Features
How It Works
Use Cases
About
Log In
Sign Up

Privacy Policy

Last updated: June 25, 2026

Your privacy matters to us. Everything we do at Bitgarden is shaped by the principles you'll find below. This policy lays out what data we collect, why we collect it, who else touches it, and what rights you have over it.

What we collect and why

Our guiding principle is to collect only what we need. Here's what that means in practice.

Identity & access

When you sign up for Bitgarden, we use Google or Apple to verify your identity. From your Google or Apple account, we receive your name and email address. We never see your password.

We use your name and email to set up your account, to send you invoices and essential updates, and to reach you when we need to. We won't use your name in marketing without your permission, and we won't share it with anyone outside Bitgarden except where strictly necessary to provide our service.

Your memory

The whole point of Bitgarden is that it personalizes the web for you based on a "memory" you provide, i.e. a free-form document describing what you care about, what you know, and how you think. You can write your memory directly in our onboarding, or paste in one you've exported from an AI tool.

We store your memory in our database so we can use it to personalize pages for you. You can edit or delete it at any time from your dashboard. When you delete it, we delete it.

Your seedlings

When you "save" a personalized snippet, we keep the snippet text, the URL of the page it came from, and the time you saved it. That's it. We call saved personalized snippets “Seedlings.” Seedlings are visible only to you, in your dashboard.

Billing information

When you subscribe to a paid plan, our payment processor Stripe handles your card details and billing address. Your full card number, expiry, and CVC go directly to Stripe and never touch our servers. We receive only a subscription identifier and your subscription status. Stripe protects this data according to their privacy policy.

What we process when you personalize a page

When you click "personalize" on a webpage, our extension reads the visible text on that page and sends it to our system, which generates the personalized text and tooltips. The whole exchange happens because you asked for it.

A few things worth being clear about:
‍
→ We don't store the content of pages you personalize. The URL and a record of the personalization event are kept for billing and quota purposes; the page content itself isn't retained on our servers.
‍
→ The extension only reads pages when you explicitly trigger personalization. It does not log your browsing, snoop on tabs you're not personalizing, or build a profile of where you go on the web.
‍
→ Your memory and the pages you personalize are not used to train any AI models.

Usage data

We log how you use the Service, e.g. pages personalized, tooltips generated, API costs, timestamps, so we can enforce your plan's quota, catch abuse, and improve the product. We also log standard HTTP information like your IP address and browser when you talk to our backend.

Cookies

Our dashboard uses cookies strictly necessary for keeping you signed in. We don't use advertising cookies, and we don't run analytics that build cross-site profiles of you.

Information we don't collect

We don't ask for, and don't store, characteristics of protected classifications: age, race, gender,religion, sexual orientation, or anything similar. You may volunteer such information (for example, in your memory), but we don't require it, and we don't analyze it as a separate category. We don't collect biometric data.

When we access or share your information

Our default is to not access your account. The only times we will are:

→ To provide the Service. Generating personalizations requires accessing the information you provide to us. That's the deal.

→ To help you with support. If you write to us with a problem, we may need to look at metadata about your account (subscription status, usage logs) to help. We won’t look at the content of your memory or seedlings unless you specifically ask us to.

→ When required by law. If a law enforcement authority has a valid warrant, subpoena, or court order, we have to comply. We reject requests that don't meet that bar, and we'll let you know when a request is made unless we're legally prevented from doing so.

→ To protect Bitgarden. We may look at logs and metadata (login patterns, API usage) to detect fraud, abuse, or security issues.

Your rights with respect to your information

We apply the same data rights to every Bitgarden user, no matter where you are. The most privacy-forward regulations currently in place — the EU's GDPR and California's CCPA — recognize a set of rights that we extend to everyone:

→ Right to know. What data we collect and how we use it. That's what this policy is for.

→ Right of access. A copy of the data we hold about you.

→ Right to correction. To fix anything we have wrong.

→ Right to erasure. To have your data deleted. (Heads up: deleting some data may mean we can no longer provide the Service to you. Severe enough deletions effectively close your account.)

→ Right to portability. To receive your data in a format you can take elsewhere.

→ Right to restrict or object. To limit how we process your data, including objecting to certain uses.

→ Right to complain. To file a complaint with your local privacy regulator. In Canada, that's the Office of the Privacy Commissioner.

→ Right to non-discrimination. We won't charge you more or give you worse service because you exercised your privacy rights. You can exercise most of these directly from your dashboard, i.e. edit or delete your memory, delete seedlings, close your account.. For anything else, email us at [privacy@bitgarden.ai] and we'll take care of it.

How we secure your data

We protect your data using industry-standard practices: TLS encryption in transit, encryption at rest within Google Cloud, restricted access controls inside our team, and regular review of our security practices.

No system is ever perfectly secure. If we ever become aware of a security incident that affects your data, we'll let you know and notify the appropriate authorities as required by law.

When you delete data

When you delete your memory, a seedling, or your whole account from the dashboard, we remove the data from our active systems within 30 days. Backups are kept for up to another 30 days before they're rotated out, so within 60 days at the latest, your deleted data is gone from everywhere we store it. We can't recover data once it's purged, so if you change your mind, do it before the deletion lands.

If you close your account, we apply the same timeline to all your data.

Where we operate

Bitgarden is operated from Canada. We use service providers in Canada, the United States, and other countries. If you sign up from outside Canada, your data is transferred to and processed in those locations.

If you're in the European Economic Area, the United Kingdom, or Switzerland, our legal basis for processing your data is one or more of: providing the Service you signed up for, our legitimate interest in operating the Service, your consent where required, and complying with our legal obligations.

If you're in California, you have additional rights under the CCPA. We treat Bitgarden as a "service provider" under that law: we process your data only for the purposes you signed up for, and we never sell it.

Changes & questions

We may update this policy from time to time. When we do, we'll update the date at the top, and for material changes, we'll let you know by email or an in-app notice. If you keep using Bitgarden after a change, you're agreeing to the updated policy.

Questions, requests, or concerns? Contact us here, and we'll get back to you.

Powering a more creative, fun, and useful internet for everyone.

Get Going
Sign Up
Sign Up
Log In
Log In
About
Roadmap
Roadmap
Contact Us
Contact Us
Privacy & Terms
Privacy Policy
Privacy Policy
Terms of Service
Terms of Service