Privacy Policy

1. INTRODUCTION

TryBacon.ai ("TryBacon," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our website at trybacon.ai (the "Website"), mobile applications (the "App"), and related services (collectively, the "Services").

By accessing or using our Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this Privacy Policy, please do not access or use our Services.

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

Account Information

When you create an account, we collect:

• Name and email address
• Username and password (encrypted)
• Phone number (optional)
• Company/business name and position
• Profile picture
• Payment and billing information
• Social media handles (optional)

User Input Content

When you use our AI-powered Services, we collect:

• Text prompts and instructions
• Images, photos, and graphics you upload
• Videos you upload
• Brand assets and logos
• Product information
• Marketing materials
• Scripts and creative briefs
• Any other content you submit to generate advertisements

Communications

We collect information when you:

• Contact customer support
• Participate in surveys or feedback forms
• Subscribe to newsletters or marketing communications
• Engage with us on social media
• Submit inquiries or requests

2.2 Information Collected Automatically

Usage Data

We automatically collect:

• Pages viewed and features used
• Time spent on the Services
• Click patterns and navigation paths
• Feature interactions and engagement metrics
• Generation history and outputs created
• Search queries
• Error logs and crash reports

Device Information

We collect:

• IP address
• Browser type and version
• Device type, model, and operating system
• Screen resolution
• Time zone and language settings
• Mobile device identifiers
• Internet service provider

Cookies and Tracking Technologies

We use cookies, pixels, web beacons, and similar technologies to:

• Remember your preferences and settings
• Analyze usage patterns and trends
• Personalize content and advertisements
• Measure marketing effectiveness
• Prevent fraud and enhance security

For more information, see our Cookie Policy.

2.3 Information from Third Parties

Social Media Integration

If you connect via social media (Google, Facebook, LinkedIn, etc.), we may receive:

• Profile information
• Email address
• Profile picture
• Friends list
• Public posts (if you choose to share)

Payment Processors

We receive transaction confirmation and payment status from payment processors (but not full payment card details).

AI Model Providers

We may share data with AI model providers (OpenAI, Anthropic, Google, etc.) to process your requests and generate content.

Analytics Providers

We use analytics services (Google Analytics, Mixpanel, Amplitude, etc.) that collect usage and performance data.

3. HOW WE USE YOUR INFORMATION

3.1 Core Service Functions

We use your information to:

• Create and manage your account
• Provide AI-powered ad generation services
• Process your content and generate outputs
• Store and organize your projects
• Enable collaboration features
• Provide customer support
• Process payments and manage billing

3.2 Service Improvement and Development

We use your information to:

• Train and improve AI models: Your inputs and outputs may be used to enhance our AI algorithms, improve generation quality, and develop new features
• Analyze usage patterns and trends
• Conduct research and development
• Test new features and functionality
• Optimize performance and user experience
• Identify and fix bugs and technical issues

3.3 Personalization

We use your information to:

• Customize your experience
• Provide relevant recommendations
• Tailor content to your preferences
• Remember your settings and preferences
• Suggest features and tools

3.4 Communications

We use your information to:

• Send service updates and announcements
• Provide customer support
• Send marketing communications (with your consent)
• Notify you of new features or promotions
• Respond to your inquiries
• Send security alerts

3.5 Business Operations

We use your information to:

• Manage accounts and billing
• Prevent fraud and abuse
• Enforce our Terms of Service
• Comply with legal obligations
• Protect our rights and property
• Resolve disputes
• Conduct internal audits

3.6 Marketing and Analytics

We use your information to:

• Analyze market trends
• Measure marketing campaign effectiveness
• Conduct A/B testing
• Create aggregate statistics
• Benchmark performance
• Understand user demographics

4. LEGAL BASIS FOR PROCESSING (GDPR)

If you are located in the European Economic Area (EEA), UK, or Switzerland, we process your personal data based on the following legal grounds:

4.1 Contractual Necessity

Processing necessary to:

• Provide the Services you've requested
• Perform our obligations under our Terms of Service
• Process payments and manage your account

4.2 Legitimate Interests

Processing necessary for our legitimate business interests, including:

