Privacy Policy

Bedrock Analytics, LLC

Last Updated: January 1, 2026

Bedrock Analytics, LLC ("Company," "we," "our," or "us") respects your privacy and is committed to protecting it through our compliance with this policy. This policy describes how we collect, process, retain, and disclose personal data about you when providing services to you through our websites and applications that link to this policy (our "Services").

Bedrock provides an AI-powered text message analysis service that helps users identify manipulation patterns in their personal communications. Our Services are available at www.bedrocklens.com.

This policy applies only to information we collect:

Through the Services.
In communications, including email and other electronic messages, between you and the Services.

It does not apply to information collected by third parties, including through any application or content that may link to or be accessible from the Services. Please read this policy carefully. By using our Services or providing us with your information, you agree to the collection, use, and sharing of your information as described in this privacy policy.

Children's and Minors' Data

Our Services are not intended for, and we do not knowingly collect any personal data from, individuals under the age of 18. Users must confirm they are 18 years or older during account registration. If we learn we have collected or received personal data from a user under 18 years old, we will delete that information. If you believe we might have any information from or about a user under 18, please contact us at privacy@bedrocklens.com.

The Personal Data That We Collect or Process

"Personal data" is information that identifies, relates to, or describes, directly or indirectly, you as an individual.

The types and categories of personal data we collect include:

Account information: Email address and user identifier (UUID). We do not collect your name, physical address, or phone number.
Authentication credentials: Password (securely hashed) for email/password authentication, or OAuth tokens if you sign in with Google.
Transaction history: Records of credit purchases, including amounts, dates, and Stripe payment intent IDs. We do not store your payment card details.
User-uploaded content: Text message conversations you upload for analysis (see "How We Handle Your Message Data" below for detailed handling).
Analysis results: AI-generated reports containing risk assessments, pattern identification, and communication analysis.
Local preferences: Theme preference, AI provider selection, and model preferences stored in your browser's local storage.

We do NOT collect:

Your name, physical address, or phone number
Payment card details (handled entirely by Stripe)
Browsing history, search history, or tracking data
Location or geolocation data
Biometric information
Demographic information (age, gender, income, etc.)

If you are a California resident, please also review our California-specific privacy policy, which provides additional information about your rights under the California Consumer Privacy Act (CCPA).

How We Handle Your Message Data

Because our service analyzes personal text message conversations, we want to be completely transparent about how this sensitive data is handled.

Instant Mode

Your message content passes through our servers to reach the AI provider for analysis.
Raw message content is NOT stored on our servers at any point.
Only the AI-generated analysis report is saved to your account.

Background Mode

Message content is encrypted (AES-256-GCM) while in transit to our servers and while queued for processing.
Content must be decrypted to send to the AI provider for analysis.
After processing completes, raw message content is automatically and permanently deleted.
Only the AI-generated analysis report is retained.

End-to-End Encryption for Analysis Results

For users who sign in with email and password (not Google OAuth), analysis results are encrypted client-side using AES-256-GCM encryption. The encryption key is derived from your password using PBKDF2 (100,000 iterations) and never leaves your browser. This means only you can decrypt and view your analysis results.

Important: If you reset your password, previously encrypted analyses cannot be recovered.

How We Collect Your Personal Data

Information You Provide

We collect information when you create an account (email address), upload text message files for analysis, and purchase credits through our payment processor.

Information from Third Parties

Google OAuth: If you sign in with Google, we receive your email address and basic profile information.
Stripe: Provides payment confirmation and transaction status. We do not receive your payment card details.

What We Do NOT Collect Automatically

Bedrock does not use cookies, analytics, web beacons, or any tracking mechanisms. We do not track your browsing behavior, collect device fingerprints, or monitor your interactions with our Services beyond what is necessary to provide the service.

How We Use Your Information

We use information that we collect about you or that you provide to us to:

Provide the text analysis service, including AI-powered manipulation pattern detection.
Create and manage your user account.
Process credit purchases and maintain transaction records.
Send notification emails when background analyses complete.
Protect the security and integrity of our service.
Comply with legal obligations.

We do NOT use your information to:

Send advertising, marketing, or promotional communications.
Train AI models (we use paid API tiers that do not train on user data).
Perform analytics, user tracking, or profiling.
Sell or share with third parties for their own purposes.
Create user profiles across multiple analyses or sessions.

