Bebriz← Back home

Legal

Privacy Policy

Effective date: May 29, 2026

This Privacy Policy explains how Bebriz, located at 3832 Brockenhurst Dr., Buford, GA 30519, United States (“we”, “us”) collects, uses, and protects your information when you use our AI-powered Etsy listing optimization service. We are the data controller for the personal information described below and are committed to handling your data transparently — collecting only what we need to make the Service work.

1. Information We Collect

You provide directly

  • Account info: email address, first name, and password (stored hashed).
  • Product photos: the images you upload for AI processing.
  • Listing details: product name, category, and price you enter for each listing.
  • Billing info: handled by Stripe; we never see or store your card number. We retain your Stripe customer ID and subscription status.

Collected automatically

  • Usage data: pages visited, features used, generation counts, timestamps, and approximate location derived from IP address.
  • Device data: browser type, OS, screen size, IP address, and session cookies for authentication.

2. How We Use Your Information

  • Authenticate you and provide the Service;
  • Send your photos and prompts to our AI model providers (OpenAI) to generate optimized output;
  • Process payments and manage subscriptions through Stripe;
  • Send transactional emails (account confirmation, billing receipts, password resets);
  • Improve the Service by analyzing aggregate, non-identifying usage patterns;
  • Detect abuse, prevent fraud, and enforce our Terms.

3. AI Training

We do not use your uploaded photos to train our own models. Photos are sent to OpenAI’s API to generate output, then stored only to display results back to you. OpenAI’s API has zero-data-retention terms for our usage — your inputs are not used to train OpenAI’s models either.

4. Sharing Your Data

We share data only with:

  • Supabase — authentication, database, and file storage (US-hosted).
  • Stripe — payment processing and subscription management.
  • OpenAI — AI inference for photo enhancement and text generation.
  • Resend / email provider — transactional email delivery.
  • Law enforcement, only when required by valid legal process.

We do not sell your personal information and we never share your photos with advertisers.

5. Retention

  • Account data: kept while your account is active.
  • Photos & listings: kept until you delete them or close your account.
  • Backups: retained for up to 30 days after deletion.
  • Billing records: retained for 7 years as required for tax and accounting.

6. Security

We use industry-standard practices including encrypted transport (HTTPS), encryption at rest in Supabase Storage, Postgres row-level security (RLS) that strictly isolates each user’s data, and short-lived signed URLs for photo access. Passwords are hashed (bcrypt). No system is 100% secure, and we make no warranty of impenetrability.

7. Your Rights

All users

  • Access — download a copy of your data via support request;
  • Correct — update incorrect info from your dashboard or by email;
  • Delete — request deletion of your account and associated data by emailing support@bebriz.com or via the dashboard;
  • Export — request a portable copy of your photos and listings.

California residents (CCPA/CPRA)

You have the right to know what personal information we collect, the right to delete it, and the right to opt out of any sale or sharing (we don’t sell or share for cross-context advertising). Contact us to exercise these rights.

European Economic Area, UK, Switzerland (GDPR)

You have the right to access, rectify, erase, restrict, or port your data, and to object to certain processing. Lawful bases include contract performance (providing the Service), legitimate interests (security, fraud prevention), and consent (marketing emails — none currently sent). You may lodge a complaint with your local data protection authority.

8. Cookies

We use a small number of essential cookies for authentication (Supabase session) and CSRF protection. We do not use third-party advertising cookies. We may add an analytics cookie (PostHog) in the future; this policy will be updated when that happens.

9. Children

The Service is not directed to children under 13 (or under 16 in the EEA). We do not knowingly collect data from children. If you believe a child has provided us information, please contact us so we can delete it.

10. International Transfers

Bebriz is hosted in the United States. If you access the Service from outside the US, your data will be transferred to and processed in the US. Where required, we rely on Standard Contractual Clauses or equivalent safeguards.

11. Changes to This Policy

We may update this Policy from time to time. Material changes will be announced by email or in-product. Continued use after the effective date constitutes acceptance.

12. Contact

For privacy questions or to exercise your rights, contact us at:

Bebriz
3832 Brockenhurst Dr.
Buford, GA 30519
United States
support@bebriz.com