• Improving and developing our Services
• Training AI models to enhance quality
• Preventing fraud and ensuring security
• Marketing our Services
• Managing business operations

4.3 Legal Compliance

Processing necessary to:

• Comply with legal obligations
• Respond to lawful requests
• Enforce our terms and policies
• Protect rights and safety

4.4 Consent

Processing based on your explicit consent for:

• Marketing communications
• Non-essential cookies
• Sharing data with specific third parties
• Specific data uses beyond core services

You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

5. HOW WE SHARE YOUR INFORMATION

5.1 Service Providers

We share information with trusted third-party service providers who assist us with:

Infrastructure and Hosting

• Cloud storage providers (AWS, Google Cloud)
• Content delivery networks
• Database hosting services

AI and Machine Learning

• AI model providers (OpenAI, Anthropic, Google, DeepSeek)
• Machine learning platforms
• Computer vision services

Payment Processing

• Stripe (payment processing)
• Tax calculation services
• Fraud prevention services

Analytics and Monitoring

• Google Analytics
• Mixpanel, Amplitude
• Braintrust (LLM monitoring)
• Sentry (error tracking)

Customer Support

• Customer.io (engagement)
• Email service providers
• Chat support platforms

Marketing and Communications

• Email marketing platforms
• SMS providers
• Social media platforms

All service providers are contractually obligated to protect your information and use it only for specified purposes.

5.2 AI Model Providers - Special Notice

IMPORTANT: Your User Input and generated Output may be shared with third-party AI model providers to process your requests and generate content. Different providers have different data practices:

• OpenAI: May use data for model improvement unless you opt out
• Anthropic: Does not use API data for training
• Google: Subject to Google's enterprise data policies
• Other providers: Subject to their respective policies

We implement measures to minimize sensitive data exposure, but you should avoid including highly confidential information in your prompts.

5.3 Business Transfers

If TryBacon is involved in a merger, acquisition, sale of assets, bankruptcy, or reorganization, your information may be transferred to the successor entity. You will be notified of any such change.

5.4 Legal Requirements

We may disclose your information to:

• Comply with legal obligations (subpoenas, court orders)
• Respond to government requests
• Enforce our Terms of Service
• Protect our rights, property, or safety
• Prevent fraud or illegal activity
• Protect users and the public

5.5 Aggregated and Anonymized Data

We may share aggregated, anonymized data that cannot identify you for:

• Research and analysis
• Industry benchmarking
• Marketing purposes
• Public reports

5.6 With Your Consent

We may share your information with third parties when you:

• Explicitly consent to sharing
• Use social sharing features
• Make your content public
• Integrate third-party services

6. DATA RETENTION

6.1 Active Accounts

We retain your information for as long as your account is active or as needed to provide Services.

6.2 Deleted Accounts

After account deletion, we:

• Delete or anonymize your personal information within 90 days
• May retain some information for legal, security, or operational purposes
• May retain anonymized usage data indefinitely

6.3 Specific Retention Periods

• Account information: Duration of account + 90 days
• User Input/Output: Duration of account + 30 days (unless used for AI training)
• Transaction records: 7 years (legal requirement)
• Support communications: 3 years
• Marketing data: Until you opt out + 30 days
• Analytics data: 26 months (aggregated)

6.4 AI Training Data

Data used to train our AI models may be retained indefinitely in anonymized form. Once incorporated into model training, individual contributions cannot be extracted.

7. DATA SECURITY

7.1 Security Measures

We implement industry-standard security measures including:

• Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access controls: Role-based access with least privilege principle
• Authentication: Multi-factor authentication available
• Monitoring: 24/7 security monitoring and logging
• Testing: Regular security audits and penetration testing
• Incident response: Established procedures for security incidents

7.2 Infrastructure Security

• Hosting: AWS infrastructure with SOC 2 compliance
• Network: Firewalls, intrusion detection, and DDoS protection
• Backups: Regular automated backups
• Updates: Timely security patches and updates

7.3 Organizational Security

• Employee background checks
• Security training programs
• Confidentiality agreements
• Limited access to personal data
• Security-focused development practices

7.4 Your Responsibilities

You are responsible for:

