Terms of Use — Bilby

Plain-English Summary Start here

This is a genuine summary, not a substitute for the full terms below — but it covers everything most people need to know.

💬

Your conversations go to Anthropic

Every message you send is processed by Claude (made by Anthropic). Anthropic's API processes your messages to generate responses. We don't control their infrastructure.

🔐

Credentials are encrypted

When you connect Google, Xero, or Outlook, your access tokens are encrypted before being stored. Passwords are never stored — only a secure hash is retained.

🏗️

Hosted on secure cloud infrastructure

Our servers and database run on enterprise cloud infrastructure with disk-level encryption and physical access controls. Your data is stored on their platform and subject to their infrastructure security.

📋

We store your messages and tasks

Conversation history and tasks are stored in our database so Bilby remembers context across sessions. We don't sell this data or use it to train AI models.

🔗

Third-party integrations are opt-in

Connecting Google, Xero, Stripe, or Outlook is entirely optional. You can disconnect any integration at any time from the sidebar.

🧪

This is a beta product

Bilby is in early access. It may have bugs, downtime, or changes without notice. Don't rely on it for anything critical without a backup plan.

1. About Bilby

Bilby ("we", "us", "our") is an AI-powered business assistant available at bilbyai.co and via WhatsApp and SMS. By creating an account or using the service, you agree to these Terms of Use.

Bilby is currently in closed beta. Features may change, be removed, or be unavailable without prior notice.

2. Accounts and Access

You must provide a valid email address to create an account. You are responsible for keeping your credentials secure. Each account is for a single business or individual — account sharing is not permitted.

We reserve the right to suspend or terminate accounts that violate these terms or that we reasonably believe are being misused.

3. Data We Collect and Store

Account information

Email address (used for login and transactional email)
Name and business name (provided during onboarding)
Timezone and notification preferences
Phone number (if you connect WhatsApp or SMS)

Usage data

Full conversation history between you and Bilby, including tool call results
Tasks you create and their status
Integration connection status and timestamps

Integration credentials

When you connect third-party services (Google, Xero, Outlook, Stripe), we store the OAuth access and refresh tokens returned by those services. These tokens are encrypted at rest before being written to the database. Encryption keys are stored separately from the database.

What we do NOT store

Email content, calendar events, or documents from connected services — these are fetched on demand and only held in memory during a request
Payment card details — Stripe handles all card data directly
Passwords in plain text — passwords are hashed using a secure one-way algorithm before storage

4. AI Processing (Anthropic / Claude)

Important: Every message you send to Bilby is transmitted to Anthropic's API (Claude) for processing. This includes the text of your messages, relevant conversation history, and tool call results that contain data fetched from your connected services.

Anthropic processes this data to generate responses on our behalf. We use Anthropic's API under their commercial terms. Anthropic does not use API-submitted data to train their models by default — see anthropic.com/privacy for their current policy.

Bilby uses prompt caching to reduce latency and cost. Cached prompts may be retained by Anthropic's infrastructure for up to one hour per their caching policy.

We use OpenAI's Whisper API for voice-to-text transcription and their TTS API for voice responses. Audio data is transmitted to OpenAI for processing and is subject to their terms.

5. Third-Party Services

Bilby integrates with the following third-party services. Data is only sent to a service when you have connected it or when it is required to operate Bilby's core infrastructure.

Service Purpose Data transmitted

Anthropic

AI response generation (required)

All messages, conversation history, tool results

OpenAI

Voice transcription & text-to-speech

Audio recordings, text for TTS

Cloud infrastructure provider

Hosting & database (required)

All stored data (database, logs)

Resend

Transactional email

Your email address, email content

Twilio

WhatsApp & SMS delivery (if connected)

Phone number, message content

Google

Gmail, Calendar, Contacts, Docs, Sheets (if connected)

OAuth tokens; on-demand access to your Google data

Xero

Accounting & invoicing (if connected)

OAuth tokens; on-demand access to your Xero organisation

Stripe

Payments & invoicing (if connected)

OAuth tokens; payment and customer data via Stripe API

Microsoft

Outlook email & calendar (if connected)

OAuth tokens; on-demand access to your Outlook data

Google Maps

Location lookup for scheduling & search

Place names and addresses you provide

Each third-party service has its own privacy policy and terms. We are not responsible for how they handle data on their own infrastructure.

6. Security

Data protection

Integration credentials (OAuth tokens) are encrypted before being stored in the database
Passwords are never stored — only a secure one-way hash is retained
The database runs on enterprise cloud infrastructure with disk-level encryption applied at the storage layer

Encryption in transit

All connections to Bilby use HTTPS/TLS
All outbound API calls to third-party services use HTTPS

Authentication

Sessions are managed using signed, expiring tokens
Magic links and password reset tokens are single-use and short-lived
Rate limiting is applied to authentication endpoints to mitigate brute-force attempts

Multi-tenancy

All data access is scoped to your account. One account cannot access another account's data through normal use of the application.

7. Data Retention and Deletion

We retain your data for as long as your account is active. If you close your account, we will delete your account data including conversation history, tasks, and stored credentials within 30 days.

To request account deletion, contact us at hello@bilbyai.co. We will confirm deletion within 5 business days.

Backups may retain data for up to an additional 30 days after deletion from the live database.

8. Beta Service Disclaimer

Bilby is provided as a beta service. It is offered as-is, without warranties of any kind. We do not guarantee uptime, accuracy of AI responses, or continuity of any feature. Do not use Bilby as a sole record-keeping system for critical business data.

AI-generated responses may be incorrect, incomplete, or outdated. Always verify important information — particularly financial figures, dates, and contact details — from the source system (Xero, Google, Stripe, etc.).

9. Acceptable Use

You agree not to use Bilby to:

Attempt to access another user's data or bypass authentication
Send automated or bulk requests beyond normal personal assistant use
Use the service in any way that violates applicable law
Attempt to reverse-engineer, probe, or test the security of the platform

10. Changes to These Terms

We may update these terms from time to time. If we make material changes, we will notify you via email or an in-app notice before the changes take effect. Continued use of Bilby after changes constitutes acceptance of the updated terms.

11. Contact

Questions about these terms or your data? Email us at hello@bilbyai.co.