Privacy Policy

1. Data controller & contact

For personal data that we determine the purposes and means of processing (where we act as controller), the controller is the Become legal entity identified on our Legal notice page. For privacy requests relating to that processing, contact privacy@usebecome.com.

2. Who this applies to

This policy applies to visitors to Become properties, account holders, developers who integrate Become, and end users who interact with Become-powered experiences inside customer applications. Depending on context, we act as a data controller for website, marketing, and account administration data, and as a processor (or sub-processor) for personal data our customers instruct us to process when they use the Services to serve their own users. Where another organisation (for example, your employer or an app publisher) decides why and how data is processed, that organisation is typically the controller—we explain how to contact us and when to contact them below.

3. Personal data we collect

• Account & contact data: name, email, company name, role, billing contact details, and messages you send us.
• Transaction data: subscription and payment metadata processed by payment service providers (we do not store full payment card numbers on our servers).
• Technical & usage data: IP address, device and browser type, approximate location from IP, logs, diagnostics, pages viewed, feature usage, SDK version, and similar operational telemetry.
• Customer content: configuration (for example knowledge sources, prompts, labels), payloads processed to deliver agent functionality, and related metadata for moderation, safety, and support.
• Cookies & similar technologies: as described in our Cookie Policy.

4. Purposes & lawful bases (EEA, UK & Switzerland)

Where the GDPR (or equivalent UK or Swiss law) applies, we rely on the following lawful bases:

• Contract (Art. 6(1)(b) GDPR): providing the Services, managing your account, billing, and support you request.
• Legitimate interests (Art. 6(1)(f) GDPR): securing our systems, preventing abuse and fraud, product analytics that do not require consent under ePrivacy rules, improving reliability and features, and internal reporting, balanced against your rights—see "Your rights" below. Where required, we offer opt-outs (for example marketing email unsubscribe).
• Consent (Art. 6(1)(a) GDPR): where we are required to ask for consent (for example non-essential cookies or certain marketing), you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
• Legal obligation (Art. 6(1)(c) GDPR): compliance with tax, accounting, or regulatory obligations, and responding to lawful requests from public authorities.

We may use aggregated or de-identified information that is no longer personal data under applicable law for analytics, benchmarking, and service improvement.

5. AI processing & sub-processors

Become uses artificial intelligence models and cloud infrastructure operated by sub-processors. They process instructions and content only as needed to run the Services. We impose contractual data-protection obligations on sub-processors in line with our role as controller or processor. Business customers may receive or request a list of sub-processor categories and a copy of our standard contractual safeguards. Personal data processed on behalf of customers is governed by our DPA (where agreed) and customer instructions.

6. Sharing

We do not sell your personal data. We share personal data with service providers under written agreements, with professional advisers where necessary, in connection with a merger, acquisition, or asset transfer, when required by law or legal process, to protect rights, safety, and security, or with your clear instructions.

7. Retention & security

We keep personal data only as long as needed for the purposes above, including satisfying legal, tax, accounting, or reporting requirements, and resolving disputes. Retention varies by data category (for example account records, logs, backups, and customer content handled under a subscription). We apply technical and organisational measures appropriate to the risk. No method of transmission or storage is completely secure.

8. Your rights (EEA, UK & similar laws)

Subject to applicable law, you may have the right to: access your personal data; rectify inaccurate data; erase data ("right to be forgotten") in certain cases; restrict processing; data portability (for data you provided where we process on the basis of contract or consent); object to processing based on legitimate interests or for direct marketing; withdraw consent where processing was consent-based; and, where applicable, not be subject to a decision based solely on automated processing that produces legal or similarly significant effects (we describe automated processing below).

To exercise these rights, contact privacy@usebecome.com. We may need to verify your identity. If you use Become inside a customer's product, that customer may be solely or jointly responsible—we may refer you to them where appropriate.

You have the right to lodge a complaint with a supervisory authority. In the EEA, you may contact the authority in the member state of your habitual residence, place of work, or the place of the alleged infringement. A directory of EU supervisory authorities is published by the European Data Protection Board. In the UK, the Information Commissioner's Office handles complaints (https://www.ico.org.uk/).

9. Representative in the Union (Art. 27 GDPR)

If we are not established in the EEA but offer services to individuals in the EEA and processing is subject to the GDPR, we will designate an EU representative as required and publish their contact details on this page or our Legal notice when applicable.

10. International transfers

We may process personal data in the EEA, the UK, the United States, and other countries where we or our sub-processors operate. Where the GDPR or UK GDPR applies and we transfer personal data to countries not subject to an adequacy decision, we implement appropriate safeguards such as the EU Commission Standard Contractual Clauses (with supplementary measures where required) and, for UK transfers, the UK International Data Transfer Agreement or Addendum as appropriate. Copies of relevant transfer mechanisms may be available to customers on request, subject to confidentiality.

11. Automated processing & profiling

Become uses AI models to generate responses and suggestions. This may involve automated processing of inputs you or your users provide. We do not intend for the Services, as we offer them in the ordinary course, to substitute for human review where local law requires human oversight for decisions with legal or similarly significant effects on individuals; customers remain responsible for their own use cases and compliance.

12. Children

The Services are not directed at children under 16 (or a lower age where member state law sets a different digital-consent threshold). We do not knowingly collect personal data from children. Contact us if you believe we have collected data from a child and we will take steps to delete it where appropriate.

13. Changes to this policy

We may update this Privacy Policy. We will post the revised version with a new "Last updated" date. Where required by law, we will notify you of material changes (for example by email or in-product notice).

14. Contact

For privacy questions or requests: privacy@usebecome.com. Postal and company details: Legal notice.