• Keeping your password secure
• Not sharing account credentials
• Using strong, unique passwords
• Enabling two-factor authentication
• Reporting suspected security breaches

7.5 No Absolute Security

While we use reasonable efforts to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

8. YOUR PRIVACY RIGHTS

8.1 General Rights

You have the right to:

• Access: Request copies of your personal information
• Correction: Update inaccurate or incomplete information
• Deletion: Request deletion of your personal information
• Portability: Receive your data in a structured, machine-readable format
• Restriction: Request limitation of processing
• Objection: Object to certain processing activities
• Withdraw consent: Revoke previously given consent

8.2 How to Exercise Rights

To exercise your rights:

• Email [email protected]
• Use account settings for certain requests
• Contact our Data Protection Officer (if applicable)

We will respond within:

• 30 days (general requests)
• 30 days (GDPR requests in EEA/UK)
• 45 days (CCPA requests in California)

8.3 Verification

For security, we may require:

• Email verification
• Account authentication
• Additional identifying information
• Notarized documents for sensitive requests

8.4 Limitations

We may deny requests that are:

• Excessive, repetitive, or unfounded
• Prohibited by law
• Harmful to others' privacy
• Technically infeasible
• Necessary for legal compliance

8.5 Appeals

If we deny your request, you may:

• Appeal our decision via email
• File a complaint with a supervisory authority
• Pursue other legal remedies

9. REGION-SPECIFIC PRIVACY RIGHTS

9.1 European Economic Area (EEA), UK, and Switzerland - GDPR

Data Protection Officer

Contact: [email protected]

Supervisory Authority

You have the right to lodge a complaint with your local data protection authority.

International Transfers

We transfer data to the United States and other countries. We use:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequate safeguards for international transfers
• Data Processing Agreements with all processors

Automated Decision-Making

We do not use fully automated decision-making that produces legal or similarly significant effects.

9.2 California - CCPA/CPRA

California residents have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know

Request disclosure of:

• Categories of personal information collected
• Sources of personal information
• Business purposes for collection
• Categories of third parties we share with
• Specific pieces of personal information

Right to Delete

Request deletion of personal information (subject to exceptions).

Right to Opt-Out

Opt out of:

• Sale of personal information: We do not sell personal information
• Sharing for cross-context behavioral advertising: We may share for advertising
• Sensitive personal information processing: For purposes beyond core services

Right to Correct

Request correction of inaccurate personal information.

Right to Limit Use of Sensitive Personal Information

We collect limited sensitive information (account credentials, payment data).

Right to Non-Discrimination

We will not discriminate against you for exercising your privacy rights.

Authorized Agents

You may designate an authorized agent to make requests on your behalf by providing written authorization.

Shine the Light

Request information about information shared with third parties for their marketing purposes (once per year).

9.3 Other U.S. States

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and other states with privacy laws have similar rights. Contact us to exercise your rights.

9.4 Brazil - LGPD

Brazilian residents have rights under Lei Geral de Proteção de Dados (LGPD) similar to GDPR rights.

10. CHILDREN'S PRIVACY

10.1 Age Restrictions

TryBacon is not intended for children under 13 (or 16 in the EEA). We do not knowingly collect information from children.

10.2 Parental Notice

If we learn we have collected information from a child without parental consent, we will delete it promptly.

10.3 Parental Rights

Parents may:

• Review their child's information
• Request deletion of their child's information
• Refuse further collection of their child's information

Contact [email protected] for child privacy matters.

11. COOKIES AND TRACKING TECHNOLOGIES

11.1 Types of Cookies We Use

Essential Cookies

Required for basic functionality:

• Authentication and session management
• Security features
• Load balancing

Analytics Cookies

Help us understand usage:

• Google Analytics
• Mixpanel
• Amplitude

Functionality Cookies

Remember your preferences:

• Language selection
• Theme preferences
• Layout customization

Marketing Cookies

Used for advertising:

• Conversion tracking
• Retargeting campaigns
• Social media pixels

11.2 Cookie Management

You can control cookies through:

• Browser settings: Disable or delete cookies
• Opt-out tools: NAI, DAA, AboutAds
• Do Not Track: We currently do not respond to DNT signals

Disabling cookies may affect functionality.

