Privacy Policy

BeMe App: Privacy Policy

Effective Date: 18.06.2025

This Privacy Policy explains how BeMe Limited ("BeMe," "we," "us," or "our") collects, uses, processes, stores, and protects your personal data when you use our AI-driven personal and business assistant application, BeMe (the "App"), and our related services.

At BeMe, your privacy is paramount. We are committed to being transparent about our data practices and ensuring you remain in control of your information. Our purpose is to serve you by providing a truly personalized AI Twin experience, and we never sell your data.

1. Who We Are and What This Policy Covers

BeMe Limited is a company incorporated in the Isle of Man. This Privacy Policy applies to all personal data processed by us in relation to your use of the BeMe App, including data you provide directly and data BeMe learns about your professional and, if you choose, personal workflows.

2. The Data We Collect and Why We Collect It

We collect and process your personal data to power your personalized BeMe experience, enable the "AI Twin" functionality, provide support, and improve our services.

A. Data You Provide Directly

This includes information you give us when you register, during your AI-led onboarding interview, and when you interact directly with the App:

• Registration & Profile Data: Your name, email address, phone number, business type, location, and login credentials.
  Purpose: To create and manage your BeMe account, personalize your initial experience, and communicate with you.

• Onboarding Interview Data: Your explicit preferences regarding communication style (tone, phrases, greetings), scheduling habits (working hours, buffer times, travel limits), task prioritization methods, and specific business goals or pain points.
  Purpose: To create the foundational "blueprint" for your AI Twin, enabling rapid personalization and accurate behavioral replication from Day 1.

• Feedback & Support Data: Information you provide when giving feedback, rating AI responses, or contacting our support.
  Purpose: To continuously improve BeMe's AI learning, refine its performance, and provide personalized support to you.

B. Data BeMe Learns From Connected Services (User Provided Data)

With your explicit consent, BeMe accesses and processes data from third-party services you connect. This is the "lifeblood" of your AI Twin. The type of data collected here depends on your chosen Data Access Level (Work Data Only, Work & Personal Data, All Data).

• Communication Data: Content from your connected email accounts, call transcripts (if utilizing BeMe's call handling/transcription), and messages from integrated messaging platforms (e.g., SMS). This includes sender/recipient, timestamps, and content.
  Purpose: To learn your unique communication style, draft replies in your voice, summarize conversations, and identify tasks/context.

• Calendar & Scheduling Data: Information from your connected calendars, including events, participants, locations, and busy/free times.
  Purpose: To manage your schedule, find optimal meeting slots, remind you of appointments, and understand your routine.

• Document & File Data: Content from documents, quotes, and material orders that you upload or connect to BeMe.
  Purpose: To understand your business operations, pricing, preferred suppliers, and extract relevant context for tasks and communications.

• Usage & Interaction Data: Information about how you interact with the BeMe App itself (e.g., features used, duration of sessions, commands given, AI responses reviewed/edited).
  Purpose: To continuously improve BeMe's performance, personalize your experience further, optimize features, and generate internal operational insights (e.g., for cost monitoring, system health).

Crucial Commitment: We use this data solely to power your personalized BeMe experience. Your data is never sold, shared with third parties for their marketing or advertising purposes, or used in a way that is incompatible with the services you explicitly consent to receive.

3. How We Collect Your Data

• Directly from You: When you register, engage in the AI-led interview, or input data directly into the App.

• From Connected Third-Party Services: With your explicit consent and authorization (e.g., via OAuth), BeMe securely accesses data from your chosen email providers, calendar services, and other platforms.

• Automatically through Usage: As you use the App, we collect interaction data and logs to understand performance and usage patterns.

4. Our Legal Bases for Processing Your Data (GDPR & Similar Laws)

We process your personal data based on the following legal grounds:

• Consent: For most of the personal data processed by BeMe, especially communication and calendar content, we rely on your explicit consent. This is obtained during the AI-led onboarding interview where you choose your Data Access Level, and can be adjusted at any time in your app settings.

• Performance of a Contract: To fulfill our obligations to you by providing the BeMe AI Twin service you have subscribed to (e.g., managing your calendar, drafting communications).

• Legitimate Interests: For certain operational purposes, such as analyzing anonymized and aggregated usage data to improve the App's performance and security, detecting fraud, and providing customer support. We balance these interests against your rights and freedoms.

• Legal Obligation: To comply with applicable laws and regulations (e.g., tax, anti-fraud obligations).

5. How BeMe Uses Your Data (Purposes of Processing)

Your data is processed for the following specific purposes, all aimed at delivering and improving your personalized BeMe experience:

• To Create & Power Your AI Twin: This is the core purpose. Your data is used by BeMe's AI intelligence to:
  Learn your unique communication style, tone, and vocabulary.
  Understand your preferences for scheduling, task prioritization, and workflow habits.
  Build and refine your personalized "AI Twin" profile.
  Generate personalized drafts of emails, messages, and other communications in your authentic voice.
  Proactively manage your calendar and tasks according to your learned preferences and rules.
  Anticipate your needs and suggest relevant actions.

• To Provide Customer Support: BeMe (the AI itself) learns from user interactions and app documentation to provide personalized, intelligent support for any questions you have about using the App.

