Personal Data
“Personal Data” is information that identifies you as an individual or relates to an identifiable individual, including:
Full name and title
Postal address (including billing and shipping addresses)
Email address
Date of birth
We may need to collect and process these types of Personal Data in order to provide the requested Services to you, or because we are legally required to do so, or because such information is of particular importance to us and we have a specific legitimate interest under law to process it. We have a legitimate interest in collecting and processing Personal Data: for example: (1) to ensure that our networks and information are secure; (2) to administer and generally conduct business; and (3) to prevent fraud. If you do not provide the information that we request, we may not be able to provide you with the requested Services.
AI‑Powered Services & Data Handling
When you use Biscotte’s AI‑powered tools, including those powered by large language models (“LLMs”):
AI Inputs: Any content (text, images, documents, code, etc.) you provide to our AI tools.
AI Outputs: Any content generated by our AI tools in response to your AI Inputs.
Ownership: You retain all rights to your AI Inputs. To the extent permitted by law, you own the AI Outputs or are granted a perpetual, royalty‑free license to use them. Biscotte retains all rights in its models, software, and infrastructure.
Training Use: We will not use your AI Inputs or Outputs to train or improve our models unless you explicitly opt in. If you do opt in, only aggregated and anonymised data (with personal and confidential information removed) will be used.
Confidentiality: AI Inputs and Outputs are treated as confidential. Unless you opt in for training, they will be retained no longer than 90 days after termination of your account, and you may request earlier deletion at any time (fulfilled within 30 days).
Limitations & Risks: AI Outputs are provided “as‑is” and may be inaccurate, biased, or incomplete. You should independently verify important information before relying on AI Outputs. Biscotte disclaims liability for decisions made based on AI Outputs.
No High‑Risk Use: You agree not to use AI Outputs in situations where their inaccuracy could result in death, personal injury, or significant property or environmental damage, or in any high‑risk domains including but not limited to medical diagnosis, legal advice, financial decision‑making, or safety‑critical systems, without independent professional verification.
Collection of Personal Data
We and our service providers may collect Personal Data in a variety of ways, including:
Through the Services: We may collect Personal Data through the Services, including when you use our AI‑powered tools and provide AI Inputs.
From Other Sources: We may receive your Personal Data from other sources, such as public databases, joint marketing partners, social media platforms (including from people with whom you are friends or otherwise connected) and from other third parties.
If you disclose any Personal Data relating to other people to us or to our service providers in connection with the Services, you represent that you have the authority to do so and to permit us to use such Personal Data in accordance with this Privacy Policy.
Use of Personal Data
We and our service providers may use Personal Data (i) to perform our contract with you; and (ii) for our legitimate business interests, including the following:
To respond to your inquiries and fulfill your user requests.
To send administrative information to you, such as changes to our terms, conditions and policies, as well as marketing communications that we believe may be of interest.
For our business purposes, such as data analysis, audits, fraud monitoring and prevention, developing new products, enhancing, improving or modifying our Services (including AI models where you have opted in for training), identifying usage trends, determining the effectiveness of our promotional campaigns, and operating and expanding our business activities .
Disclosure of Personal Data
Your Personal Data may be disclosed:
To our third party service providers who provide services such as website hosting, data analysis, payment processing, information technology and related infrastructure provision, email delivery, postal delivery, auditing and other services, including providers that support our AI‑powered tools.
To our third party brand partners, to permit them to send you marketing communications, consistent with your choices if you have opted into such sharing.
Other Uses and Disclosures
We may also use and disclose your Personal Data as we believe to be necessary or appropriate: (a) to comply with applicable law, which may include laws outside your country of residence, to respond to requests from public and government authorities, which may include authorities outside your country of residence, to cooperate with law enforcement, or for other legal reasons; (b) to enforce our terms and conditions; (c) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (d) to protect your vital interests or the vital interests of another person.
In addition, we may use, disclose or transfer your Personal Data to a third party in the event of any reorganisation, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets, shares or stock (including in connection with any insolvency, bankruptcy or similar proceedings) .
Phone number for SMS use
Some of our Services offer you the ability to receive a link to a page via SMS. If we do request your phone number to send you a link, we will only use your phone number once and will use it send you the requested link. Once your link has been sent, we will immediately delete your phone number. If at any point you request a new link, we will request your phone number again and delete after sending the link via SMS.
Other Information
“Other Information” is any information that is not Personal Data and does not reveal your specific identity or does not directly relate to an identifiable individual, such as:
Certain browser and device information.
Certain app usage data.
Information collected through cookies, pixel tags and other technologies.
Demographic information and other information provided by you that does not reveal your specific identity.
Information that has been aggregated in a manner that it no longer reveals your specific identity.
AI Usage Metadata: When you use our AI tools, we may collect metadata such as prompt length, frequency of use, and feature selections. This metadata does not include your AI Inputs or Outputs unless you have opted in for training.
If we are required to treat Other Information as Personal Data under applicable law, then we may use and disclose it for the purposes for which we use and disclose Personal Data as detailed in this Policy. For example, information such as IP address and location data constitutes Personal Data under the law applicable in EU jurisdictions.
Collection of Other Information
We and our service providers may collect Other Information in a variety of ways, including:
Through your browser or device: Certain information is collected by most browsers or automatically through your device, such as your Media Access Control (MAC) address, device type (Alexa or Google), screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type and version and the name and version of the Services (such as the App) you are using. We use this information to ensure that the Services function properly.
