Privacy Policy

This Privacy Policy explains how Bridge Agentic Solutions LLC (“Bridge,” “we,” “us,” or “our”) collects, uses, stores, and shares information when you use Bridge — including the Bridge mobile application, the bridgedev.io website, the waitlist and newsletter, and any related services (collectively, the “Service”).

This policy applies to information collected through the Service. It does not cover the practices of third-party services that you connect to Bridge (for example, the LLM provider whose API key you supply — see Section 4) or websites that link to or from Bridge.

If you do not agree with this policy, do not use the Service.

Account Information

When you create a Bridge account, we collect:

• Your email address and authentication metadata (handled by Google Firebase Authentication).
• Display name and account preferences you provide.
• Records of password resets, sign-ins, and similar account events.

User Content

We store the notes, ideas, prompts, generated outputs (specifications, schemas, plans, chat transcripts), and other content you create or generate through the Service. This is necessary to provide the Service — without storing your notes, we cannot show them to you across sessions or run AI features on them.

Waitlist and Newsletter Data

If you sign up for the Bridge waitlist or newsletter, we collect:

• The email address you provide.
• The free-text idea you optionally share through the Share Your Idea form (stored on your contact record in Loops as idea_text).
• Classification, expansion, and proposed-next-feature notes the founder may add to your contact record while preparing personalized waitlist emails ( idea_classification, idea_expansion, idea_next_features).
• Email engagement metadata (opens, clicks, send timestamps).

Website Analytics

On the bridgedev.io website (not in the mobile app), we use Google Analytics 4 to understand site usage in aggregate. GA4 may collect:

• Pages visited, referrer, browser type, and approximate location (city-level, derived from IP).
• Anonymized device and session identifiers.

IP addresses are anonymized by GA4 before storage. See our Cookie Policy for cookie details. The mobile app does not use GA4.

Payment Information

Payments are processed by Stripe, Inc. We do not see or store your full payment card details. What Bridge receives from Stripe is limited to: customer ID, billing email, subscription tier, subscription status, renewal date, and invoice metadata. Refer to Stripe’s Privacy Policy for how Stripe handles your card details.

If you subscribe in the future via Apple In-App Purchase, Apple processes your payment under Apple’s policies. RevenueCat (our subscription reconciliation layer, when added) processes only the metadata required to link your Apple transaction to your Bridge account.

Communications

If you reply to an email we send (welcome, newsletter, support), we receive your reply in our inbox and store it there as part of our normal communications records.

We use the information we collect to:

• Operate, maintain, and improve the Service.
• Process subscriptions, send payment receipts, and manage your account.
• Respond to your support requests and communications.
• Send transactional emails (account verification, password resets, subscription confirmations) and product communications (waitlist nurture, newsletter, feature announcements) you have opted in to.
• Understand product usage in aggregate, identify issues, and prioritize roadmap work.
• Detect, prevent, and investigate fraud, abuse, or security issues.
• Comply with legal obligations and enforce our Terms of Service.

We send commercial email in compliance with the CAN-SPAM Act. Every marketing email includes a one-click unsubscribe link. Unsubscribing stops marketing emails but not transactional emails (such as receipts or critical service notices).

Bridge does not host or operate LLM inference. When you use AI features (note classification, semantic expansion, Build Plan generation, Chat), Bridge sends the content of your notes and prompts to the third-party LLM provider you have selected, using the API key you have supplied. The provider processes that content and returns a response, which Bridge surfaces in the app.

What this means in practice:

• The content you send through AI features is processed by your chosen provider (Anthropic, OpenAI, or Google) under that provider’s privacy terms — not Bridge’s.
• Bridge does not enter into Business Associate Agreements or other data-processing agreements on your behalf with these providers. The provider’s standard API terms apply between you and the provider.
• We do not transmit your API key to any server other than the LLM provider you are calling. The app uses platform-level secure storage for the key on your device.
• If you do not use AI features (free Organizer tier), no note content is sent to any LLM provider.

Each provider has its own privacy policy and data-retention practices:

• Anthropic — Privacy Policy (commercial API data is not used to train Anthropic models by default).
• OpenAI — Privacy Policy (commercial API data is not used to train OpenAI models by default).
• Google (Gemini API) — Privacy Policy and Gemini API-specific terms apply.

If you switch providers in your Bridge settings, future AI requests go to the new provider. Past requests remain governed by the prior provider’s terms with respect to any data they retained.

Bridge stores data with the following providers:

• Google Firebase (United States) — account data, user content (notes, plans, generated artifacts), app configuration.
• Loops (operated by Loops Inc., using Amazon SES for delivery; United States) — waitlist contacts, newsletter contacts, and the contact properties described in Section 2.
• Stripe (United States) — subscription billing records.
• Cloudflare Workers (global edge network) — website traffic and edge function execution data for bridgedev.io.
• Google Analytics 4 (United States) — website measurement data for bridgedev.io.

