How we handle the data you entrust to us.

Behavioral Intelligence Engine (“BIE”, “we”, “us”) is operated by the legal entity trading as Behavioral Intelligence Engine. When you sign up directly we are the controller of your account data. When you connect a Discord server, Slack workspace, Microsoft Teams organisation, YouTube channel or Instagram account, we act as a processor on your behalf for the behavioural data ingested from those sources — you remain the controller of the underlying communications, and the platform operator remains the controller of the platform identity data.

For privacy requests and data-subject rights, contact privacy@bieintel.com.

We distinguish three classes of data.

Account data. Email address, display name, billing metadata, the org and team structure you set up inside the product. Processed to provide the service, authenticate you, and bill you.

Connector data. The messages, comments, replies, reactions and associated metadata that move through a platform you connect. Processed to produce behavioural intelligence output (classifications, profiles, reports, agent drafts). We store the original event, a behavioural classification of that event, and the derived profile and environment state that the classification feeds into. Raw events are retained for 180 days on a rolling basis so intelligence can be regenerated when the models improve; derived state persists with your subscription. See Data retention for the full matrix.

Product telemetry. Pageviews, feature interactions and error events, captured via PostHog and Sentry to help us improve the product and diagnose failures. This is only collected after you have given explicit consent via the cookie banner.

Under the UK GDPR and EU GDPR we process personal data on the following bases:

— Contract: to provide the service you have subscribed to (account data, connector ingestion, intelligence output).

— Legitimate interests: to keep the platform secure and diagnose failures (audit logs, error telemetry, abuse detection). Our legitimate interest is proportionate to the narrow technical scope and you can object by contacting privacy@bieintel.com.

— Consent: for product analytics (PostHog). Consent is collected via the cookie banner on first visit, is reversible from the footer “Cookie preferences” link, and is the only basis on which optional tracking runs.

— Legal obligation: to retain billing and tax records for the period required by the applicable jurisdiction (typically six to seven years).

Behavioural data, account metadata and derived intelligence live in a Supabase-managed PostgreSQL cluster. Primary region for new accounts is the European Union unless you explicitly select the United States at signup. Stripe processes billing in your own region subject to Stripe’s terms. Anthropic processes inference prompts in the United States under a signed data processing agreement; data is not retained for training on our tier. A full subprocessor list is at bieintel.com/subprocessors.

Transfers of personal data outside the European Economic Area rely on Standard Contractual Clauses attached to our subprocessor agreements. Where an adequacy decision exists (for example, the UK–EU adequacy) we rely on that.

All traffic is encrypted in transit using TLS. OAuth tokens are encrypted at the application layer using AES-256-GCM with a key held outside the database before they reach persistent storage. Passwords are never stored — authentication is delegated to Supabase, which holds only cryptographic hashes. Row-level security enforces per-organisation data isolation at the database layer. Admin surfaces require an explicit admin role on the requesting user’s profile. See the Security page for the full control list.

Inside BIE, behavioural data is visible only to users of the connected organisation’s workspace. It is not shared across customers. Model providers (Anthropic) process prompts and responses under their own commercial terms and on our tier do not retain content for training. A small engineering team at BIE has access to production infrastructure for the purposes of running the platform, debugging incidents, and responding to support requests — this access is audited.

We do not sell your data. We do not share your data with advertisers. We do not use one customer’s behavioural data to train or improve models for another customer.

Behavioural signals, profiles and reports persist for as long as your subscription is active. Raw ingested events are retained for 180 days on a rolling basis. If you cancel your subscription the account enters a 90-day soft-delete window, after which all account-scoped data is permanently removed by the nightly retention job. Stripe billing records are retained for the period required by financial-records law (typically six to seven years). Audit logs are retained for 12 months. The detailed retention matrix is documented at Data retention.

To request immediate deletion, or a copy of your data, email privacy@bieintel.com. We aim to respond within 72 hours and always within the 30-day window required by GDPR.

If you are in the UK, EU, or other jurisdictions with similar frameworks, you have the right to:

— access the personal data we hold about you;
— correct inaccurate personal data;
— delete personal data when continued processing is not required;
— export your data in a machine-readable format;
— object to processing based on legitimate interests;
— withdraw consent for product analytics at any time from the footer “Cookie preferences” link;
— lodge a complaint with a supervisory authority — the ICO in the UK, or your national DPA in the EU.

To exercise any of these, email privacy@bieintel.com. Self-serve export and deletion are on the short-term roadmap.

BIE is a business product and is not intended for children under 16. We do not knowingly collect personal data from children. If we become aware that a child has created an account, we will delete the account and any associated data.

We will update this page when the policy changes. Material changes are announced by email to the account holder before they take effect. The “Last updated” date above always reflects the most recent revision.

Privacy questions, data-subject requests, DPA requests, security concerns: privacy@bieintel.com.
General support: support@bieintel.com.