Privacy Policy

Contact Information: We may collect professional contact details such as first and last name, email address, phone number, company name, title and department, and other relevant information necessary for us to manage your account and business relationship.

Profile Data: We may collect information such as the username and password that you may set to establish an online account with us, biological information, and any other information that you add or is associated with your account.

Payment Information: If you subscribe to our Services, we will ask you to provide your payment information, such as your credit card number and billing address, to process your payment. Payment processing is handled by our third-party payment processor, and we do not store complete credit card numbers.

User-Generated Content: Such as photos, images, music, videos, comments, questions, messages, correspondence, and other content or information that you generate, transmit, or otherwise make available on the Service to us or other persons, as well as associated metadata.

Communication Information: When you contact us via a contact form, email, or other means, you may provide us with communication information, such as your name, email address, company, and the content, date, and time of your message.

Support Information: When you request technical support services, we will process your contact information, communication information, as well as information on the reasons for your support request, and any additional information you may provide.

API Keys and Credentials: You may provide third-party API keys (for AI providers such as Anthropic, OpenAI, or others) and authentication credentials for Connected Services. These are stored securely within your Virtual Machine environment and are not centrally stored by BaseFrame.

Third-Party Service Data: When you authorize connections to third-party services (such as email, messaging, calendars, file storage, development tools, or other applications), data from those services may be accessed and processed within your Virtual Machine by AI agents. This data may include: emails and message content; contacts and address books; calendar events and scheduling information; files and documents; usage data from connected applications; and any other data accessible through the APIs of those services.

Note: BaseFrame’s access to Connected Service data is limited to facilitating the connection. The AI agents operating in your Virtual Machine access and process this data according to your instructions. You retain control over and responsibility for all data accessed from Connected Services.

Website Usage Information: When you use our Services, we may automatically collect information about your visit, including via cookies, beacons, invisible tags, and similar technologies in your browser. This information may include Personal Information, such as your IP address, web browser, device type, and the pages that you visit.

Device and Log Information: We collect information about the devices you use to access the Services, including: IP address; browser type and version; operating system; device identifiers; and log data including access times and referring URLs.

Information from Other Sources: We may obtain information, including Personal Information, from third parties and sources other than our Services, such as our business customers and partners. If we combine or associate information from other sources with Personal Information that we collect through our Services, we will treat the combined information as Personal Information in accordance with this Policy.

Providing the Services: We may use your Personal Information to provide and personalize the Services, process payments, provide customer service, maintain or service accounts, verify customer information, provision Virtual Machines, facilitate AI agent operations, enable connections to third-party services, and undertake similar services.

Support: We use Personal Information to provide technical support, including diagnosing and resolving any issues you report.

Customer Relationship Management: We may process your Personal Information for customer relationship management purposes.

Communicating with You: We may use your email address and other Personal Information as necessary to contact you for administrative purposes, to manage your account, provide information you request, send service-related notices, updates, security alerts, and respond to your comments and questions.

Understanding Usage and Improving the Services: We use the information that we collect on the Services to understand and analyze usage trends and preferences, improve the Services, and develop new products, services, features, and functionality.

Marketing: We may use your email address and other Personal Information to send marketing communications, including updates on promotions and events relating to our products and services. You have the ability to opt out of receiving promotional communications as described below under Your Rights and Choices.

Security and Fraud Prevention: We may use your Personal Information to detect, prevent, and respond to fraud, abuse, security incidents, and other harmful activities.

Administrative and Legal Purposes: We may use your Personal Information to address administrative or legal issues, including but not limited to intellectual property infringements, defamation, or privacy rights, and to comply with applicable laws, regulations, legal processes, and governmental requests.

Aggregation:We may aggregate or otherwise de-identify Personal Information and use the resulting information (“De-identified Information”) for any lawful purpose. We will maintain and use De-identified Information in de-identified form and will not attempt to re-identify the information, except to verify our de-identification processes.

Service Providers: We may engage third-party service providers to assist in providing hosting services or other services necessary for the operation of the Services. These service providers may have access to or process your information as part of providing those services for us. They are contractually obligated to protect your information.

AI Providers:When you use AI agents, your prompts and instructions may be processed by third-party AI providers (such as Anthropic, OpenAI, or other providers you select) pursuant to your API key and their terms of service. BaseFrame does not control how AI providers process this data, and such processing is governed by the applicable AI provider’s terms and privacy policy.

Connected Services: When you connect third-party services, information is shared with those services as necessary to enable the integration. Such sharing is governed by the terms and privacy policies of those services.

Business Purposes: We may make certain information available to third parties for various purposes, including compliance with reporting obligations or for our business purposes. Any such disclosure will be in accordance with applicable laws and regulations.

Legal Requirements: We may disclose your information if required to do so by law or in the good-faith belief that such action is necessary to comply with applicable laws, respond to a court order, judicial or other government subpoena or warrant, or to cooperate with law enforcement or other governmental agencies.

Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, we may transfer your information to the acquiring entity as part of the transaction.

