Privacy Policy

The controller responsible for processing your personal data under the EU General Data Protection Regulation (GDPR) is:

Account & profile

• Email address, password (stored by our auth provider), and basic profile details you provide (e.g., name).
• Onboarding answers (e.g., attachment quiz responses, relationship context) if you choose to complete them.

Chat & voice interactions

• Text you type to baobae and messages baobae returns.
• Voice audio you share during a voice session and associated transcripts (if enabled).
• Technical metadata needed to run real-time sessions (e.g., session identifiers, connection diagnostics).

Device & usage

• IP address, device/browser information, and basic usage events (e.g., page views) for security and performance.

• Provide the service (account access, onboarding, chat/voice sessions). Legal basis: contract (GDPR Art. 6(1)(b)).
• Keep baobae safe and reliable (fraud prevention, rate limiting, debugging). Legal basis: legitimate interests (Art. 6(1)(f)).
• Improve the product (analytics and service improvement). Legal basis: legitimate interests (Art. 6(1)(f)) or consent (Art. 6(1)(a)) where required.
• Comply with legal obligations (tax, accounting, lawful requests). Legal basis: legal obligation (Art. 6(1)(c)).

Note: Your relationship content can be sensitive. We aim to minimize what we store and keep it secure.

We use trusted service providers to host baobae and deliver core features. Depending on your use, this can include:

• Infrastructure and hosting providers (e.g., web hosting and content delivery).
• Database/authentication providers (to run accounts and store your data).
• AI model providers (to generate chat/voice responses).
• Analytics providers (to understand performance and usage).

Some providers may process data outside the European Economic Area (EEA). Where required, we rely on appropriate safeguards (e.g., Standard Contractual Clauses) and limit transfers.

We may use cookies or similar technologies to keep you logged in, to remember preferences, and to measure site performance. Where required by EU law, we will ask for your consent before setting non-essential cookies.

• Account data: kept while your account is active and for a reasonable period after deletion for security, backups, and legal compliance.
• Chat/voice content: kept as needed to provide the service and improve safety and quality; we aim to minimize retention and you can request deletion.

Depending on your location, you may have the right to:

• Access your personal data
• Correct inaccurate data
• Delete your data
• Restrict or object to processing
• Data portability
• Withdraw consent (where processing is based on consent)

To exercise your rights, contact us at getbaobae@gmail.com.

You also have the right to lodge a complaint with your local supervisory authority in the EU/EEA.

We use technical and organizational measures designed to protect your data (encryption in transit, access controls, and monitoring). No system is perfectly secure—please avoid sharing information you would not want stored.

baobae is not intended for children. If you believe a minor has provided personal data, contact us and we will take appropriate steps.

We may update this policy from time to time. We will post updates here and change the “Last updated” date.