Privacy Policy
Bollong.AI (“we,” “us,” or “Bollong”) operates the Bollong.AI platform, including the apex site at bollong.aiand the products MedValidator, MakeVsBuy, Med Journey AI, and Entrepreneur’s Journey. This Privacy Policy describes the information we collect, how we use it, and the choices you have.
1. Two surfaces, two privacy postures
Bollong.AI provides both anonymous free tools and authenticated paid workspaces. Our data collection differs based on which you use.
Anonymous free tools (e.g., MedValidator at medvalidator.bollong.ai)
When you use a free tool without signing in, we do not require an account and we do not store your searches, the inputs you provide, or the outputs we generate for you on our servers. Your work happens within your browser session and disappears when you close the tab. We do not place analytics trackers on these surfaces. Public data sources we query on your behalf (FDA openFDA, PubMed, ClinicalTrials.gov, USPTO) may log the requests we send, but those requests are not personally identifying.
Paid workspaces (e.g., Med Journey AI, Entrepreneur’s Journey)
When you create an account at app.bollong.ai, we collect and store information to provide the service. Section 2 below details what, and Section 3 details how.
2. Information we collect
Account information. When you create an account, we collect your email address, an authentication credential (password hash or third-party identity-provider token for Google/Apple/Microsoft sign-in), and your full name if you choose to provide it.
Subscription and billing information. When you start a paid subscription, our payment processor (Stripe) collects your payment-method details directly. Bollong.AI receives only the subscription status, plan, and billing identifiers (Stripe customer and subscription IDs). We do not see or store your payment-card number.
Content you create in paid workspaces. Searches you save, reports you generate, notes you take, files you upload, and the structured data you enter into workspace cards are stored in our database (Supabase) and associated with your account. You own this content; we hold it on your behalf to provide the service.
Usage data. We log basic API usage and error events to keep the service running and to debug problems. This includes timestamps of actions you take, endpoints accessed, and errors encountered. We do not use this data for advertising.
Cookies and similar technologies. We use essential cookies and local-storage entries to keep you signed in and to remember your session preferences. We do not currently use third-party advertising cookies or cross-site trackers.
3. How we use information
- To provide, maintain, and improve the Bollong.AI services
- To authenticate you and protect your account
- To process subscription billing through Stripe
- To send transactional emails about your account (welcome, password reset, billing, security alerts) via AWS SES
- To respond to your support requests
- To comply with legal obligations
We do not sell personal information. We do not share personal information with third parties for their own marketing purposes.
4. Subprocessors
To operate Bollong.AI we rely on the following subprocessors, each with their own privacy practices:
- Supabase — database and authentication (data hosted in the United States)
- Stripe — payment processing
- Vercel — web hosting
- Amazon Web Services (SES) — transactional email delivery
- Anthropic — AI-generated report content; prompts and outputs may be processed by Anthropic per their data-handling policies
- HubSpot — customer-relationship records (your email address, account creation date, and subscription status; used to provide support and to keep our internal account view consistent)
- Sentry — application error tracking. When an error occurs in the Service, a sanitized diagnostic event (URL, browser type, anonymized stack trace) is sent to Sentry. We disable the “send personally identifiable information” flag in our Sentry configuration.
- Google Workspace — staff email and identity infrastructure
5. Your rights and choices
Access and export. You can view the information we hold about you by signing in to your account. To receive a machine- readable export of all your account data, email us at the address in Section 9.
Deletion. You can delete your account at any time from your account page. Deletion removes your profile, saved searches, and content. We retain billing records as required by tax and accounting law for the applicable retention period (in the United States, typically seven years).
Marketing communications. We do not currently send marketing email. If we begin to, every message will include an unsubscribe link and we will honor opt-outs.
California residents. If you reside in California, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we have collected, the right to delete it, and the right to non-discrimination for exercising these rights. Contact us at the address in Section 9.
European Union residents. If you reside in the EU/EEA, you have rights under the General Data Protection Regulation (GDPR), including access, rectification, erasure, restriction of processing, data portability, and objection. The legal basis for processing your data is the contract you have with Bollong.AI (Article 6(1)(b) GDPR) or your consent (Article 6(1)(a) GDPR). Contact us at the address in Section 9.
6. Data retention
We retain your account data for as long as your account is active. On account deletion we remove personal data within 30 days, except where retention is required by law (e.g., tax records).
7. Security
We use industry-standard measures to protect your information including encryption in transit (TLS) and at rest, role-based access controls, and authenticated database access. No system is perfectly secure; we cannot guarantee absolute protection.
8. Children
Bollong.AI is not directed to children under 13. We do not knowingly collect personal information from children. If we learn we have collected information from a child under 13, we will delete it.
9. Contact us
For privacy questions or to exercise your rights, email privacy@bollong.ai.
10. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes we will notify you by email or by a notice on the service before the changes take effect. The “Last updated” date at the top of this page reflects the most recent revision.