Privacy Policy

    Last updated: March 13, 2026

    1. Introduction

    BuddyAI ("we", "our", or "us") operates the following AI-powered platforms:

    • TicketBuddy — AI-powered customer support and ticket management
    • ReviewBuddy — AI-powered Google review management and response generation
    • KeywordBuddy — AI-powered keyword research and SEO analysis tool

    All platforms are accessible via ticketbuddy.ai.

    This Privacy Policy explains how we collect, use, store, and protect your personal information when you use any of our platforms.

    By creating an account or using any of our platforms, you agree to the collection and use of information in accordance with this policy.

    2. Information We Collect

    2.1 Account Information

    • First name, last name, and display name
    • Email address and profile picture (from Google OAuth if used)
    • Role within your team (Admin, Agent, or User)
    • Onboarding status and step progress
    • Invitation origin (if you were invited by another user)

    2.2 Authentication & Security Data

    • Hashed passwords (bcrypt, 12 rounds — we never store plain-text passwords)
    • Email verification tokens and expiry timestamps
    • Password reset tokens and expiry timestamps
    • Google OAuth ID and provider type (for Google sign-in users)
    • JWT session tokens (7-day expiry, stored as browser cookies)

    2.3 Email Integration Data (TicketBuddy)

    When you connect a Gmail account for support email integration on TicketBuddy, we store:

    • Gmail OAuth access tokens and refresh tokens (encrypted in our database)
    • Token expiry metadata
    • The linked support email address and display name
    • Company name and support inbox configuration

    2.4 Ticket & Support Data (TicketBuddy)

    • Email content (subject lines, body, HTML-formatted threads)
    • Sender and recipient email addresses
    • Attachment file names and metadata
    • Ticket status, priority, tags, and confidence scores
    • Agent assignment and team collaboration data

    2.5 Review & Business Profile Data (ReviewBuddy)

    When you connect your Google Business Profile on ReviewBuddy, we access and store:

    • Google Business Profile location IDs and display names
    • Customer review content, star ratings, and reviewer names
    • AI-generated reply drafts and your edited/published responses
    • Review response history and publication timestamps

    2.6 Keyword & Search Data (KeywordBuddy)

    • Keyword queries and search terms you submit for analysis
    • Keyword metrics, volume estimates, and difficulty scores returned by our AI
    • Saved keyword lists and project names
    • Export history and report generation logs

    2.7 Knowledge Base Content (TicketBuddy)

    • Uploaded documents (PDFs, text files)
    • Website content provided for scraping
    • Direct text entries submitted for AI training
    • Processed and extracted content stored for RAG (Retrieval-Augmented Generation)

    2.8 Subscription & Billing Data

    • Stripe Customer ID and Subscription ID
    • Subscription status (trialing, active, canceled, past_due)
    • Trial start and end dates
    • Payment method status (managed by Stripe — we do not store card numbers)

    2.9 Usage & Technical Data

    • Account creation and update timestamps
    • Log data for application monitoring and error reporting
    • Browser cookies for session management (see Section 7)

    3. How We Use Your Information

    • To create and manage your account and team workspace across our platforms
    • TicketBuddy: To convert incoming emails into organised support tickets and send replies on your behalf via your connected Gmail account
    • ReviewBuddy: To fetch your Google reviews, generate AI reply drafts, and publish responses to your Google Business Profile
    • KeywordBuddy: To run keyword analysis, return SEO metrics, and generate research reports
    • To power AI features such as auto-tagging, priority assignment, and knowledge base queries
    • To send transactional emails (account verification, password reset, trial notifications)
    • To process subscription payments and manage billing via Stripe
    • To enforce role-based access controls and team permissions
    • To improve the reliability and accuracy of our platforms
    • To comply with applicable legal obligations

    4. Google API Services & Data Usage

    Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

    4.1 Gmail (TicketBuddy)

    When you connect your Gmail account, we request the following OAuth scopes:

