Privacy Policy

Last updated: May 2, 2026

BubbleRag is built so your internal knowledge stays yours. Your documents and conversations are stored with strong protections, scoped to your account and your bubbles, and processed only to run the product you signed up for. We do not sell your data. We do not use your uploads or chat history to train public AI models.

Encryption and transport security

When you use BubbleRag in the browser, traffic between you and our services is protected with industry-standard TLS (HTTPS). That means sign-in, uploads, chat requests, and downloads are encrypted in transit so they cannot be read as plain text over the network.

Your files and application data live in encrypted cloud infrastructure provided by leading providers (for example, encrypted object storage and managed databases). At rest, your content benefits from the same encryption and physical security practices those platforms use for enterprise customers worldwide.

How private are your documents?

Documents you upload are tied to your account or, if you use organizations, to the org you choose. They are not mixed into a global pool that other customers can search. Retrieval (RAG) only pulls from the documents you have attached to a given bubble, so answers stay grounded in your corpus for that space.

  • Isolation by bubble. Each bubble is its own knowledge boundary. What you put in one bubble is not used to answer questions in another unless you attach the same file there on purpose.
  • Access control. Only authenticated users you allow (for example, org members) can reach org-scoped content, consistent with how the product is designed.
  • Deletion. When you delete a document, we remove it from our systems and storage backing the service so it is not left sitting in your library.
  • Downloads. When you open a file from the app, we use short-lived signed links so access is time-bound, not a permanent public URL.

How private are your chats?

Conversations are stored so you can continue threads, see history, and get cited answers from your documents. They are not published, indexed for the open web, or shared with other BubbleRag customers.

  • Account-scoped. Chat history is associated with your user account and the bubble you are working in.
  • Same encryption story. Chat data is protected in transit (TLS) and stored in the same class of encrypted, access-controlled infrastructure as the rest of the application.
  • No training on your content for public models. We do not use your prompts, responses, or uploaded files to train general-purpose models for the world. Third-party model providers may process requests to generate outputs; their handling is governed by their policies and our agreements as applicable.

If you delete a conversation, it is removed from the product alongside its messages so it no longer appears in your history.

Embeddings and “under the hood”

To retrieve the right passages, BubbleRag creates vector embeddings from text derived from your files. Those embeddings live in systems that belong to your workspace logic (they are not a public search index). They exist to make retrieval accurate and fast, not to advertise your data.

Authentication

Sign-in and session security use established identity providers so only you use your account. Combined with our server-side authorization checks, that keeps requests tied to verified users rather than anonymous access.

Payments and billing

Payment details are handled by our payment processor (Stripe). BubbleRag does not store full card numbers on our own servers. Billing records may reflect usage attributable to your account or organizations you manage, consistent with providing invoices and dashboards.

What we collect (summary)

We collect the minimum needed to operate the service, for example:

  • Account information (such as email, display name, and authentication identifiers)
  • Content you upload and the chats you send
  • Technical and usage data typical for securing and improving a web application (such as diagnostics and abuse prevention)
  • Billing identifiers and usage attributable to billing, where you are on a paid plan

We use this data to provide BubbleRag, support you, comply with law, and protect the platform.

Third-party services

BubbleRag relies on subprocessors such as cloud hosting, databases, object storage, email, analytics or logging vendors, identity services, AI inference providers, and payment processors. They receive only what is needed to perform their role. We choose providers with strong security practices; their own privacy policies apply in addition to this overview.

International users

Infrastructure and subprocessors may be located in jurisdictions other than your own. Where we transfer data internationally, we rely on appropriate safeguards as required by applicable law.

Your rights

Depending on where you live, you may have rights to access, correct, delete, or restrict certain processing of your personal information, or to object or port data. Contact us using the email below and we will respond in line with applicable law. You may also have the right to complain to your local supervisory authority.

Changes

We may update this policy as the product or legal requirements evolve. Material changes will be reflected here with an updated effective date.

Contact

Questions about privacy or this policy:
[email protected]

This policy is intended to communicate how we approach privacy today. Have your lawyer review alongside your Terms of Service before you rely on it for regulatory or contractual purposes.