Retention:

• Account and user content: retained for the life of your account. If you delete content within the app, it is removed from active storage and from backups within thirty (30) days.
• Closed accounts: account data is deleted within ninety (90) days of account closure, except for records we must retain by law (for example, payment records for tax purposes, typically seven years).
• Waitlist data: retained until you unsubscribe. Unsubscribing removes you from active sends within seven (7) days; we keep the suppression-list record indefinitely to honor your opt-out.
• Analytics: GA4 default retention applies (currently fourteen months for event data unless extended).
• Payment records: retained by Stripe per its policies. Bridge’s subscription metadata is retained for at least seven (7) years for tax and accounting compliance.

We do not sell your data. We do not rent your data. We do not share your User Content for cross-context behavioral advertising.

We share data only as needed to operate the Service, with the following categories of recipients:

• LLM providers you have selected (Anthropic, OpenAI, Google) — note content and prompts, when you use AI features. See Section 4.
• Infrastructure providers we use to operate the Service — Google Firebase, Cloudflare, Loops / Amazon SES, Stripe, RevenueCat (future), Google Analytics. Each acts as a sub-processor and is bound by their own privacy commitments.
• Legal compliance. We may disclose information when required by law, subpoena, or other legal process, or to protect the rights, property, or safety of Bridge, our users, or others.
• Business transfers. If Bridge Agentic Solutions LLC is acquired, merged, or sells substantially all of its assets, user information may be transferred as part of that transaction. We will provide notice and any required consent opportunity in line with applicable law.

The bridgedev.io website uses a small set of strictly necessary cookies and privacy-first analytics cookies. The Bridge mobile application does not use web cookies (the app uses platform-standard secure storage). Full details are in our Cookie Policy.

You can:

• Access the personal information we hold about you by writing to privacy@bridgedev.io.
• Correct inaccurate information by editing your account settings or contacting us.
• Export your notes, plans, and generated artifacts. Export functionality is available in-app and is also available on request. If we discontinue the Service, we commit to providing data export during the 90-day discontinuation notice period (see Terms of Service §5).
• Delete your account and associated content by contacting privacy@bridgedev.io. Deletion takes effect within thirty (30) days, subject to legal retention requirements.
• Unsubscribe from marketing email via the one-click link at the bottom of any marketing email. Transactional email related to your subscription continues regardless.

If you are a California resident, the California Consumer Privacy Act (as amended by the California Privacy Rights Act) gives you the following rights:

• Right to know what personal information we collect and how we use it.
• Right to delete personal information, subject to exceptions.
• Right to correct inaccurate personal information.
• Right to opt out of the sale or sharing of personal information.
• Right to limit the use of sensitive personal information.
• Right to non-discrimination for exercising these rights.

We do not sell or “share” personal information as those terms are defined under the CCPA. Bridge has not sold or shared personal information in the past twelve (12) months and does not intend to do so.

To exercise California privacy rights, contact privacy@bridgedev.io. We will respond within the time required by law.

Bridge is operated from the United States and currently intended for use by residents of the United States. If you access the Service from the European Economic Area, United Kingdom, or Switzerland, the following additional rights apply to your personal data under the GDPR (and UK GDPR for UK residents):

• Right of access to your personal data.
• Right to rectification of inaccurate data.
• Right to erasure (“right to be forgotten”), subject to exceptions.
• Right to restriction of processing.
• Right to data portability in a machine-readable format.
• Right to object to processing based on legitimate interest.
• Right to lodge a complaint with your local supervisory authority.

Lawful basis for processing under GDPR: we process account and content data to perform our contract with you (Article 6(1) (b)); we send marketing communications based on your consent (Article 6(1)(a)); we use analytics on the basis of our legitimate interest (Article 6(1)(f)) in understanding site usage to improve the Service.

International transfers. Bridge’s infrastructure is located primarily in the United States. To the extent we transfer personal data from the EEA, UK, or Switzerland to the United States, we rely on appropriate safeguards such as the EU Standard Contractual Clauses entered into with our sub-processors.

To exercise European privacy rights, contact privacy@bridgedev.io.

Bridge is not directed at, and is not intended for use by, children under the age of thirteen (13). We do not knowingly collect personal information from anyone under 13. If you believe a child under 13 has provided us with personal information, contact privacy@bridgedev.io and we will delete the information.

We use commercially reasonable technical and organizational measures to protect personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption in transit (TLS) for data moving between your device and our infrastructure and between our infrastructure and sub-processors.
• Encryption at rest for data stored in Firebase and other sub-processor systems where the provider supports it.
• Role-based access controls within our organization. Bridge is currently a single-member LLC; access to user content is limited to what is strictly necessary for service operation and support.
• Platform-level secure storage on iOS and Android for sensitive on-device data, including your LLM provider API key.

No security measure is perfect. If we become aware of a security incident involving your personal information, we will notify you in line with applicable law.

We may update this Privacy Policy from time to time. For material changes, we will provide notice by email or in-app notice before the change takes effect. The “Last updated” date at the top reflects the most recent update. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

Questions about this policy, requests to exercise privacy rights, or other privacy concerns may be directed to privacy@bridgedev.io, or in writing to: