Privacy Policy

Last Updated: Jun 3, 2026

Boson AI ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI voice chat agent demonstration and workspace (the "Service").

We adhere to the principle of Data Minimization. Our Service is designed to collect only the data reasonably necessary to provide, secure, and operate the Service. We do not build user profiles for advertising, nor do we sell your data.

1. Information We Collect

1.1 Information You Provide (Google Login)

We utilize Google OAuth to facilitate a secure and password-less login experience. When you choose to log in via Google, we collect strictly limited information from your Google Profile:

  • Name: We collect your name to personalize the user interface.
  • Email Address: We collect your email address to create your unique account identifier and to communicate with you regarding critical service updates or security notices.

We do not collect or store your Google password. Authentication is handled entirely by Google's secure servers; we only receive an authentication token.

1.2 Voice and Audio Data (Transient Processing)

The core function of our Service is a voice chat agent. When you use the voice features:

  • Transient Processing: Your voice input is streamed to our processing servers solely for the purpose of generating an AI response.
  • No Long-Term Storage: We do not store raw audio files or voice recordings on our servers after the immediate interaction is processed. The audio data is discarded once the conversation is complete.
  • No Biometric Identifiers: We do not create, store, analyze, or maintain "voiceprints," voice geometry, or any biometric templates capable of identifying you. The processing is strictly functional and not for identification or biometric surveillance.

1.3 Technical Usage Data

When you visit, use, or navigate the Service, we automatically collect certain technical information, which may include your IP address, browser and device characteristics, operating system, language preferences, referring URLs, and the timestamp of your visit. Most of this information does not on its own identify you. Some technical data, such as IP address, may be considered personal information under applicable laws. We also maintain a usage counter to enforce free-preview limits; for logged-in users this is associated with your account, and for users who have not logged in it is stored as an identifier in your browser. This data is used to maintain the security and operation of the Service and to enforce usage limits. We do not use it to build advertising or behavioral profiles.

2. Cookies and Local Storage

We use a small number of cookies and similar browser storage technologies that are strictly necessary to operate the Service. We do not use cookies for advertising, cross-site tracking, or behavioral profiling.

Cookie / StoragePurposeSet whenDurationCategory
Session / authenticationKeeps you logged in after you sign in via Google and allows the Service to recognize your authenticated session.After you log in.Session or up to 90 days.Strictly necessary
CSRF protectionHelps protect login, logout, and other account-related actions from cross-site request forgery.When you use authentication-related features.Session or short-term.Strictly necessary
Login callback / redirectRemembers where to send you after Google login or another authentication flow is completed.When you start the login flow or enter the Service from a protected page.Short-term.Strictly necessary
Authentication messageTemporarily stores login, logout, or authentication error messages so they can be shown during the authentication flow.During login, logout, or authentication error flows.Short-term.Strictly necessary
Terms and Privacy acknowledgmentRemembers that you acknowledged our Terms of Service and Privacy Policy so we do not need to show the same notice on every visit.When you continue after seeing the notice.Up to 90 days, or until the Terms or Privacy Policy materially changes.Strictly necessary
Trial usage counterTracks how much of the free preview you have used so we can enforce usage limits. For logged-in users this is tied to your account; for users who have not logged in, it is stored in your browser.On first use of the preview, including before login.90 days.Strictly necessary
Temporary guest identifierTemporarily associates pre-login preview activity, such as generated avatar tasks or videos, with your browser so the Service can provide the preview experience and, if you log in, connect that preview activity to your account.When you use preview features before logging in.Up to 90 days, or until it is no longer needed to provide the preview or complete account linking.Strictly necessary

We use this identifier only to enforce free-preview limits and prevent abuse. We do not use it to track users across websites, measure advertising performance, or build behavioral profiles.

3. How We Use Your Information

We use the information we collect for the following legitimate business purposes:

  • To Provide the Service: To allow you to log in, speak to the AI agent, and receive audio/text responses.
  • To Enforce Usage Limits: To track free-preview usage so that the Service operates as intended.
  • To Maintain Safety and Security: To monitor for fraud, "jailbreaking," "prompt injection" attacks, or other malicious activity that threatens the integrity of our AI models.
  • To Communicate with You: To send you administrative information, such as changes to our terms, conditions, and policies.

4. Google User Data Policy Compliance

Boson AI's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • No Sale of Data: We do not sell your Google user data to third parties.
  • No Advertising: We do not use your Google user data for serving advertisements, including retargeting, personalized, or interest-based advertising.
  • No Creditworthiness Checks: We do not use your Google user data to determine creditworthiness or for lending purposes.
  • Limited Transfer: We do not transfer your Google user data to third parties, except as necessary to provide or improve the user-facing features of the Service (e.g., hosting the app on a cloud provider), to comply with applicable laws, or as part of a merger, acquisition, or sale of assets where the successor entity agrees to respect this policy.

Human access to Google user data is prohibited unless:

  • We obtain your affirmative consent;
  • Access is strictly necessary for security purposes (e.g., investigating abuse, fraud, or technical issues);
  • Access is required to comply with the applicable law; or the data is aggregated and used internally in a way that does not identify any individual user.

5. Data Sharing and Third Parties

We may share information we have collected about you in certain situations. Your information may be disclosed as follows:

  • Service Providers: We may share your data with service providers, or agents who perform services for us or on our behalf and require access to such information to do that work. Examples include cloud hosting services (e.g., AWS) and AI model inference providers (if applicable).
  • Legal Obligations: We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process.

We never transfer Google user data except as permitted under the Google API Services User Data Policy.

6. Data Retention

  • Account Information: We retain your Name and Email Address only for as long as your account is active. If you request deletion of your account, this data is removed from our active databases.
  • Audio Data: As stated in Section 1.2, raw audio data is processed transiently and is not retained at rest.
  • Usage Counter: The free-preview usage counter is retained for up to 90 days, or as otherwise needed to enforce usage limits, prevent abuse, comply with legal obligations, resolve disputes, or enforce our Terms.

7. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

  • Right to Access: You have the right to request a copy of the information we hold about you.
  • Right to Deletion: You have the right to request that we delete your personal information.
  • Right to Rectification: You have the right to correct inaccurate information.

To exercise these rights, please contact us at the email provided below.

Notice to California Residents (CCPA/CPRA):

For the purposes of the California Consumer Privacy Act (CCPA/CPRA), we treat voice input as short-term, transient use. We use a limited usage identifier solely to enforce free-preview limits and prevent abuse, not to track you across services or infer characteristics about you. We do not "sell" or "share" your personal information as defined by the CCPA/CPRA, and we do not collect "Sensitive Personal Information" to infer characteristics about you.

8. Children's Privacy

The Service is not intended for use by children under the age of 18, as required by our Terms. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will delete that information as quickly as possible. If you become aware of any data we may have collected from children under age 18, please contact us.

9. Security of Your Information

We use administrative, technical, and physical security measures to help protect your personal information. While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse.

Where required by Google's OAuth verification program, we undergo security reviews or assessments to maintain access to sensitive or restricted OAuth scopes.

10. Changes to This Privacy Policy

We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the "Last Updated" date of this Privacy Policy. You are encouraged to periodically review this Privacy Policy to stay informed of updates.

11. Contact Us

If you have questions or comments about this Privacy Policy, please contact us at: contact@boson.ai