Affiliates: We may share Personal Information with our affiliates, subsidiaries, and branch offices to which it is reasonably necessary or desirable for us to disclose Personal Information for the purposes mentioned above.

With Your Consent: We may share information with your consent or at your direction.

Data Access: AI agents may access, read, process, modify, send, and delete data from Connected Services according to your instructions. This may include personal data of third parties (such as email correspondents or contacts).

AI Provider Processing:Data processed by AI agents may be transmitted to third-party AI providers for processing. Such transmission is governed by the AI provider’s terms of service and privacy policy, and your use of their API key. Different AI providers have different data retention and use policies.

Logging and Monitoring: Activity within your Virtual Machine may be logged for troubleshooting and security purposes. You are responsible for any personal data processed within your VM.

Your Responsibility: You are solely responsible for: ensuring you have authority to connect third-party services and grant AI agents access to data therein; obtaining any necessary consents from individuals whose data may be processed; complying with applicable privacy laws; configuring appropriate permissions and safeguards for AI agent activities; and reviewing the privacy policies of any AI providers you use.

Essential Cookies: Necessary for the operation of the Services, including authentication and security.

Analytics Cookies: Help us understand how visitors interact with the Services. We may use services such as Google Analytics to collect and analyze usage data.

Preference Cookies: Remember your settings and preferences.

Cookie Choices: You can manage cookie preferences by customizing your browser settings to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable certain cookies, please note that some parts of our Services may not function properly.

Interest-Based Advertising: We may allow third parties to collect Personal Information to provide interest-based advertising. You can opt out of interest-based advertising through the Digital Advertising Alliance (optout.aboutads.info) or Network Advertising Initiative (optout.networkadvertising.org).

Selling Personal Information:While we do not sell Personal Information in exchange for monetary consideration, we do disclose Personal Information for other benefits that could be deemed a “sale” under various data protection laws. You may opt out as described in Section 6.

Access: The right to request access to and obtain a copy of any Personal Information we may have about you.

Deletion: The right to delete your Personal Information that we have collected or obtained, subject to certain exceptions.

Correction: The right to request that we correct any inaccuracies in your Personal Information, subject to certain exceptions.

Opt Out of Certain Processing: The right to opt out of the processing of your Personal Information for purposes of targeted or cross-context behavioral advertising and/or the sale of your Personal Information.

Objection/Restriction of Processing: The right to object to or restrict us from processing your Personal Information in certain circumstances.

Withdraw Consent: The right to withdraw your consent where we are relying on your consent to process your Personal Information.

Portability: The right to receive your Personal Information in a structured, commonly used, and machine-readable format.

Automated Decision-Making and Profiling: We do not, at this time, use Personal Information for automated decision making or for profiling in furtherance of decisions that produce legal or similarly significant effects. Thus, we do not fulfill requests to opt out of these uses.

Lodge a Complaint: The right to lodge a complaint with a supervisory authority or other regulatory agency if you believe we have violated any of the rights afforded to you under applicable data protection laws. We encourage you to first reach out to us so we have an opportunity to address your concerns directly before you do so.

Global Privacy Control (GPC): You may also exercise your opt-out rights by broadcasting an Opt-Out Preference Signal, such as the Global Privacy Control (GPC). We honor Opt-Out Preference Signals, including GPC. If you choose to use an Opt-Out Preference Signal, you will need to turn it on for each supported browser or browser extension you use.

Account Information: Retained for the duration of your account and for a reasonable period thereafter for legal, tax, and audit purposes.

Virtual Machine Data: Customer Content within your Virtual Machine is retained while your account is active. Following account termination, VM data may be deleted after thirty (30) days.

Usage and Log Data: Retained for up to 1 month for analytics and security purposes.

Communication Records: Support communications may be retained for quality assurance and legal purposes.

Encryption: Data transmitted to and from the Services is encrypted using industry-standard protocols (TLS/SSL). Sensitive data at rest is encrypted.

VM Isolation:Each customer’s Virtual Machine is isolated from other customers to prevent unauthorized access.

Access Controls: We maintain access controls to limit access to information to authorized personnel.

Security Monitoring: We monitor our systems for potential security threats and vulnerabilities.

With your consent: Where you have given us consent to process your Personal Information for specific purposes.

Where necessary to perform a contract: To provide the Services you have requested.

To comply with our legal obligations: Where we are legally required to process your data.

Where doing so is in our legitimate interests: Including the purposes described in this Policy, such as analytics, security, fraud prevention, and improvement of our Services, and such interests are not outweighed by your rights and freedoms.

Right to Know: The right to know what personal information we collect, use, disclose, and sell.

Right to Delete: The right to request deletion of personal information.

Right to Correct: The right to correct inaccurate personal information.

Right to Opt-Out: The right to opt out of the sale or sharing of personal information.

Right to Non-Discrimination: The right not to be discriminated against for exercising your privacy rights.

Data Controller: BaseFrame Inc. is the data controller for Personal Information processed in connection with the Services.

Data Protection Officer: Not applicable.

Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority if you believe we have violated your privacy rights. We encourage you to contact us first so we can address your concerns.