Who We Disclose Your Information To

We disclose personal data to the following service providers to support our business operations:

| Service Provider | Data Shared | Purpose | |------------------|-------------|---------| | AI Providers (Google Gemini, Anthropic Claude, OpenAI) | Message content (for analysis) | AI-powered text analysis | | Supabase | Account info, encrypted data, analysis results | Database storage, authentication | | Stripe | Email, user ID, payment amount | Payment processing | | Email Service (Gmail/Resend) | Email address | Analysis completion notifications |

We may also disclose your personal data:

To comply with any court order, law, or legal process.
To enforce our terms of use.
If we believe disclosure is necessary to protect the rights, property, or safety of our organization or others.

We do NOT sell your personal data. We do NOT share your personal data for advertising or marketing purposes.

Third-Party AI Provider Notice

Important: Bedrock uses paid/business-tier API accounts with Google, Anthropic, and OpenAI. These paid tiers include contractual commitments that user data will not be used to train the providers' AI models. However, if you choose to use your own API key (particularly free-tier keys), different terms may apply. We strongly encourage you to review the privacy policies of your selected AI provider:

Google AI: https://ai.google.dev/terms
Anthropic: https://www.anthropic.com/legal/privacy
OpenAI: https://openai.com/policies/privacy-policy

Your Rights and Choices About Your Information

Tracking Technologies

Bedrock does not use cookies, web beacons, or similar tracking technologies. We use browser local storage only for functional preferences (theme, AI provider selection) that you can clear at any time through your browser settings.

Do Not Track / Global Privacy Control

We honor Global Privacy Control (GPC) signals. However, because we do not engage in tracking, sales, or sharing of personal data that would require opt-out, there is no behavior change triggered by these signals.

Your State Privacy Rights

Depending on your state of residency, you may have certain rights related to your personal data, including:

Access and Data Portability: You may request a copy of the personal data we process about you.
Correction: You may request that we correct inaccuracies in your personal data.
Deletion: You may request that we delete personal data about you. You can also delete your entire account through the application at any time.
Opt Out of Sales/Targeted Advertising: We do not sell personal data or use it for targeted advertising, so there is nothing to opt out of.

To exercise any of these rights, please email us at privacy@bedrocklens.com. Requests must be submitted from the email address associated with your account to verify your identity.

How We Protect Your Personal Data

We use commercially reasonable administrative, physical, and technical measures designed to protect your personal data:

Encryption at rest: AES-256-GCM encryption for stored data.
Encryption in transit: All connections use HTTPS/TLS.
End-to-end encryption: For password-based logins, analysis results are encrypted with keys derived from your password.
Access controls: Row-level security ensures users can only access their own data.
SOC 2 infrastructure: Our service providers (Supabase, Vercel) maintain SOC 2 Type II certification.

However, no online service is completely secure. Any transmission of personal data is at your own risk. You are responsible for protecting your account credentials.

How We Retain Your Personal Data

We retain personal data as follows:

Account information: Until you delete your account.
Transaction history: Until you delete your account.
Analysis results: Until you delete the specific analysis or your account.
Message content: Instant mode: not retained. Background mode: automatically deleted after processing completes.

When you delete your account, all associated data is permanently deleted through cascading deletion.

Analysis Results and Third-Party Attribution

Bedrock's analysis identifies communication patterns and attributes them to participants in the conversation. Please note:

Analysis results are provided solely for your personal informational use.
Bedrock makes no representations about the accuracy of pattern attribution.
AI analysis cannot diagnose abuse or replace professional assessment.
Results should not be used as evidence in legal proceedings without consultation with qualified professionals.

Data Breach Notification

In the event of a data breach affecting your personal data, we will notify affected users by email within one week of becoming aware of the breach.

Changes to Our Privacy Policy

We may update this policy from time to time. If we make material changes, we will notify you by email at the address associated with your account. The date the policy was last updated is identified at the top of this document. Your continued use of the Services after we make changes constitutes acceptance of those changes.

Contact Information

To exercise your rights or ask questions about this privacy policy, contact us at:

Email: privacy@bedrocklens.com

Postal Address: Bedrock Analytics, LLC Attn: Privacy Officer 555 West Kinzie St. Apt E1709 Chicago IL 60654