Privacy Policy

Who is responsible

BASE AI is operated by TRADE ESTATE SE, Czech Republic. For privacy questions, data requests, or GDPR requests, contact privacy@base-ai.app. For security reports, contact security@base-ai.app.

What BASE stores

• Account data: email, name, password hash, language, country, currency, subscription state, settings, and consent choices.
• Workspace data: agent messages, tasks, reminders, notes, call briefs, contacts you add, and preferences you save.
• Document data: uploaded files, receipts, extracted text, metadata, categories, and user corrections.
• Finance and wellness data: records, summaries, goals, and analysis that you choose to add or request.
• Action Agent data: call instructions, selected contacts, call status, call metadata, and transcripts where the call feature is used.
• Technical data: IP address, device/browser information, logs, error reports, security events, rate-limit events, and product diagnostics.

Why we process data

• To provide the app, agents, account access, subscriptions, support, and user-requested AI workflows.
• To process payments, invoices, trial periods, call minutes, and fraud or abuse controls.
• To improve reliability, diagnose errors, secure the service, prevent misuse, and maintain operational logs.
• To send transactional email such as verification, password reset, billing, and security notices.
• To comply with legal obligations and respond to lawful requests where required.

Legal bases under GDPR

• Contract: to create your account, provide BASE features, process subscriptions, and deliver support.
• Consent: optional permissions, non-essential analytics, browser notifications, and integrations where consent is requested.
• Legitimate interests: security, fraud prevention, service reliability, abuse detection, product diagnostics, and internal analytics where allowed.
• Legal obligation: tax, accounting, billing, compliance, and lawful request handling.

AI processing and agent sharing

BASE sends the minimum useful context to AI and infrastructure providers so they can process the task you requested. Document, Finance, Wellness, Organizer, Mentor, and Action contexts are treated as separate surfaces. Sensitive details should not be passed from one agent to another unless you confirm the action.

Calls and voice features

• Action Agent may use voice, telephony, and AI providers to place or prepare calls you request.
• BASE does not intentionally store full call audio. Call transcripts, call status, and metadata may be stored to show history, support billing, prevent abuse, and improve reliability.
• Call transcripts are designed to be cleaned up after 30 days unless a shorter or longer period is required for support, safety, legal, billing, or abuse-prevention reasons.
• You are responsible for using call features lawfully, including any consent rules that apply in the country of the caller and recipient.

Cookies and analytics

Essential cookies and local storage keep the app logged in, secure, and functional. Non-essential analytics, including Microsoft Clarity session diagnostics, should load only after you give consent. You can change cookie choices later from Profile under Data & privacy.

Service providers

BASE uses infrastructure, AI, payment, email, analytics, storage, and voice providers to operate the service. Some providers are used only when the related feature is enabled or when you choose to use it.

See the current public list on the subprocessors page.

Retention

• Account and workspace data are kept while your account is active, then deleted or anonymized after account deletion unless retention is required for legal, billing, security, or support reasons.
• Uploaded documents are kept until you delete them or delete your account, subject to backup and operational retention windows.
• Call transcripts are designed for 30-day cleanup. Call metadata may be kept longer for billing, security, support, and abuse prevention.
• Payment and invoice records are retained as required by tax, accounting, fraud-prevention, and payment-provider rules.
• Security and operational logs are retained for a limited period needed to protect the service and investigate incidents.

Your rights and controls

• Export your account data from Profile where the export feature is available.
• Delete your account and stored app data from Profile where deletion is available.
• Request access, correction, deletion, restriction, portability, or objection by contacting privacy@base-ai.app.
• Withdraw consent for optional processing where consent is the legal basis.
• Contact the Czech supervisory authority, UOOU, if you believe your GDPR rights have not been respected.

International transfers

BASE is designed for EU-aware processing and uses EU-region infrastructure where practical. Some subprocessors may process data outside the European Economic Area. Where required, BASE relies on appropriate safeguards such as Data Processing Agreements, Standard Contractual Clauses, and provider security controls.