• To Improve & Optimize the App: We analyze anonymized and aggregated usage data to:
  Understand overall user engagement and feature popularity.
  Identify and resolve technical issues or bugs.
  Enhance existing features and develop new ones to better meet user needs.
  Monitor app performance, security, and cost efficiency.

• To Communicate with You: To send you essential service updates, security notifications, and information related to your subscription.

• To Ensure Security & Compliance: To protect the integrity and security of the App and your data, prevent fraud, and comply with legal obligations.

6. Data Sharing and Disclosure

We only share your data with trusted third parties when it is strictly necessary to provide and improve the BeMe service, or when legally required. We never sell your personal data.

• Service Providers (Data Processors): We work with third-party vendors who provide essential services that enable the App to function. These include:
  Cloud Hosting & Infrastructure: (e.g., Amazon Web Services (AWS)) for storing data and running our application.
  Database Services: (e.g., MongoDB Atlas, Pinecone) for storing your data and AI embeddings.
  AI Model Providers: (e.g., Google AI) for the underlying AI intelligence.
  Communication Providers: (e.g., Twilio for voice/SMS, SendGrid for email delivery) for managing communications.
  Payment Processors: For handling subscription payments.
  Monitoring & Analytics Tools: For tracking app performance and usage (using anonymized/aggregated data where possible).
  These providers are contractually bound to process your data only according to our instructions and to maintain strict data security and confidentiality. They act as our "data processors."

• Legal Requirements: We may disclose your data if required by law, regulation, court order, or governmental authority, or to protect our rights, property, or safety.

• Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity, subject to a commitment that they uphold this Privacy Policy and continue to protect your data.

7. International Data Transfers

BeMe is designed for global use, and your data may be processed and stored in locations outside your country of residence, including EU, UK, US, Canada, Ireland, Australia, New Zealand, and India.

• Regional Hosting: We strive to host your core data in data centers within your primary geographical region (e.g., EU data in EU data centers, US data in US data centers) where feasible and chosen.

• Safeguards for Transfers: When data must be transferred across borders (e.g., to our service providers' global operations), we ensure appropriate safeguards are in place, such as:
  Adequacy Decisions: Relying on countries deemed to provide adequate levels of data protection by the European Commission or UK Information Commissioner's Office.
  Standard Contractual Clauses (SCCs): Implementing legally binding SCCs approved by relevant authorities.
  Binding Corporate Rules (BCRs): If applicable to our service providers.
  By using BeMe, you acknowledge and agree to such transfers of your data.

8. Data Security

We implement robust technical and organizational security measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption: Your data is encrypted both at rest (when stored in our databases and cloud storage) and in transit (when it's being transmitted between your device, our servers, and third-party services).

• Access Controls: Strict access controls and authentication mechanisms are in place, ensuring only authorized personnel and systems can access your data, and only on a "need-to-know" basis.

• Regular Security Audits & Testing: We conduct regular security audits, vulnerability scanning, and penetration testing by independent experts to identify and address potential weaknesses.

• Secure Development Practices: Our development team adheres to "Security by Design" principles, building security into the app from the ground up and continuously patching software vulnerabilities.

• Continuous Monitoring: We employ real-time monitoring and anomaly detection to identify and respond to suspicious activity immediately.

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including providing your BeMe service, complying with legal obligations, resolving disputes, and enforcing our agreements.

• User-Controlled Retention: You have the ability to manage your data retention preferences within the App settings, including choosing data access levels that may limit retention periods.

• Deletion: When your account is terminated or data is no longer necessary for the stated purposes, we securely delete or anonymize your data.

10. Your Rights (Data Subject Rights)

Under GDPR and similar data protection laws, you have specific rights regarding your personal data. To exercise any of these rights, please contact us using the details in Section 12.

• Right to Information/Transparency: The right to be informed about how your data is collected and used (this Policy serves that purpose).

• Right of Access: The right to request a copy of the personal data we hold about you.

• Right to Rectification: The right to request that we correct any inaccurate or incomplete personal data.

• Right to Erasure ("Right to Be Forgotten"): The right to request the deletion of your personal data under certain circumstances (e.g., when it's no longer necessary for the purpose it was collected).

• Right to Restriction of Processing: The right to request that we limit the way we use your personal data under certain conditions.

• Right to Data Portability: The right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

• Right to Object: The right to object to the processing of your personal data under certain circumstances (e.g., for direct marketing, or processing based on legitimate interests).

• Rights Related to Automated Decision-Making and Profiling: You have the right to request human intervention, express your point of view, and contest decisions made solely based on automated processing (including profiling), especially if they produce legal or similarly significant effects. BeMe provides transparency and opportunities for human oversight for all its actions.

• Right to Withdraw Consent: Where we rely on your consent for processing, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

11. Children's Privacy

BeMe is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children without parental consent. If you are a parent or guardian and believe your child has provided us with personal data, please contact us.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes by posting the updated policy on our website or within the App, and by other appropriate means. Your continued use of the App after such changes constitutes your acceptance of the updated policy.

13. Contact Us

If you have any questions about this Privacy Policy, your data, or your rights, please contact our Data Protection Officer:

Email: Privacy Office: admin@beme.app

Address: BeMe Limited, Flat 3, 9 Tynwald Street, Douglas, IM1 1BF, Isle of Man

You also have the right to lodge a complaint with your local data protection authority.