BEEAGENT PRIVACY POLICY

BEEAGENT, S.L. (hereinafter, "BeeAgent", "We" or "the Company") is committed to protecting the privacy of its users. This Privacy Policy describes how we collect, use, store, and share personal information, including Google user data, when you use our platform accessible at beeagent.ai (the "Platform").

By accessing or using the Platform, you agree to the practices described in this Privacy Policy. If you do not agree with any of the terms set forth herein, please do not use the Platform.

We may collect and process the following categories of personal data:

• Registration and account data: first name, last name, email address, password (stored as a securely hashed value), company name, and job title.
• Usage data: information about how you interact with the Platform, pages visited, features used, access logs, and diagnostic data.
• Payment data: billing information required to process subscriptions (managed by our payment provider; BeeAgent does not store credit card data).
• Google data: when you connect your Google account, we may access certain Google data as described in Section 3 of this Policy.
• Communications: messages you send us via contact forms or email.
• Technical data: IP address, browser type, operating system, device identifiers, and cookies (see Section 9).

When a user connects their Google account, BeeAgent may access the user's Google account email address and Gmail data required to provide the requested functionality. Depending on the user's configuration, this may include Gmail labels, message identifiers and thread identifiers, and email content and related metadata such as subject line, sender, recipients, cc, date, message identifiers, thread information, and message body content.

3.1. Google data we access:

• Google account email address.
• Gmail labels, message identifiers, and thread identifiers required to provide the enabled functionality.
• Email content and related metadata, such as subject line, sender, recipients, cc, date, thread information, and message body content, where required to provide the requested functionality.

3.2. Purpose of Google data use:

BeeAgent uses this data solely to provide the requested Gmail integration and user-configured email automations. Depending on the features enabled by the user, BeeAgent may automatically or upon user configuration classify emails, generate drafts, send emails or replies on the user's behalf, create, apply or remove labels, mark messages as read, and move messages, in accordance with the user's settings and active automations. All automated actions are based on settings, rules, and automations configured and controlled by the user, and can be modified or disabled by the user at any time.

3.3. Limitations on Google data use:

• BeeAgent does not sell Google user data to third parties under any circumstances.
• BeeAgent does not use Google data for targeted advertising, advertising profiling, or any purpose unrelated to providing the service.
• BeeAgent only accesses and uses Google user data to provide user-facing features that are directly requested, enabled, and controlled by the user.
• BeeAgent does not use Google user data to train, improve, or develop generalized artificial intelligence or machine learning models.
• To provide certain user-requested features, such as email classification and draft generation, BeeAgent may process relevant email content and metadata using contracted service providers, including AI processing providers. All such providers act as data processors under strict contractual obligations and are not permitted to use Google user data for training or improving generalized or foundation AI/ML models. Such processing is limited to providing the requested functionality.
• BeeAgent does not allow any employee or contractor to read your Google user data, except in the following limited circumstances: (a) you have given us explicit permission to access specific data for a support or troubleshooting request you have initiated; (b) access is necessary for security purposes, such as investigating abuse or technical incidents; or (c) access is required by applicable law. In all cases, access is limited to the minimum necessary and subject to confidentiality obligations.
• BeeAgent's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

3.4. Data retention:

BeeAgent retains Google user data only for as long as necessary to provide the service, maintain security, satisfy legal obligations, and enforce user-configured automations, and deletes or anonymizes such data when it is no longer required, unless a longer retention period is required by law.

3.5. Revoking Google access:

You may revoke BeeAgent's access to your Google account at any time from your Google account permissions page.

We use the collected personal data for the following purposes:

• Service delivery: to provide, operate, and maintain the Platform and its features, including the intelligent email agent.
• Account management: to create and manage your account, authenticate your identity, and manage your subscription.
• Communications: to send you service-related notifications, respond to your queries, and, with your consent, marketing communications.
• Service improvement: to analyze usage patterns to improve the functionality, user experience, and security of the Platform.
• Legal compliance: to comply with applicable legal and regulatory obligations.
• Fraud prevention: to detect, investigate, and prevent fraudulent or illegal activities.

The legal basis for processing is the performance of the service contract, BeeAgent's legitimate interest in improving its services, compliance with legal obligations, and, where necessary, the user's consent.

BeeAgent does not sell your personal data or Google data to third parties. We may share information in the following limited circumstances:

• Service providers: we share data with trusted providers that help us operate the Platform (e.g., cloud infrastructure providers, payment platforms, analytics services), always under confidentiality and data protection agreements that prohibit use of the data for purposes other than those contracted.
• Legal obligation: we may disclose information when required by law, court order, or competent authority.
• Rights protection: when necessary to protect the rights, property, or safety of BeeAgent, its users, or third parties.
• Corporate transactions: in the event of a merger, acquisition, or asset sale, data may be transferred to the new owner, who will be bound by this Privacy Policy.

Under no circumstances will Google data be shared with third parties for advertising, commercial profiling, third-party artificial intelligence unrelated to the service, or for any purpose not directly related to the provision of the BeeAgent service to the user.

BeeAgent implements appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, alteration, or accidental disclosure. Measures adopted include:

• Encryption in transit: all communications between your browser and our servers use TLS/HTTPS protocol.
• Encryption at rest: sensitive data stored in our systems is encrypted.
• Access control: access to user data is restricted to personnel who need it to provide the service, under confidentiality agreements.
• Regular audits and reviews: we conduct regular reviews of our security practices and assess their effectiveness.
• Breach notification: in the event of a security breach affecting your data, we will notify you as required by applicable regulations (GDPR).

Despite the measures adopted, no security system is completely infallible. We recommend that you protect your login credentials and notify us of any unauthorized use of your account.

We process and retain personal data in accordance with Regulation (EU) 2016/679 (GDPR) and other applicable European regulations. We retain your personal data for as long as necessary to fulfill the purposes described in this Privacy Policy, unless applicable law requires or permits a longer retention period. The criteria used to determine the retention period include:

• Active account data: retained while your account is active or as long as necessary to provide you with the service.
• Google data (Gmail): Data accessed through Google APIs is processed to provide the service. BeeAgent may store account connection data, message identifiers, processing records, classification results, and action records for operational, security, and audit purposes. Where draft-generation features are used, draft content may also be processed and stored as part of service operation.
• After account cancellation: Upon account closure, BeeAgent will delete or anonymize personal data in accordance with its retention obligations and operational requirements, unless a longer retention period is required by law.
• Legal obligations: certain data (e.g., invoices) may be retained for the legally required period.

You may request the deletion of your data at any time as provided in Section 8 of this Policy.

In accordance with Regulation (EU) 2016/679 (GDPR) and applicable data protection law, you have the following rights regarding your personal data:

• Access: request confirmation of whether we process your data and obtain a copy thereof.
• Rectification: request correction of inaccurate or incomplete data.
• Erasure: request deletion of your data when it is no longer necessary for the purposes for which it was collected.
• Restriction of processing: request suspension of the processing of your data in certain circumstances.
• Portability: receive your data in a structured, commonly used, and machine-readable format.
• Objection: object to the processing of your data based on legitimate interest.
• Withdraw consent: where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at [email protected] or Avenida Diagonal, num. 575, Edificio La Illa, Módulo II, Floor 2, 08029 Barcelona, Spain. We will respond to your request within the legally established timeframe. If you are not satisfied, you may file a complaint with the Spanish Data Protection Agency (AEPD) at www.aepd.es or with the supervisory authority of your country of residence.

We use cookies and similar technologies on the BeeAgent website. Strictly necessary cookies remember your cookie choice and provide basic site functions; they do not require consent. Analytics cookies and analytics storage are only activated if you expressly accept them. Until then, we do not load Google Analytics or send analytics events.

• BeeAgent consent preference: stored in the browser through local storage. Purpose: remember whether you accepted or rejected analytics cookies. Category: necessary. Retention: 6 months, unless you clear the browser choice earlier or we update the consent version.
• Google Analytics 4 (_ga and _ga_*): provider Google Ireland Limited. Purpose: aggregated measurement of site usage, visited pages, and call-to-action interaction to improve the site. We do not use these cookies for personalized advertising. Category: analytics. Usual retention: up to 2 years depending on Google Analytics settings. These cookies are only stored after your consent; before consent, Google Analytics remains disabled.

You can accept, reject, or configure analytics cookies from the initial banner and change your choice at any time from the Cookies link in the footer. You can also delete or block cookies from your browser settings.

BeeAgent reserves the right to update this Privacy Policy at any time to reflect changes in our practices, applicable regulations, or the services offered. When we make material changes, we will notify you with a prominent notice on the Platform or by email with reasonable advance notice.

We recommend that you periodically review this Policy to stay informed about how we protect your information. Your continued use of the Platform after changes are posted constitutes acceptance of the updated Policy.

The data controller is:

BEEAGENT, S.L.
Avenida Diagonal, num. 575, Edificio La Illa, Módulo II, Floor 2, 08029 Barcelona, Spain
Email: [email protected]

If you have any questions or concerns about this Privacy Policy or the processing of your personal data, please do not hesitate to contact us using the details above.