Legal

Privacy Policy

Effective date: May 21, 2026 · Entity: Boidwatch · Jurisdiction: United States

Beta. Boidwatch is currently in beta. This policy is provided in good faith and reflects our current practices. It will be updated before general availability and reviewed by legal counsel.

This Privacy Policy explains what information Boidwatch ("Boidwatch", "we", "us", or "our") collects when you use the Boidwatch service (boidwatch.com and app.boidwatch.com), how we use it, and what rights you have in relation to it.

1. Information we collect

Account and authentication

We collect your email address when you request beta access or sign in. Authentication is handled via magic links and, when configured, OAuth providers such as Google or GitHub. We do not store Boidwatch account passwords.

URLs and run configuration

When you create an evaluation run, we collect the URLs you submit for testing (both the primary URL and, for A/B tests, the comparison URL), along with any run configuration you provide: goal text, milestone definitions, persona count and filter criteria, evaluation mode, and optional design intent notes.

Credentials for credentialed runs

If you configure a run with inline authentication credentials (e.g. a username and password for a login flow), those credentials are AES-256-GCM encrypted at rest using a key that never leaves our server environment. Credentials are automatically and permanently purged from storage once the run reaches a terminal state (completed, abandoned, errored, timed out, or max steps reached). They are never logged, never transmitted to third-party LLM providers, and never stored longer than the run lifecycle requires.

Behavioral data captured during runs

During an evaluation run, our headless browser agents record:

Screenshots of key moments in each persona session.
DOM snapshots used for element identification during the session (not persisted long-term).
Behavioral traces: per-step intent, perception, and affect annotations produced by the LLM agent.
Network request logs recorded by the browser session (used for milestone matching).

Screenshots are stored in object storage (Cloudflare R2). Behavioral traces are stored in our PostgreSQL database. Both are associated with your account and run ID.

Billing and payment

Payment processing is handled entirely by Stripe. When you purchase credits, you are directed to a Stripe-hosted Checkout page. We do not receive, store, or process card numbers, CVVs, or bank account details — Stripe handles that directly. We store only the metadata Stripe sends us upon a completed purchase (amount, currency, credit package identifier, Stripe customer ID, and Stripe session ID) to credit your wallet.

Usage and analytics

We may use product analytics tools such as PostHog when they are enabled in the production environment. These tools may collect page views, feature interaction events, and session context (browser type, OS, rough geolocation inferred from IP). We do not use product analytics tools to track behavioral data captured inside evaluation runs. You can opt out via the provider's opt-out mechanism or a global privacy signal.

Log data

Our server logs may capture your IP address, browser user agent, request timestamps, and HTTP status codes in the ordinary course of operating a web service. These logs are retained for a limited period for security and debugging purposes.

2. How we use your information

To authenticate you and maintain your session.
To execute, store, and display evaluation runs you create.
To process credit purchases and maintain your wallet balance.
To send transactional emails (magic-link sign-in, run completion notifications, if applicable).
To improve the product via aggregate, anonymized analytics.
To comply with legal obligations and enforce our Terms of Service.

We do not sell your personal information. We do not use your data for advertising.

3. Third-party processors

We share data with the following categories of third-party processors:

Stripe — payment processing. Your payment information is submitted directly to Stripe under their privacy policy.
LLM providers — we route agent prompts and page context to a language model provider (currently one or more of Anthropic, OpenAI, or OpenRouter). Page content observed by our browser agents (DOM excerpts, visible text) may be included in these prompts. URLs you submit are included. We do not send credentials or your email address to LLM providers.
Cloudflare — DNS, CDN, Cloudflare Tunnel (for HTTPS termination), and Cloudflare R2 (object storage for screenshots). Cloudflare processes traffic and stores object data per their privacy policy.
PostHog or an equivalent product analytics provider — product analytics, when enabled. See Section 1 above.

We execute Data Processing Agreements with each processor where required under applicable law.

4. Data retention

Run credentials: purged immediately upon run terminal state. Never retained beyond the run lifecycle.
Screenshots and behavioral traces: retained while your account is active. You may delete individual runs (and their associated data) from within the app.
Account data: retained until you delete your account.
Billing records: retained as required by applicable financial and tax regulations.
Server logs: retained for a limited rolling window (typically 30–90 days) for security and debugging.

5. Cookies and local storage

We use the following cookies:

__Host-boidwatch.session — a first-party session cookie set when you sign in. It is an opaque, randomly-generated token stored as a SHA-256 hash on our server. HttpOnly, Secure, SameSite=Lax. Idle sessions expire after 30 days; absolute maximum session lifetime is 90 days.

Product analytics providers may set their own analytics cookies when enabled. You can opt out by following the provider's opt-out instructions.

We do not use advertising cookies or third-party tracking pixels.

6. Your rights

Depending on where you are located, you may have rights under the GDPR (EU/EEA), UK GDPR, or CCPA (California) including:

Right of access: request a copy of the personal data we hold about you.
Right to rectification: ask us to correct inaccurate data.
Right to erasure: request deletion of your personal data.
Right to data portability: receive your data in a structured, machine-readable format.
Right to object: object to processing based on legitimate interests.
Right to restrict processing: ask us to pause processing in certain circumstances.

To exercise any of these rights, use the delete account control in your profile settings, or contact us at support@boidwatch.com. We will respond within 30 days.

California residents: we do not sell or share personal information as defined under CCPA. To submit a CCPA request, contact us at the address above.

7. Security

We encrypt data in transit (HTTPS via Cloudflare Tunnel) and sensitive data at rest (credentials, analytics configuration: AES-256-GCM). Our infrastructure runs on a single VPS with access controls, and object storage is access-controlled via API tokens. We operate as a small team; no organizational security certifications are claimed at this beta stage.

8. Children

Boidwatch is not directed at children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us.

9. International transfers

We are based in the United States. Your data may be processed by our third-party processors in other countries. We take reasonable steps to ensure appropriate safeguards are in place for any cross-border transfers.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the effective date at the top of this page and, where the changes are material, notify you by email.

11. Contact

Questions, requests, or concerns about your data:
support@boidwatch.com
Boidwatch
United States