Privacy Policy

Version 3 · Last updated 2026-05-24

What we collect

Account information

• Email address and username (you provide these at sign-up).
• Authentication state (handled by Firebase Authentication).
• Subscription state (plan, billing period, status), kept in sync with Stripe.
• Stripe Connect credentials (your Stripe account ID, charges- enabled flag, payouts-enabled flag). Stored in a private subcollection on your user record that's only readable by you and the Buzz admin role, never by staff members or other users.
• Push notification tokens for devices you've signed into. Used to deliver booking-request alerts; rotated automatically when you sign out.

Content you create

• Contacts you add (names, emails, phones, companies, notes, tags).
• Bookings, reminders, payments, and activity logs.
• Sales pipeline data — deals, stages, values, expected close dates, notes, per-deal activity timeline entries, and any files you attach to a deal (contracts, photos, quotes, etc., stored in Firebase Cloud Storage).
• Service catalog, availability rules, branding (business name, color, logo), and messaging templates.
• Staff seats (Team plan) — if you invite teammates, we store their email, role, and a link from their account to yours so permissions resolve correctly.
• Original text of every command you submit, plus the parsed structured output, retained in your audit log so you can review what happened.

Operational data

• Approximate timing and result status of each command (success, failure, parser model used, token counts).
• Crash and error reports, if you opt in.
• We do not currently use third-party analytics (Google Analytics, Mixpanel, etc.).

Where it lives

Most of your data lives in Google Firebase Firestore, in Google Cloud regions in the United States. Files you upload — deal attachments (contracts, photos, quotes) and branding images (logo, cover) — live in Firebase Cloud Storage, also US-based. Backups are managed by Firebase's automated backup system.

Staff seats: if you join another user's workspace as staff (Team plan), you can read the workspace owner's data scoped by the permissions they granted you. You can never read the owner's Stripe Connect credentials (those live in the owner-only private subcollection above).

Third parties we share with

Anthropic (Claude API)

When you submit a command, Buzz sends the original text plus a small amount of context (today's date, your morning hour) to Anthropic's Claude API for parsing. We don't include your contact list or other stored data unless your command directly references it. Anthropic states they do not use API inputs to train their models.

Stripe

Payments — both your Buzz subscription and (for Pro users) the Connect payments you collect from clients — are processed by Stripe. Card numbers never touch Buzz; Stripe's PCI-compliant infrastructure handles them. Stripe receives your billing email and the amount, plus a Buzz-specific reference ID we use to attribute payments to your account.

Resend (email)

We use Resend to send booking confirmations, reminders, and payment link emails to your clients on your behalf. Resend receives the recipient email, your business name, and the email content. They don't repurpose this data.

Apple / Google / Expo (push notifications)

Buzz delivers two kinds of notifications:

• Local reminders — booking reminders and morning-digest alerts. These are scheduled on your device by the OS; Buzz doesn't store the content on a server.
• Server-sent push (Pro) — booking-request alerts when a client submits a request to your public page. These travel through the Expo Push Service and the Apple / Google push infrastructure. We store an opaque push token per device under your user record so we know where to send them; the notification body contains the client's first name and the service requested.

Both kinds are off by default for staff workspaces and can be turned off in Settings → Notifications.

What we don't do

• We don't sell your data.
• We don't show ads.
• We don't use your data to train AI models.
• We don't share your contact list with third parties.

Your rights

You can:

• View all your data through the in-app screens.
• Export your data in a machine-readable format — email heybuzzsupport@gmail.com and we'll send a copy.
• Delete individual records (contacts, bookings, etc.) from inside the app.
• Delete your entire account and all associated data. Email us with your account email and we'll process the deletion within 30 days.

If you're in the EU, UK, or California, you have additional rights (access, portability, correction, erasure, objection). Email us to exercise them.

Data retention

• Account data: kept until you delete the account. Deletion removes contacts, bookings, reminders, payments, notes, deals, services, deal files, branding images, and audit logs.
• Audit log: retained as long as your account exists, unless you explicitly delete entries.
• Per-deal activity timeline: capped at 200 entries per deal; older entries are trimmed automatically.
• Stripe subscription records: kept by Stripe per their own retention rules even after account deletion (legal requirement).
• Public booking pages (created when you send a client a booking link) are accessible via a 16-character share token for up to 30 days after the appointment, then expire automatically.
• Staff seats: if the workspace owner downgrades below the Team plan, your seat is suspended for 14 days. During the suspension your access is read-only-then-gone; the owner can re-subscribe to restore it. After 14 days suspended seats are revoked. Audit-log entries for past actions stay intact.

Children

Buzz isn't directed at children under 18 and we don't knowingly collect data from them. If you believe a child has signed up, contact us and we'll remove the account.

Security

Data in transit is encrypted via HTTPS. Data at rest in Firestore is encrypted by Google Cloud. Auth tokens are short-lived and rotated. We use Firestore security rules to ensure that only you can read or write your account's data.

No system is perfect. If you discover a vulnerability, please report it to heybuzzsupport@gmail.com — we appreciate it.

Changes to this policy

We'll announce material changes in-app or by email at least 14 days before they take effect. The "Last updated" date at the top will move when something changes.

Contact

Questions, requests, or concerns: heybuzzsupport@gmail.com.