Back to home

Privacy Policy

Last updated: April 2026

BuzzBot is built on a simple premise: the less data we hold, the less there is to misuse or lose. This policy explains exactly what we collect, why, how we store it, and what we never touch.

What we collect

Account information

When you sign in with Apple, we receive your Apple-generated user identifier and, if you choose to share it, your name and email address. We use your email address only to send transactional messages (account notices, support replies). We do not send marketing email.

Your BuzzBot phone number

We store the Twilio phone number assigned to your account. This is necessary to route intercom calls to BuzzBot on your behalf.

Your real forwarding number

To forward unresolved calls, we store the phone number you provide as your fallback. This number is encrypted at rest and never shared with any third party other than Twilio for the purpose of completing the forwarded call.

Gmail OAuth credentials

When you connect your Gmail account, we receive OAuth 2.0 access and refresh tokens from Google. These tokens are encrypted with AES-256-GCM before being written to our database. The encryption key is stored separately from the database. We use these tokens only to query Gmail for delivery confirmation emails on your behalf.

Call metadata

When BuzzBot handles an intercom call, we log:

  • Timestamp of the call
  • Outcome (auto-buzzed, manually approved, denied, forwarded)
  • The carrier or matched name that triggered the outcome (e.g. “UPS”)
  • Call duration

This metadata powers the activity feed in your app. We retain it for 90 days and then delete it.

Active Hours settings

If you configure active hours, we store your preferred schedule. This is used solely to determine whether to answer or forward incoming intercom calls.

What we never collect

We are explicit about what BuzzBot does not do:

  • We never store email content. BuzzBot reads email subjects and sender addresses to confirm expected deliveries. We do not store, index, or log email content of any kind.
  • We never record audio. Voice recognition during intercom calls happens in real-time. No audio is stored after a call ends.
  • We never sell your data. Your information is not sold, rented, or shared with advertisers or data brokers.
  • We never access non-delivery email. Our Gmail query scope is limited to emails from known shipping carriers. We do not read personal email.

How data is stored

BuzzBot uses a PostgreSQL database hosted on infrastructure within the United States. All connections use TLS. Gmail OAuth tokens are encrypted at the application layer using AES-256-GCM before storage — meaning even a database breach would not expose your Gmail credentials in usable form.

Device push notification tokens (APNs tokens) are stored to deliver lock screen notifications to your iPhone. These tokens do not identify you to Apple — they are anonymous device identifiers.

Third-party services

Twilio

BuzzBot uses Twilio Programmable Voice to provision phone numbers, handle intercom calls, and perform call forwarding. When a call is processed, Twilio has access to the caller's phone number and the audio of the call in transit. Twilio's privacy policy is available at twilio.com/legal/privacy.

Google (Gmail API)

BuzzBot accesses Gmail through Google's OAuth 2.0 API. Google's data handling is governed by their privacy policy at policies.google.com/privacy. BuzzBot's use of Gmail data complies with the Google API Services User Data Policy, including the Limited Use requirements.

Apple (Sign in with Apple / APNs)

Authentication is handled via Sign in with Apple. Push notifications are delivered via Apple's APNs infrastructure. Apple's privacy policy is available at apple.com/legal/privacy.

Data retention and deletion

Call metadata is retained for 90 days and then automatically deleted. Account data is retained for as long as your account is active. If you delete your BuzzBot account, all associated data — including your phone numbers, Gmail tokens, and call history — is permanently deleted within 30 days.

You can request deletion of your account and all associated data at any time by emailing support@buzzbotdoorapp.com.

Your rights

Depending on your jurisdiction, you may have rights including access to your personal data, correction of inaccurate data, deletion of your data, and data portability. To exercise any of these rights, contact us at support@buzzbotdoorapp.com.

Children

BuzzBot is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will delete it.

Changes to this policy

If we make material changes to this privacy policy, we will notify you via the app and update the “last updated” date above. Continued use of BuzzBot after changes are posted constitutes acceptance of the revised policy.

Contact

Questions about this policy or your data: support@buzzbotdoorapp.com