), nor do we process sensitive Personal Information for the purposes of inferring characteristics about a user.
Exercising Your Rights
To the extent applicable under local law, you can exercise privacy rights described in this section by submitting a request via email to: admin@basedai.co.
Verification
In order to protect your Personal Information from unauthorized access, change, or deletion, we may require you to verify your credentials before you can submit a request to know, correct, or delete Personal Information. If you do not have an account with us, or if we suspect fraudulent or malicious activity, we may ask you to provide additional Personal Information and proof of residency for verification. If we cannot verify your identity, we will not be able to honor your request.
Authorized Agents
You may also submit a rights request through an authorized agent. If you do so, the agent must present signed written permission to act on your behalf and you may also be required to independently verify your identity and submit proof of your residency with us. Authorized agent requests can be submitted via email to: admin@basedai.co.
Appeals
Depending on where you live, you may have the right to appeal a decision we make relating to requests to exercise your rights under applicable local law. To appeal a decision, please send your request via email to: admin@basedai.co.
Children
If you are under 18 you must have your parent or legal guardian’s permission to use our Services.
Links to other websites
The Service may contain links to other websites not operated or controlled by BasedAI including social media services (“Third Party Sites”). The information that you share with Third Party Sites will be governed by the specific privacy policies and terms of service of the Third Party Sites and not by this Privacy Policy. By providing these links we do not imply that we endorse or have reviewed these sites. Please contact the Third Party Sites directly for information on their privacy practices and policies.
Security and Retention
We implement commercially reasonable technical, administrative, and organizational measures to protect Personal Information both online and offline from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or email transmission is ever fully secure or error free. In particular, email sent to or from us may not be secure. Therefore, you should take special care in deciding what information you send to us via the Service or email. In addition, we are not responsible for circumvention of any privacy settings or security measures contained on the Service, or Third Party Sites.
We’ll retain your Personal Information for only as long as we need in order to provide our Service to you, or for other legitimate business purposes such as resolving disputes, safety and security reasons, or complying with our legal obligations. How long we retain Personal Information will depend on a number of factors, such as the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure, our purpose for processing the information, and any legal requirements.
International Users (except for the European Economic Area, United Kingdom and Switzerland)
By using our Service, you understand and acknowledge that your Personal Information will be processed in the United States and in other countries. Our Services run on globally distributed cloud and edge infrastructure, and your Personal Information (including the Content you submit) may be processed by us, our affiliates, and our service providers and sub-processors in jurisdictions other than your own, where data-protection laws may differ from those in your country.
Legal Basis for Processing
Our legal bases for processing your Personal Information include:
- Performance of a contract with you when we provide and maintain our Services. When we process Account Information and Technical Information solely to provide our Services to you, this information is necessary to be able to provide our Services. If you do not provide this information, we may not be able to provide our Services to you.
- Our legitimate interests in protecting our Services from abuse, fraud, or security risks. This may include the processing of Account Information, Social Media Information, and Technical Information.
- Your consent when we ask for your consent to process your Personal Information for a specific purpose that we communicate to you. You have the right to withdraw your consent at any time.
- Compliance with our legal obligations when we use your Personal Information to comply with applicable law or when we protect our or our affiliates’, users’, or third parties’ rights, safety, and property.
Users in the European Economic Area, United Kingdom and Switzerland
You have the following statutory rights in relation to your Personal Data (as defined under applicable law):
- Access your Personal Data and information relating to how it is processed.
- Delete your Personal Data from our records.
- Rectify or update your Personal Data.
- Transfer your Personal Data to a third party (right to data portability).
- Restrict how we process your Personal Data.
- Withdraw your consent—where we rely on consent as the legal basis for processing at any time.
- Lodge a complaint with your local data protection authority (see below).
You have the following rights to object:
- Object to our processing of your Personal Data for direct marketing at any time.
- Object to how we process your Personal Data when our processing is based on our legitimate interests.
You can exercise these rights by submitting your request via email to admin@basedai.co.
Please note these rights may be limited, for example if fulfilling your request would reveal Personal Data about another person, or if you ask us to delete information that we are required by law or have compelling legitimate interests to keep.
We hope that we are able to address any questions or concerns you may have. If you have any unresolved complaints, you can contact your local supervisory authority. For any unresolved complaints relating to the UK you can reach out to the Information Commissioner’s Office and for Switzerland, to the Federal Data Protection and Information Commissioner.
Data Transfers
We will transfer your Personal Data to recipients outside of the EEA, Switzerland and the UK for the purposes described in this Privacy Policy. If you are based in the EEA, Switzerland or the UK and your Personal Data is transferred to a third country, that third country may not offer the same level of data protection as your home country.
By using our Services, you understand and acknowledge that your Personal Data will be processed in the United States and in other countries, on globally distributed cloud and edge infrastructure, and may be disclosed to our service providers, sub-processors, and affiliates in other jurisdictions. When we transfer your Personal Data out of the EEA, the UK, or Switzerland, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses (and the UK Addendum / IDTA) where required.
Legal bases for processing
When we process your Personal Data for the purposes described above, we rely on the following legal bases:
To provide and maintain our Services: Where necessary to perform a contract with you, such as processing a user’s prompts, including transmitting them to our AI model sub-processors, to provide a response.
To improve and develop our Services and new features: Where necessary for our legitimate interests and those of third parties and broader society, including in developing, improving, or promoting our Services.
To communicate with you, including to send you information or marketing about our Services and events: Where necessary to perform a contract with you, such as processing your contact information to send you a technical announcement about the Services. Your consent when we ask for it to process your Personal Data for a specific purpose that we communicate to you, such as processing your contact information to send you certain forms of marketing communications.
To prevent fraud, criminal activity, or misuses of our Services, and to protect the security of our systems and Services: Where necessary to comply with a legal obligation. Where we are not under a specific legal obligation, where necessary for our legitimate interests and those of third parties, including in protecting our Services from abuse, fraud, or security risks, such as processing data from security partners to protect against fraud, abuse and security threats in our Services.
To comply with legal obligations and to protect the rights, privacy, safety, or property of our users, us, our affiliates, or any third party: Where necessary to comply with a legal obligation, such as retaining transaction information to comply with record-keeping obligations. Where we are not under a specific legal obligation, where necessary for our legitimate interests and those of third parties and broader society, including in protecting our or our affiliates’, users’, or third parties’ rights, safety, and property, such as analyzing log data to identify fraud and abuse in our Services.
Changes to this Privacy Policy
We are continuously working to develop and improve our Services. We may update this Privacy Policy or our Services from time to time. If we do, we will give you at least thirty (30) days advance notice of changes that materially impact you either via email or an in-product notification. All other changes will be effective as soon as we post them to our website. If you do not agree to the changes, you must stop using our Services.
How to contact us
Please contact our team via email at admin@basedai.co if you have any questions or concerns not already addressed in this Privacy Policy.