Privacy

What this policy covers

This Privacy Policy explains how Bilbis Labs, Inc. collects and uses personal information when you visit bilbis.ai, contact us, join a pilot, or use the Bilbis AI engineering service. Customer source code, tickets, repository metadata, logs, and other workspace content are handled as Customer Data under the applicable customer agreement and, where required, our Data Processing Addendum.

Information we collect

• Contact and account details, such as name, work email, company, role, billing contact, authentication identifiers, and support communications.
• Workspace and service data, such as organization settings, connected tools, audit logs, usage events, pull request metadata, task status, cost controls, and diagnostics.
• Customer Data submitted to the service, such as tickets, prompts, repository content, comments, test output, CI logs, and related engineering context needed to perform requested work.
• Website and device data, such as IP address, browser type, approximate location, pages viewed, referral source, cookie identifiers, and basic analytics events.

How we use information

• Provide, secure, troubleshoot, and improve the Bilbis service.
• Authenticate users, administer workspaces, enforce usage limits, and process billing or procurement requests.
• Operate support, sales, onboarding, security review, and customer success workflows.
• Detect abuse, protect service integrity, investigate incidents, and comply with legal obligations.
• Send product, security, transactional, and administrative messages. Marketing messages can be opted out of at any time.

Legal bases for processing

Where GDPR or similar laws apply, we rely on the legal bases that match the processing context.

Contract

To provide accounts, support, the Bilbis service, billing, and customer-requested functionality.

Legitimate interests

To secure the service, improve reliability, understand product usage, prevent abuse, and communicate with business contacts.

Consent

For optional cookies, certain marketing communications, or other processing where consent is required.

Legal obligation

To satisfy tax, accounting, sanctions, security, lawful request, and compliance requirements.

How information is shared

We do not sell personal information. We also do not share personal information for cross-context behavioral advertising as those terms are commonly used in U.S. state privacy laws.

• Service providers that host, secure, monitor, support, bill, analyze, or operate the service for us.
• Customer-selected integrations, such as code hosts, issue trackers, CI systems, communication tools, and AI providers connected by the customer.
• Professional advisers, auditors, insurers, and counterparties in financing, corporate, or legal transactions.
• Authorities or third parties when required by law, needed to protect rights and safety, or necessary to enforce agreements.

How long we keep data

We keep personal information only as long as needed for the purposes described above, unless a longer period is required for legal, tax, accounting, security, backup, or dispute-resolution reasons. Customer Data retention is controlled by workspace settings, customer instructions, and the applicable agreement. After deletion, some data may remain in backups for a limited period before being overwritten.

Security measures

Bilbis uses administrative, technical, and organizational safeguards designed to protect personal information, including access controls, encryption in transit, audit logging, least-privilege access, separation of customer environments where available, vulnerability management, and incident response procedures. No online service can guarantee absolute security, but the service is designed to reduce exposure and keep customer-controlled data in customer-approved systems.

Privacy rights

• Depending on your location, you may request access, correction, deletion, portability, restriction, or objection to certain processing.
• You may opt out of marketing communications by using the unsubscribe link or contacting us.
• If your organization controls the workspace, requests about Customer Data should usually be directed to that organization first.
• California and other U.S. state residents may have additional rights to know, access, correct, delete, or appeal certain privacy decisions.
• EEA, UK, and Swiss individuals may also lodge a complaint with their local supervisory authority.

International processing

Bilbis may process information in the United States and other locations where we or our providers operate. When personal data is transferred from the EEA, UK, or Switzerland to a country that has not been found adequate, we use appropriate safeguards where required, such as standard contractual clauses or equivalent transfer mechanisms.

Changes to this policy

We may update this Privacy Policy as our service, legal obligations, or privacy practices change. If a change is material, we will take reasonable steps to notify affected customers or users, such as posting a notice on the site or sending an account email.