    • gmail.readonly — to read incoming support emails and create tickets
    • gmail.send — to send replies from your Gmail address
    • gmail.compose — to compose new support emails
    • gmail.modify — to archive or update email labels

    4.2 Google Business Profile (ReviewBuddy)

    When you connect your Google Business Profile, we request access to:

    • Read your business locations and associated reviews
    • Post replies to reviews on your behalf

    We explicitly commit that across all Google API integrations:

    • Google data is used only to operate the specific features you configured
    • We do not sell, share, or use Google data for advertising purposes
    • We do not use Google data to train general-purpose AI models
    • You can disconnect your Google account at any time from the Settings page
    • Revoking access will delete your stored Google OAuth tokens from our database

    5. Third-Party Services

    Our platforms integrate with the following third-party services. Each service operates under its own privacy policy.

    ServicePurposeUsed by
    Google OAuth 2.0User authentication and Gmail / Google Business Profile integrationAll platforms
    Google Business Profile APIFetching reviews and posting AI-generated repliesReviewBuddy
    Azure OpenAIAI-powered ticket analysis, review reply generation, and keyword researchAll platforms
    Azure Blob StorageStoring knowledge base documents (PDFs, text files, scraped content)TicketBuddy
    Azure PostgreSQLPrimary database for all user, ticket, review, and account dataAll platforms
    StripeSubscription billing and payment processingAll platforms
    ResendTransactional email delivery (verification, password reset)All platforms

    We do not sell your personal data to any third party for marketing or advertising purposes.

    6. Data Storage & Security

    • All data is stored on Microsoft Azure infrastructure (Azure PostgreSQL database and Azure Blob Storage)
    • Passwords are hashed using bcrypt with 12 salt rounds — plain-text passwords are never stored
    • All data in transit is encrypted using TLS/HTTPS
    • Azure PostgreSQL connections use SSL encryption
    • OAuth tokens are stored in the database and access is protected by JWT-based authentication
    • Role-based access control (RBAC) restricts data access to authorised team members only
    • UUIDs are used as primary keys to prevent ID enumeration attacks

    7. Cookies & Session Tokens

    Our platforms use browser cookies to maintain your authenticated session. No third-party advertising or tracking cookies are used.

    CookiePurposeExpiry
    tokenJWT authentication token7 days
    userIdUser identifier for API calls7 days
    emailLogged-in user email7 days
    roleUser role for access control7 days
    nameDisplay name7 days

    8. Data Retention

    • Account data is retained for the duration of your subscription and a reasonable period thereafter
    • TicketBuddy ticket and thread data is retained while your account is active
    • ReviewBuddy review response history is retained while your account is active
    • KeywordBuddy saved keyword lists and reports are retained while your account is active
    • Knowledge base documents are retained until you delete them or close your account
    • Gmail and Google Business Profile OAuth tokens are deleted immediately when you disconnect your account
    • You may request complete data deletion by contacting us at info@ticketbuddy.ai

    9. Your Rights

    Depending on your jurisdiction, you may have the following rights regarding your personal data:

    • Access — Request a copy of the personal data we hold about you
    • Correction — Request correction of inaccurate or incomplete data
    • Deletion — Request deletion of your personal data ("right to be forgotten")
    • Portability — Request an export of your data in a machine-readable format
    • Withdrawal of Consent — Disconnect Google access or close your account at any time
    • Objection — Object to certain types of data processing

    To exercise any of these rights, contact us at info@ticketbuddy.ai.

    10. Children's Privacy

    TicketBuddy, ReviewBuddy, and KeywordBuddy are not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us immediately.

    11. Changes to This Policy

    We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of TicketBuddy, ReviewBuddy, or KeywordBuddy after changes are posted constitutes your acceptance of the revised policy.

    12. Contact Us

    If you have any questions, concerns, or requests related to this Privacy Policy, please contact us: