Privacy Policy

Effective date: 30 January 2026 · Version 1.0

1. Introduction

Bublii ("we", "our", or "us") operates the Bublii mobile application, an AI-powered conversation coaching platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use Bublii.

We are committed to complying with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth), the EU General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA) where applicable.

By creating an account or using Bublii, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our service.

2. Information We Collect

2.1 Information you provide directly

When you create an account and use Bublii, we collect:

  • Name and email address (from your Google or Apple sign-in)
  • Conversation content you enter during coaching sessions
  • Feedback you provide on AI responses (thumbs up/down ratings)
  • Coaching preferences and goals you share during sessions

2.2 Information collected automatically

We automatically collect certain information to operate and improve our service:

  • Device type, operating system, and app version
  • Usage patterns (e.g. screens viewed, features used, session frequency)
  • Error and crash reports
  • Anonymous analytics events (e.g. conversation created, insights viewed)

2.3 Information we do not collect

We do not collect precise geolocation data, biometric data, contacts, photos, or audio/video recordings. We do not access your device camera or microphone.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Deliver coaching services — process your conversation input through our AI system and provide personalised coaching responses, insights, and progress tracking
  • Improve our service — analyse anonymised usage patterns to enhance the app experience, fix bugs, and develop new features
  • Communicate with you — send technical notices, security alerts, and support messages
  • Ensure security and compliance — detect and prevent fraud, abuse, or unauthorised access, and comply with legal obligations

Legal bases for processing (GDPR)

Where the GDPR applies, we process your data on the following legal bases: (a) contract performance — to provide the coaching service you signed up for; (b) legitimate interests — to improve our service and ensure security; (c) consent — where you opt in to optional features; (d) legal obligation — to comply with applicable laws.

4. AI Processing and Data Security

4.1 AI providers

Your conversation content is processed by third-party AI providers to generate coaching responses:

  • Anthropic (Claude) — processes your conversation messages to generate coaching responses. Anthropic does not use your data to train its models. Data is not retained beyond 30 days per their data processing terms.
  • OpenAI — used solely for generating text embeddings (semantic search) to help the AI recall relevant context from your past conversations. OpenAI does not use API data to train its models.

We do not use your conversation data to train or fine-tune AI models. Your coaching sessions remain private and are not shared with other users.

4.2 Security measures

We implement industry-standard security measures to protect your data:

  • TLS encryption for all data in transit
  • AES-256 encryption for data at rest
  • SSL certificate pinning on mobile to prevent man-in-the-middle attacks
  • Authentication tokens stored in platform-native secure storage (iOS Keychain, Android EncryptedSharedPreferences)
  • Rate limiting and input validation on all API endpoints
  • Security headers (HSTS, X-Content-Type-Options, X-Frame-Options)

4.3 Data hosting

Your data is stored on servers hosted by Amazon Web Services (AWS) in the ap-southeast-2 (Sydney, Australia) region. AWS maintains ISO 27001, SOC 2, and other industry certifications.

5. Data Sharing and Disclosure

We do not sell your personal information. We do not share your conversation content with any third party except as necessary to provide the service (i.e. AI processing as described in Section 4).

We may share limited information with the following categories of service providers:

  • Infrastructure — AWS (hosting and database), Supabase (authentication and database management)
  • AI processing — Anthropic (coaching responses), OpenAI (text embeddings)
  • Analytics — PostHog (anonymised usage analytics — we hash all user identifiers before sending, so PostHog never receives your email or account ID)
  • Error monitoring — Sentry (crash reports and error diagnostics)

We may also disclose your information:

  • When required by law, regulation, or legal process
  • To protect the rights, safety, or property of Bublii, our users, or the public
  • In connection with a merger, acquisition, or sale of assets (you would be notified)

6. Data Retention

We retain your data for as long as necessary to provide our service:

  • Account data — retained while your account is active and for up to 12 months after deletion for legal and compliance purposes
  • Conversation data — retained for up to 24 months to support coaching insights and continuity, then automatically deleted
  • Backups — data in backups is purged within 90 days of account deletion
  • Analytics data — anonymised and cannot be linked back to your account

You can delete your account at any time from the Profile screen in the app. Account deletion permanently removes your profile, all conversations, and all messages.

7. Your Privacy Rights

7.1 Australian residents

Under the Australian Privacy Principles, you have the right to access, correct, or request deletion of your personal information. If you are unsatisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

7.2 EU/EEA/UK residents (GDPR)

If you are located in the EU, EEA, or UK, you have additional rights including:

  • Right of access to your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict or object to processing
  • Right to data portability
  • Right to withdraw consent at any time

You may exercise these rights through the in-app account deletion feature or by contacting us at the address below.

7.3 California residents (CCPA)

If you are a California resident, you have the right to know what personal information we collect, request its deletion, and opt out of the sale of personal information. We do not sell personal information. To exercise your rights, contact us at the address below.

7.4 Exercising your rights

You can delete your account directly in the app (Profile → Delete Account). For all other privacy requests, email us at founders@bublii.ai. We will respond to all requests within 30 days.

8. International Data Transfers

Your data is primarily stored in Australia (AWS ap-southeast-2). However, some data may be transferred to other countries for processing by our AI and service providers:

  • United States — Anthropic (AI processing), OpenAI (text embeddings)
  • European Union — PostHog (anonymised analytics), Sentry (error monitoring)

Where data is transferred outside your jurisdiction, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) and Data Processing Agreements (DPAs) with our providers.

9. Cookies and Tracking Technologies

Bublii is a mobile application and does not use browser cookies. We use the following technologies:

  • Essential — authentication tokens stored in secure device storage to keep you signed in
  • Analytics — anonymised usage events sent to PostHog to help us understand how the app is used

We do not use advertising cookies or trackers. We do not participate in cross-app or cross-site tracking.

10. Children's Privacy

Bublii is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a person under 18, we will delete that information promptly. If you believe a child has provided us with personal information, please contact us at founders@bublii.ai.

11. Third-Party Links

Our app may contain links to third-party websites or services. We are not responsible for the privacy practices or content of those third parties. We encourage you to review the privacy policies of any third-party services you access.

12. Important Disclaimers

Not a mental health service

Bublii is an AI-powered conversation coaching tool. It is not a substitute for professional mental health services, therapy, counselling, or medical advice. If you are experiencing a mental health crisis, please contact your local emergency services or a crisis helpline:

  • Australia: Lifeline — 13 11 14 | Beyond Blue — 1300 22 4636
  • United States: 988 Suicide & Crisis Lifeline — 988
  • United Kingdom: Samaritans — 116 123
  • New Zealand: Lifeline — 0800 543 354

Not legal or HR advice

Bublii does not provide legal, employment, or human resources advice. Coaching responses are generated by AI and should not be relied upon as professional guidance.

AI limitations

AI-generated responses may be inaccurate, incomplete, or inappropriate. Bublii is designed to help you think through conversations — it does not guarantee outcomes. You are responsible for your own decisions and communications.

13. Apple App Store Requirements

In accordance with Apple's App Store guidelines:

  • We comply with the App Tracking Transparency framework — we do not track you across other apps or websites
  • We practise data minimisation and only collect information necessary to provide our service
  • You can delete your account and all associated data at any time from within the app

14. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will provide at least 30 days' notice via email or in-app notification before the changes take effect. We encourage you to review this policy periodically. The "Effective date" at the top of this page indicates when the policy was last revised.

15. Contact Us

If you have any questions about this Privacy Policy, your personal data, or wish to exercise your privacy rights, please contact us:

Email: founders@bublii.ai

We aim to respond to all enquiries within 5 business days.

← Back to Home