11.3 Third-Party Tracking

Third parties may use tracking technologies on our Services. We do not control their practices.

12. MARKETING AND COMMUNICATIONS

12.1 Marketing Emails

We may send promotional emails about:

• New features and updates
• Special offers and promotions
• Educational content
• Product recommendations

12.2 Opting Out

You may opt out by:

• Clicking "unsubscribe" in emails
• Updating preferences in account settings
• Emailing [email protected]

12.3 Transactional Emails

You cannot opt out of:

• Account notifications
• Security alerts
• Billing communications
• Service updates
• Legal notices

12.4 SMS Communications

If you provide your phone number, we may send SMS about your account. Reply STOP to opt out.

13. THIRD-PARTY LINKS AND INTEGRATIONS

13.1 Third-Party Websites

Our Services may link to third-party websites. We are not responsible for their privacy practices. Review their privacy policies before providing information.

13.2 Social Media Features

Our Services may include social media features (share buttons, widgets). These features may collect information and set cookies. They are governed by the third party's privacy policy.

13.3 Third-Party Integrations

You may integrate third-party services (cloud storage, project management tools). These integrations are subject to third-party terms and privacy policies.

14. CHANGES TO THIS PRIVACY POLICY

14.1 Updates

We may update this Privacy Policy to reflect:

• Changes in our practices
• New features or services
• Legal requirements
• Industry standards

14.2 Notification

We will notify you of material changes via:

• Email to your registered address
• Prominent notice on our Website
• In-app notification

14.3 Effective Date

Changes become effective:

• Immediately for new users
• 30 days after notice for existing users
• Upon your continued use after notice

14.4 Review

We encourage you to review this Privacy Policy periodically.

15. INTERNATIONAL DATA TRANSFERS

15.1 Global Operations

TryBacon operates globally. Your information may be transferred to and processed in:

• United States
• European Union
• Other countries where our service providers operate

15.2 Transfer Mechanisms

We ensure appropriate safeguards including:

• Standard Contractual Clauses (EU)
• Data Protection Agreements
• Adequacy decisions by regulators
• Consent where required

15.3 Data Protection

Countries may have different data protection standards. We implement appropriate safeguards regardless of location.

16. DATA BREACH NOTIFICATION

16.1 Our Commitment

If we experience a data breach affecting your personal information, we will:

• Investigate promptly
• Contain the breach
• Assess the impact
• Notify affected users

16.2 Notification Timing

We will notify you:

• Without undue delay (GDPR)
• Within 72 hours to regulators (GDPR)
• As required by law (varying by jurisdiction)

16.3 Notification Content

Our notification will include:

• Nature of the breach
• Types of data affected
• Potential consequences
• Measures we've taken
• Recommended actions for you

17. CONTACT INFORMATION

17.1 Privacy Inquiries

For privacy-related questions or requests:

17.2 Data Protection Officer (EEA/UK)

Email: [email protected]

17.3 Response Time

We aim to respond to inquiries within:

• 48 hours (acknowledgment)
• 30 days (full response)

18. ADDITIONAL INFORMATION

18.1 California Shine the Light

California residents may request information about disclosures to third parties for marketing purposes. We do not share personal information with third parties for their own marketing without consent.

18.2 Nevada Privacy Rights

Nevada residents may opt out of the sale of personal information. We do not sell personal information.

18.3 Mobile App Permissions

Our mobile app may request permissions:

• Camera: To capture photos for ad generation
• Photo library: To upload images
• Storage: To save generated content
• Notifications: To send updates
• Network access: To sync and process

You can revoke permissions in device settings.

19. YOUR CONSENT

By using our Services, you consent to:

• This Privacy Policy
• Collection and use of information as described
• Transfer of information to the United States and other countries
• Processing by our service providers

If you do not consent, please do not use our Services.

20. SEVERABILITY

If any provision of this Privacy Policy is found unenforceable, the remaining provisions remain in full effect.

APPENDIX A: CATEGORIES OF PERSONAL INFORMATION (CCPA)

APPENDIX B: SUBPROCESSORS

Current list of key subprocessors:

This list may be updated. View current list at: https://trybacon.ai/subprocessors