Privacy Policy

Last updated: February 2026

1. Information We Collect

When you use BHOS we collect the following information:

  • Account information — email address and password (or OAuth profile) when you sign up.
  • API keys — keys you provide to connect third-party services. These are encrypted at rest using AES-256-GCM and are never exposed to the browser.
  • Dashboard data — your dashboard layouts, widget configurations, calendar events, notes, and chat messages.
  • Preferences — theme, location, timezone, avatar, and background settings.
  • Usage data — standard server logs including IP address, browser type, and pages visited.

2. How We Use Your Information

  • To provide and maintain the BHOS service.
  • To proxy API requests on your behalf — your API keys are decrypted server-side, used to make the request, and never sent to the browser.
  • To send your data to AI providers (OpenAI, Anthropic, Google, Grok) when you use AI formatting or chat features. Only the data visible in the relevant widget is sent.
  • To improve the service and fix bugs.

3. Data Storage & Security

  • Data is stored in Supabase (PostgreSQL) with Row-Level Security ensuring you can only access your own data.
  • API keys are encrypted with AES-256-GCM before storage and decrypted only on the server at request time.
  • All traffic is served over HTTPS with HSTS enabled.
  • Authentication is handled by Supabase Auth with secure HTTP-only session cookies.

4. Third-Party Services

BHOS integrates with the following third-party services:

  • Supabase — database, authentication, and file storage.
  • Vercel — hosting and deployment.
  • Upstash — rate limiting via Redis.
  • AI providers — OpenAI, Anthropic, Google AI, and Grok when you choose to use AI features.
  • Open-Meteo — weather data (no API key required).

Each third-party service is governed by its own privacy policy. We encourage you to review them.

5. Cookies

BHOS uses essential cookies for authentication and session management. We do not use advertising or analytics cookies.

6. Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your account and all associated data.
  • Export your data in a machine-readable format.

To exercise any of these rights, contact us at the email below.

7. Data Retention

We retain your data for as long as your account is active. If you delete your account, all associated data (dashboards, API connections, chat history, preferences) is permanently removed.

8. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated through the service. Continued use after changes constitutes acceptance.

9. Contact

If you have questions about this Privacy Policy, please contact us at privacy@jetcal.com.