Bedrock AI — Privacy Policy
Effective Date: July 10, 2026 Last Updated: July 10, 2026
1. Introduction
This Privacy Policy explains how Bedrock AI, a service operated by Bedrock AI ("Bedrock AI," "we," "us," or "our"), collects, uses, shares, and protects information in connection with our automation platform and services (the "Services").
This Policy covers two categories of people:
- Our Clients — the businesses that subscribe to and use the Services.
- Client Customers / End Users — the individuals your Client communicates with through the Services (for example, a person who called your Client's business and received an automated text back).
For Client Customer data, our Client is the party that decides what data is collected and why. In data-protection terms, the Client is the "controller" of that data and Bedrock AI acts as the "processor" — we process it on the Client's behalf and under the Client's instructions. If you are a Client Customer with questions about your data, please contact the business you interacted with; you may also contact us at the address below.
2. Information We Collect
2.1 From Clients (business/account data):
- Business identity: business name, address, business phone, website, and, where required to provision messaging, business registration or authorized-representative details.
- Account data: owner and user names, email addresses, login credentials, and roles.
- Payment data: processed by our payment processor (Stripe). We do not store full card numbers; we receive limited billing metadata (such as the last four digits, card brand, and payment status).
- Usage data: how you configure and use modules, settings, and activity within the Platform.
2.2 Client Customer data (processed on the Client's behalf):
- Contact data: phone numbers and, where the Client provides it, names and related contact details of the Client's own customers and leads.
- Communications data: the content, timing, and delivery/response status of messages (SMS, iMessage, RCS) and records of calls to the Client's provisioned number (such as missed-call events).
- We process this data solely to provide the Services the Client has activated.
2.3 Automatically collected technical data:
- Standard technical data such as IP address, device/browser type, and log data when Clients or users access the Platform.
3. How We Use Information
We use information to:
- Provide, operate, maintain, and secure the Services and their modules.
- Provision and manage messaging lines and deliver messages the Client initiates.
- Process payments and manage subscriptions.
- Communicate with Clients about their account, support, and service changes.
- Monitor, troubleshoot, prevent abuse, and improve the Services.
- Comply with legal obligations and enforce our Terms.
We do not sell personal information. We do not use Client Customer communications data for our own advertising, and we do not use it to build advertising profiles.
4. How We Share Information (Subprocessors)
We share information with third-party service providers ("subprocessors") only as needed to provide the Services. As of the effective date, these include:
| Provider | Purpose | Data involved |
|---|---|---|
| Stripe | Payment processing | Client billing data |
| Messaging provider (Sendara and/or Twilio, and underlying carriers/Apple) | Message delivery (iMessage / RCS / SMS) and call handling | Client Customer phone numbers, message content, delivery status |
| Supabase (or your hosting/database provider) | Application database and authentication | Client and Client Customer data stored by the Platform |
| Vercel | Application hosting | Technical and application data |
| Anthropic (AI provider) | AI-generated message drafting/analysis, where a module uses it | Content necessary to generate the relevant output |
We may also disclose information: (a) to comply with law, legal process, or lawful requests; (b) to protect our rights, safety, or property, or that of others; (c) in connection with a merger, acquisition, or sale of assets, subject to this Policy; and (d) with the Client's direction or consent.
5. Data Retention
We retain Client account data for as long as the account is active and as needed to provide the Services. We retain Client Customer data on the Client's behalf for as long as the Client's account is active or as instructed by the Client, after which it is deleted or anonymized in accordance with our retention practices, unless longer retention is required by law. On account termination, provisioned messaging lines may be deactivated and associated data deleted per Section 11.4 of our Terms.
6. Data Security
We use reasonable technical and organizational measures designed to protect information, including access controls, tenant isolation, and encryption in transit. Sensitive business-identity fields are stored with additional protection. No system is perfectly secure, and we cannot guarantee absolute security. Clients are responsible for safeguarding their own login credentials and for controlling which of their users have access.
7. Your Choices and Rights
7.1 Clients. You may access or update your account information within the Platform or by contacting us. You may cancel your subscription as described in the Terms.
7.2 Client Customers. Because we process your data on behalf of the business you interacted with, requests to access, correct, or delete your data are generally directed to that business. Where we are able, we will assist our Client in honoring valid requests. You may opt out of messages at any time by replying "STOP" (or the applicable opt-out keyword), which the Client is required to honor.
7.3 State privacy rights. Depending on your state of residence, you may have rights to access, correct, delete, or restrict certain uses of your personal information, and to be free from discrimination for exercising them. To exercise rights with us directly, contact gage@getbedrockai.com.
8. Children's Privacy
The Services are for businesses and are not directed to children under 13 (or the minimum age in the relevant jurisdiction). We do not knowingly collect personal information from children. Clients must not use the Services to message individuals in violation of laws protecting minors.
9. International Users
The Services are operated from the United States and intended for U.S. businesses and their U.S. customers. If you access the Services from outside the U.S., you consent to processing in the U.S., which may have different data-protection laws than your jurisdiction.
10. Changes to This Policy
We may update this Policy by posting a revised version with a new effective date and, for material changes, providing reasonable notice. Continued use after the effective date constitutes acceptance.
11. Contact Us
Bedrock AI A service operated by Gage Dorris, a Texas sole proprietorship P.O. Box 9107, Huntsville, TX 77340 gage@getbedrockai.com
For data requests, use the contact above and identify whether you are a Client or a Client Customer so we can route your request correctly.