Privacy Policy

Effective: 2 May 2026 · Last updated: 2 May 2026

Plain-English summary. We collect the minimum data needed to run Bimerge AI: your email and name, the social accounts you connect, the content you create, and aggregated analytics about your audience. We never sell your data, never share it with advertisers, and you can delete everything at any time.

1. Who we are

This Privacy Policy explains how Bimerge AI ("Bimerge AI", "we", "our", or "us") collects, uses, stores, and shares personal data when you use our website at bimerge.online and the related Bimerge AI application (together, the "Service").

For the purposes of the EU/UK General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA/CPRA), Bimerge AI is the data controller of personal data we collect from our users. When you connect a social platform account, we act as a data processor for the content and engagement data we retrieve on your behalf.

For privacy questions or to exercise your rights, contact us at privacy@bimerge.online.

2. What personal data we collect

2.1 Information you give us directly

  • Account data — name, email address, password (hashed), profile picture, timezone, and language preference.
  • Workspace data — workspace name, brand voice samples you upload, target personas, and team-member email addresses.
  • Content — posts, captions, hashtags, scheduled publishing times, prompts you enter into AI Compose, drafts, and approval comments.
  • Billing data — payment method information is collected and stored by our payment processor (Stripe). We receive only the last four digits, card brand, expiry, and billing country.
  • Support correspondence — messages you send via email, chat, or in-product feedback.

2.2 Information from social platforms you connect

When you authorize Bimerge AI to access an Instagram, Facebook, X (Twitter), LinkedIn, TikTok, or Pinterest account, we receive — strictly within the scope you grant — the following from each platform's API:

  • Account profile (handle, display name, avatar, follower count, public bio).
  • Posts, captions, and media metadata for scheduling and analytics.
  • Engagement metrics (impressions, reach, likes, comments, saves, shares, click-through).
  • Aggregated audience demographics where the platform exposes them (country, age band, gender, active hours).
  • Comments, mentions, and direct messages (only with your explicit per-platform consent).

We do not request or receive your social-platform passwords. Authorization is performed through each platform's official OAuth flow, and you can revoke it at any time from your platform's settings or from your Bimerge AI workspace.

2.3 Information collected automatically

  • Device and usage data — IP address, browser type and version, operating system, referrer URL, pages visited, actions taken, and timestamps.
  • Cookies and similar technologies — see our Cookie Policy for details.
  • Performance and error data — anonymized crash reports and performance traces from our error-monitoring tools.

3. Why we use your data (legal bases)

PurposeLegal basis (GDPR)
Provide the Service (account creation, posting, scheduling, analytics)Contract
Process payments and prevent billing fraudContract / Legal obligation
Send transactional emails (verifications, alerts, receipts)Contract
Improve the Service, debug, and develop new featuresLegitimate interests
Send product updates and marketing emailsConsent (you can opt out anytime)
Comply with legal obligations (tax, requests from authorities)Legal obligation
Detect, investigate, and prevent abuse or security incidentsLegitimate interests

3.1 AI processing

When you use AI Compose, Repurpose, Brand Voice training, or content scoring, the text you provide is sent to our AI model providers (currently OpenAI and/or Anthropic) for inference. These providers process the text on a zero-retention basis under our enterprise agreements — they do not train their models on your data and do not retain your inputs after generation. We never send your social-platform credentials, billing data, or contact lists to AI providers.

4. Who we share data with

We share personal data only with the following categories of recipients, and only as necessary:

4.1 Subprocessors (service providers acting on our instructions)

ProviderPurposeLocation
Clerk Inc.User authentication and session managementUSA
Stripe, Inc.Payment processing and subscription billingUSA / EU
Render / Railway / AWSApplication and database hostingEU / USA
Cloudflare R2 / AWS S3Media file storageEU / USA
OpenAI / AnthropicAI inference (zero-retention)USA
Resend / PostmarkTransactional email deliveryUSA / EU
SentryApplication error monitoringUSA / EU
PostHogPrivacy-respecting product analyticsEU

A current list of our subprocessors is published at bimerge.online/legal/subprocessors. Customers on Pro and Agency plans receive 30 days' advance notice before we add a new subprocessor.

4.2 Social platforms

When you publish a post or send a reply through Bimerge AI, that content is transmitted to the target social platform (Instagram, Facebook, X, LinkedIn, TikTok, or Pinterest). Each platform's own privacy policy governs how they handle the content once published.

4.3 Legal and safety

We may disclose personal data when required by law, subpoena, or court order; to protect our rights or property; to investigate fraud or abuse; or to ensure user safety, in each case after carefully reviewing the legitimacy of the request.

4.4 Business transfers

If Bimerge AI is involved in a merger, acquisition, financing, or sale of assets, your personal data may be transferred as part of that transaction. We will notify you by email and post a prominent notice in the Service before any such transfer occurs.

We do not sell or rent your personal data, and we never share it for cross-context behavioural advertising.

5. International data transfers

Bimerge AI is operated globally. Personal data may be transferred to, processed in, and stored in countries outside your home country, including the United States. When we transfer personal data from the European Economic Area, the United Kingdom, or Switzerland to a country that has not received an adequacy decision, we use Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented by additional safeguards as appropriate.

6. How long we keep your data

  • Account data — retained while your account is active and for 30 days after closure.
  • Workspace content — retained while your workspace is active; deleted within 30 days of workspace deletion.
  • Billing records — retained for 7 years to comply with tax and accounting laws.
  • Logs and security data — retained for 90 days, or longer if needed to investigate an incident.
  • Backup data — retained for up to 35 days in encrypted backups, after which it is permanently deleted.

7. Your privacy rights

Depending on where you live, you have some or all of the following rights:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — correct inaccurate or incomplete data.
  • Erasure — request deletion of your personal data ("right to be forgotten").
  • Restriction — limit how we process your data.
  • Portability — receive your data in a machine-readable format.
  • Object — object to processing based on legitimate interests, including for marketing.
  • Withdraw consent — withdraw consent for processing that relies on consent.
  • Lodge a complaint — with your national data-protection authority.
  • California / U.S. state-specific rights — under CCPA/CPRA, residents of California, Colorado, Connecticut, Virginia, and Utah have additional rights to access, delete, correct, and opt out of sale or sharing of personal information. We do not "sell" personal information as defined under any state law.

To exercise any of these rights, email privacy@bimerge.online or visit bimerge.online/legal/data-deletion. We respond within 30 days.

8. Children's privacy

Bimerge AI is not directed to children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

9. Security

We protect your data with industry-standard measures, including TLS 1.2+ encryption in transit, AES-256 encryption at rest, hashed passwords, role-based access controls, regular vulnerability scanning, and a published incident-response plan. No internet transmission is 100% secure, but we work continuously to maintain a high security standard. If we become aware of a breach affecting your personal data, we will notify you and the relevant authority within 72 hours where required by law.

10. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email and via an in-product banner at least 14 days before they take effect. The "Last updated" date at the top reflects the current version.

11. Contact us

Bimerge AI
[Registered business address — to be added before launch]
Email: privacy@bimerge.online
Data Protection Officer: dpo@bimerge.online

We use cookies

We use cookies to keep you signed in, remember your preferences, and learn how you use Bimerge AI so we can improve it. We never use cookies for advertising or cross-site tracking. Read our Cookie Policy.