Bagelsai

Privacy Policy

Last Updated: August 9, 2025

Welcome to Bagels ai. This Privacy Policy is designed to help you understand how Bagels ai Inc. ("Bagels ai," "we," "our," or "us") collects, uses, discloses, and safeguards the information of our business clients ("Clients") and their employees or authorized users ("Users," "you," or "your") in connection with our workplace culture intelligence platform and related services (collectively, the "Service").

This policy explains our commitments and your rights regarding your data. By accessing or using our Service, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy.

1. Scope of this Policy & Role of Bagels ai

As a B2B service provider, we primarily act as a "Data Processor" or "Service Provider" on behalf of our Clients, who are the "Data Controllers" or "Businesses." Our Clients determine the purposes and means of processing personal data within the Service. This policy applies to the data we process to provide the Service to our Clients.

2. Information We Collect

We collect information necessary to provide and improve our Service, ensure security, and communicate with our Clients and Users. The types of information we collect can be categorized as follows:

A. Information Provided by Our Clients ("Client Data")

Our Clients provide us with data about their Users to set up and populate their accounts. This may include:

  • User Profile Information: Full name, business email address, job title, department, team, and reporting structure.
  • Organizational Data: Information about company structure, roles, and hierarchies needed to map collaboration patterns.

B. Information Provided Directly by Users

We collect information that Users voluntarily provide when they interact with the Service:

  • Account Details: Profile picture, preferred name, and password.
  • Voluntary Submissions: Information submitted through surveys, feedback forms, or when contacting our support channels.
  • Professional Details: Self-reported skills, professional interests, mentorship preferences, and communication style preferences to enhance team matching and collaboration.

C. Information Collected Automatically

When you use our Service, we automatically collect certain technical and usage information:

  • Usage and Log Data: We log technical information about your use of the Service, including the type of browser you use, access times, pages viewed, features used, your IP address, and the page you visited before navigating to our Service.
  • Device Information: We collect information about the computer or mobile device you use to access our Service, such as the hardware model, operating system and version.
  • Cookies and Similar Technologies: We use cookies and other tracking technologies to operate and administer the Service, analyze usage, and improve your experience. For more details, see Section 8 below.

D. Information from Third-Party Integrations

If our Client chooses to connect third-party workplace tools (e.g., communication platforms, project management software) to our Service, we may collect data from those tools as authorized by the Client. This data may include:

  • Metadata: Anonymized or aggregated data about collaboration patterns, meeting participation, and project interactions. We do not collect the content of communications.
  • Public Channel Data: Information from public channels in communication tools to understand topics of discussion and sentiment, always in an aggregated and anonymized form.

3. How We Use Your Information

Our primary purpose for using your information is to provide and improve the Service on behalf of our Clients. We use the information we collect for the following purposes:

  • To Provide and Maintain the Service: To operate our platform, authenticate Users, and provide our core features, such as culture intelligence analytics, team matching, and collaboration recommendations.
  • To Generate Insights: To process data into aggregated and anonymized insights about workplace culture, team dynamics, and collaboration patterns for our Clients. Individual User data is not exposed in these reports.
  • To Improve and Personalize the Service: To understand how Users interact with our platform, develop new features, and customize the User experience.
  • For Communication: To send administrative messages, service updates, security alerts, and support responses to Users and Client administrators.
  • For Security and Compliance: To prevent and detect fraudulent or malicious activity, enforce our terms of service, and comply with our legal obligations, court orders, or other legal processes.
  • For Research and Development: To use aggregated and de-identified data for research purposes to enhance our understanding of workplace dynamics and improve our service offerings.

4. Data Sharing and Disclosure

We are committed to maintaining your trust, and we do not sell your personal information to third parties. We may share information under the following limited circumstances:

  • With Your Organization (Our Client): We share aggregated and anonymized culture insights with designated administrators of your organization. Personal information is not shared in a way that identifies individual Users unless required for specific features you opt into (e.g., a mentorship match).
  • With Third-Party Service Providers (Sub-processors): We engage trusted third-party companies to perform services on our behalf, such as cloud hosting (e.g., AWS, Google Cloud), data analytics, and customer support. These providers are contractually obligated to protect your data and are prohibited from using it for any other purpose.
  • For Legal Reasons: We may disclose your information if we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process, or governmental request; to enforce our agreements and policies; to protect the security or integrity of the Service; or to protect ourselves, our other customers, or the public from harm or illegal activities.
  • In Connection with a Business Transfer: If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you and/or our Client of any such deal and outline your choices in that event.
  • With Your Consent: We may share your information with third parties when we have your explicit consent to do so.

5. Data Security

We implement robust administrative, technical, and physical security measures designed to protect the security, confidentiality, and integrity of your information. These measures include:

  • Encryption: Data is encrypted in transit using TLS and at rest using industry-standard encryption protocols (e.g., AES-256).
  • Access Controls: We follow the principle of least privilege, with strict role-based access controls and multi-factor authentication for our employees and systems.
  • Regular Audits and Testing: We conduct regular security assessments, vulnerability scanning, and penetration testing to identify and remediate potential threats.
  • Incident Response: We maintain a comprehensive incident response plan to promptly address any security incidents.
  • Employee Training: Our employees undergo regular training on data privacy and security best practices.

While we take extensive measures to protect your data, no security system is impenetrable. We cannot guarantee the absolute security of your information.

6. Data Retention

We retain personal information for as long as our Client's account is active or as needed to provide the Service. After the termination of a Client agreement, we will delete or anonymize personal information in accordance with the terms of our agreement with the Client and our data retention policies, typically within 90 days, unless retention is required for a longer period to comply with our legal obligations, resolve disputes, or enforce our agreements.

7. Your Rights and Choices

As we act as a Data Processor for much of the data on our platform, Users should typically direct any requests to exercise their data protection rights to their employer (our Client). However, we will assist our Clients in fulfilling these requests. Depending on your location and applicable law, you may have the following rights:

  • The Right to Access: You may have the right to request access to the personal information we hold about you.
  • The Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal information.
  • The Right to Erasure (Deletion): You may have the right to request the deletion of your personal information.
  • The Right to Restrict Processing: You may have the right to request that we restrict the processing of your personal information.
  • The Right to Data Portability: You may have the right to receive your personal information in a structured, commonly used, and machine-readable format.
  • The Right to Object to Processing: You may have the right to object to the processing of your personal information.

To make a request or inquire about these rights, please contact your organization's administrator. If you have questions for us, you can contact us at privacy@bagelshq.ai.

8. Cookies and Tracking Technologies

We use cookies and similar technologies for purposes such as authenticating users, remembering user preferences, and analyzing platform usage. We use both session cookies (which expire when you close your browser) and persistent cookies (which stay on your device for a set period). You can control the use of cookies at the individual browser level, but if you choose to disable cookies, it may limit your use of certain features of our Service.

9. State-Specific Privacy Rights (California)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with specific rights regarding your personal information. This section describes your CCPA/CPRA rights and explains how to exercise them.

  • Right to Know and Access: You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months.
  • Right to Delete: You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions.
  • Right to Correct: You have the right to request the correction of inaccurate personal information.
  • Right to Opt-Out of Sale/Sharing: We do not "sell" or "share" (for cross-context behavioral advertising) personal information as those terms are defined under the CCPA/CPRA.
  • Right to Limit Use of Sensitive Personal Information: We do not use or disclose sensitive personal information for purposes other than those permitted by the CCPA/CPRA.
  • Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To exercise these rights, please contact your employer or email us at privacy@bagelshq.ai with the subject line "California Privacy Rights Request."

10. International Data Transfers

Bagels ai is based in the United States, and we process and store information on servers located in the U.S. If you are using our Service from another country, your information may be transferred to, stored, and processed in the United States. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy. For transfers of personal data from the European Economic Area (EEA), the UK, and Switzerland, we rely on appropriate safeguards, such as Standard Contractual Clauses (SCCs), to ensure the lawful transfer of data.

11. Children's Privacy

Our Service is not directed to individuals under the age of 16, and we do not knowingly collect personal information from children under 16. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete such information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, and other factors. If we do, we will update the "Last Updated" date at the top of this policy. If we make a material change, we will provide you or our Client with notice, such as by email or a prominent notice on our platform.

13. Contact Us

If you have any questions, comments, or concerns about this Privacy Policy or our data practices, please do not hesitate to contact us.

Bagels ai

Attn: Privacy Officer

Email: privacy@bagelshq.ai