← Back

Privacy Policy

Last updated: March 6, 2026

1. What We Collect

When you use The Bored Room, we collect and store the following data in your account:

  • Conversations & messages — your chat history with your AI Team and connected models.
  • Business memory — facts, preferences, decisions, playbooks, and instructions extracted from your conversations and approved artifacts.
  • Documents & artifacts — files, reports, creative assets, transcripts, and outside AI work you save, add as source material, link, or generate through the app.
  • Source material & linked references — images, PDFs, spreadsheets, decks, videos, and external source references you attach to conversations, Actions, or the Library.
  • Account info — email address and authentication credentials.
  • Usage data — AI operation counts and service usage needed for limits, billing, and reliability (no behavioral tracking).

2. How We Use Your Data

Your data is used exclusively to provide the service:

  • Delivering AI Team responses and operating recommendations.
  • Extracting and retrieving business memory so future work has company context.
  • Rendering your Library, Business Map, Actions, and Briefing.
  • Routing context to frontier models and connected systems when you ask TBR to create or analyze an artifact.
  • Enforcing usage limits and account security.

We do not sell your data. We do not use your data for advertising. We do not train AI models on your data.

3. Third-Party AI Services

The Bored Room processes your data using the following third-party AI services:

  • Anthropic (Claude)— Used for chat, memory extraction, and agent tasks. Your messages and business data are sent to Anthropic's API for processing. Anthropic's privacy policy: https://www.anthropic.com/privacy
  • OpenAI (GPT)— Used for chat, research, and text embeddings. Your messages and data are sent to OpenAI's API. OpenAI's privacy policy: https://openai.com/privacy
  • Google (Gemini)— Used for chat, briefing generation, image generation, and memory organization. Your data is sent to Google's Gemini API. Google's AI privacy: https://ai.google/privacy

Your data is transmitted securely (HTTPS/TLS) and is not used to train these providers' models under our API agreements. We do not share your data with any other third parties for advertising or marketing purposes.

4. Data Storage

All user data is stored in Supabase (hosted on AWS). Every table has Row-Level Security (RLS) enabled — you can only access your own data. Business accounts keep each company's Library, Business Map, Actions, integrations, and artifacts isolated under your login. Source material files are stored in Supabase Storage with per-user path isolation.

5. Your Rights

  • Export — download all your data as a ZIP file from Settings.
  • Delete — permanently delete your account and all associated data from Settings. Deletion cascades to all tables.
  • Edit — edit or delete individual memories, conversations, and documents at any time.

6. Cookies

We use a single authentication session cookie managed by Supabase Auth. We do not use analytics cookies, advertising cookies, or third-party tracking cookies.

7. Security

We implement industry-standard security measures including HTTPS enforcement, HSTS, CSRF protection, Content Security Policy headers, input validation, rate limiting, and optional two-factor authentication (TOTP).

8. Contact

For privacy-related questions, contact us at privacy@theboredroom.ai.