Through your use of the App: When you download and use the App, we and our service providers may track and collect App usage data, such as the date and time the App on your device accesses our servers and what information and files have been downloaded to the App based on your device number.
Using cookies: Cookies are pieces of information stored directly on the computer that you are using. Cookies allow us to collect information such as browser type, time spent on the Services, pages visited, language preferences, and other anonymous traffic data. We and our service providers use the information for security purposes, to facilitate navigation, to display information more effectively, and to personalise your experience. We also gather statistical information about use of the Services in order to continually improve their design and functionality, understand how they are used and assist us with resolving questions regarding them. If you do not want information collected through the use of cookies, most browsers allow you to automatically decline cookies or be given the choice of declining or accepting a particular cookie (or cookies) from a particular website. You may also wish to refer to http://www.allaboutcookies.org/manage-cookies/index.html. If, however, you do not accept cookies, you may experience some inconvenience in your use of the Services.
IP Address: Your IP address is automatically assigned to your computer by your Internet Service Provider. An IP address may be identified and logged automatically in our server log files whenever a user accesses the Services, along with the time of the visit and the page(s) that were visited. Collecting IP addresses is standard practice and is done automatically by many websites, applications and other services. We use IP addresses for purposes such as calculating usage levels, diagnosing server problems and administering the Services. We may also derive your approximate location from your IP address .
Analytics: We use Analytics, which uses cookies and similar technologies to collect and analyse information about use of the Services and report on activities and trends. This service may also collect information regarding the use of other websites, apps and online resources.
Uses and Disclosures of Other Information
We may use and disclose Other Information for any purpose, except where we are required to do otherwise under applicable law. In some instances, we may combine Other Information with Personal Data. If we do, we will treat the combined information as Personal Data as long as it is combined.
Third Party Services
This Privacy Policy does not address, and we are not responsible for, the privacy, information or other practices of any third parties, including any third party operating any website or service to which the Services link. The inclusion of a link on the Services does not imply endorsement of the linked site or service by us or by our affiliates.
In addition, we are not responsible for the information collection, use, disclosure or security policies or practices of other organisations, such as Amazon, Facebook, Apple, Google, Microsoft or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider or device manufacturer, including with respect to any Personal Data you disclose to other organisations through or in connection with the Apps or our Social Media Pages.
Security
We seek to use reasonable organisational, technical and administrative measures to protect Personal Data within our organisation, including AI Inputs and Outputs handled through our AI‑powered tools. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “Contacting Us” section below.
Choices and Access
Your choices regarding our use and disclosure of your Personal Data.
We give you choices regarding our use and disclosure of your Personal Data for marketing purposes. You may opt-out from:
Receiving electronic communications from us: If you no longer want to receive marketing-related emails from us on a going-forward basis, you may opt-out by replying to the email or by contacting us at:
We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you important administrative messages, from which you cannot opt-out.
How you can access, change or suppress your Personal Data
If you would like to review, correct, update, suppress, restrict or delete Personal Data that you have previously provided to us, or if you would like to receive an electronic copy of your Personal Data for purposes of transmitting it to another company (to the extent this right to data portability is provided to you by applicable law), you may contact us by emailing:
In your request, please make clear what Personal Data you would like to have changed, whether you would like to have your Personal Data suppressed from our database or otherwise let us know what limitations you would like to put on our use of your Personal Data. For your protection, we may only implement requests with respect to the Personal Data associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable.
Please note that we may need to retain certain information for record keeping purposes. There may also be residual information that will remain within our databases and other records, which will not be removed.
Retention Period
We will retain your Personal Data for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law.
AI Data Retention: Unless you have opted in for training, AI Inputs and Outputs are retained for no longer than 90 days after termination of your account. You may request earlier deletion, and we will comply within 30 days.
Use of Services by children
The Services are not directed to individuals under the age of 16, and we do not knowingly collect Personal Data from individuals under 16.
Jurisdiction and Cross-Border Transfer
Your Personal Data may be stored and processed in any country where we have facilities or in which we engage service providers, and by using the Services you consent to the transfer of information to countries outside of your country of residence which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Data.
If you are located in the EEA: Some of the non-EEA countries are recognized by the European Commission as providing an adequate level of data protection according to EEA standards (the full list of these countries is available here: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm. For transfers from the EEA to countries not considered adequate by the European Commission, we have put in place adequate measures, such as standard contractual clauses adopted by the European Commission and binding corporate rules to protect your Personal Data. You may obtain a copy of these measures by contacting:
Sensitive Information
We ask that you not send us, and you not disclose, any sensitive Personal Data (e.g., national insurance or social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the Services or otherwise to us.
Updates to this Privacy Policy
We may change this Privacy Policy. The “Last Updated” legend at the top of this Privacy Policy indicates when this Privacy Policy was last revised. Any changes will become effective when we post the revised Privacy Policy on the Services. Your use of the Services following these changes means that you accept the revised Privacy Policy.
Contacting Us
Because email communications are not always secure, please do not include credit card or other sensitive information in your emails to us.
Additional Information for individuals in the EEA
If you are located in the EEA, you also may:
Contact us at info@biscotte.ai with any questions about this Privacy Policy
Lodge a complaint with a supervisory authority competent for your country or region
