Bucket AI← Back to site

Legal

Privacy Policy

Effective: June 17, 2026

Bucket Global, Inc. (“Bucket,” “we,” “us,” or “our”) takes your privacy seriously. This Privacy Policy explains how we collect, use, share, and protect Personal Information when you use our website and the services we provide at trybucket.ai(the “Services”). By using the Services you consent to the practices described here.

I. What this Privacy Policy covers

Bucket provides an AI operations agent (“Emma”) that businesses (“Operators”) use to manage customer communications, bookings, payments, and marketing across the channels they choose to connect. This Policy applies to:

“Personal Information” means information that identifies, relates to, or could reasonably be linked to an individual. It does not include aggregated or de-identified information that cannot reasonably be used to identify a person.

II. Lawful basis for processing

Where required by law, we rely on one or more lawful bases to process Personal Information: performance of a contract (providing the Services you or an Operator request); our legitimate interests in operating, securing, and improving the Services; your consent, where applicable (which you may withdraw at any time); and compliance with legal obligations. Where we rely on consent and you withdraw it, we will stop the relevant processing going forward.

III. What information we process

A. Information you provide

When you create an account or use the Services, we process information you provide — such as your name, email address, phone number, password (stored in hashed form), business details, and any content, settings, and records you create or import in the course of using the Services.

B. Information processed automatically

When you access the Services we automatically process certain technical information, such as device and browser data, IP address, log data, and usage information, including through cookies and similar technologies. See “Do Not Track” below.

C. Information from accounts you connect

Operators may connect third-party accounts and platforms — for example messaging, social, calendar, and payment accounts — so that Emma can operate on the Operator’s behalf. When you connect an account, we process the information necessary to provide the features you enable, limited to the access you grant, and only for as long as the connection remains active. See Section VI for how we handle data from connected social and messaging platforms.

D. Communications

We may process the contents of communications handled through the Services — including messages exchanged between an Operator and its customers on connected channels — to provide, secure, and support the Services. We may also contact you with service, security, and administrative messages.

IV. How we use information

Some features rely on automated systems and third-party technology providers to process content and generate responses, suggestions, and summaries. Actions that move money or create binding commitments run through the Operator’s configuration and approval; our automated systems do not charge a customer on their own.

V. How we share information

We do not sell Personal Information. We share it only as described below.

A. Service providers

We engage service providers to perform functions on our behalf — such as hosting and infrastructure, data storage, payment processing, communications delivery, analytics, security, and technology services that power the Services. Service providers may access Personal Information only to perform these functions for us and are bound to protect it. We may change the service providers we use at our discretion.

B. Connected platforms

When an Operator connects a third-party platform, information is exchanged with that platform as needed to provide the connected feature, in accordance with that platform’s terms.

C. Business transfers

If we are involved in a merger, acquisition, financing, or sale of assets, Personal Information may be transferred as part of that transaction, subject to this Policy or a successor policy.

D. Legal and protection

We may disclose information where we reasonably believe it is necessary to comply with law or legal process, enforce our agreements, or protect the rights, property, or safety of Bucket, our users, or others.

E. With your consent

We may share information for other purposes with your consent.

VI. Connected social & messaging platforms

Operators may connect social and messaging platforms — including Meta platforms such as Facebook, Instagram, and WhatsApp — so that Emma can send and receive messages, and, where the Operator enables it, publish posts and manage comments on the Operator’s own accounts. Information obtained through these platforms is used solely to provide the features the Operator has enabled, in accordance with the applicable platform terms (including the Meta Platform Terms and Developer Policies). We do not sell this information and do not use it for advertising. We retain it only as long as needed to provide the Services or as required by law, and you may request its deletion at any time — see our Data Deletion page.

VII. Security

We maintain administrative, technical, and organizational safeguards designed to protect Personal Information, including encrypted transport, hashed credentials, scoped access, and least-privilege access controls. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

VIII. Information you can access

Through your account settings you can access and update much of the information associated with your account. You may also contact us to request access to, correction of, or deletion of your Personal Information, as described below.

IX. Your rights

Depending on where you live, you may have rights to access, correct, delete, port, or restrict the processing of your Personal Information, and to object to certain processing or withdraw consent. To exercise these rights, contact go@trybucket.ai. We will not discriminate against you for exercising your rights.

European Union / United Kingdom

If you are in the EU or UK, you have the rights described above under the GDPR and UK GDPR. You also have the right to lodge a complaint with your local supervisory authority. Where we process Customer information on behalf of an Operator, the Operator is the controller and we act as its processor; please direct such requests to the relevant Operator, and we will assist as needed.

California

If you are a California resident, you have rights under the CCPA/CPRA to know, access, delete, and correct your Personal Information, and to opt out of any “sale” or “sharing” of it. We do not sell or share Personal Information as those terms are defined under the CCPA/CPRA. To exercise your rights, contact us using the details below.

X. Retention

We retain Personal Information for as long as your account is active or as needed to provide the Services. We retain booking and transaction records as required for tax, accounting, fraud-prevention, and legal purposes, after which we delete or de-identify information we are not required to keep.

XI. Children

The Services are not directed to children, and we do not knowingly collect Personal Information from anyone under 18. If you believe a minor has provided us information, contact us and we will delete it.

XII. Do Not Track

We use strictly-necessary cookies for authentication and a limited set of analytics cookies to operate and improve the Services. We do not use third-party advertising cookies. Because there is no common industry standard for “Do Not Track” signals, we do not currently respond to them.

XIII. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Changes take effect when posted, as indicated by the “Effective” date above, and we will provide additional notice where required.

XIV. Questions or concerns

Bucket Global, Inc. — 1080 Folsom St, San Francisco, California 94103, USA. Contact go@trybucket.ai with any privacy questions or requests.