This Privacy Policy explains how TheBingo.ai (“Bingo,” “we,” “our”) collects, uses, and protects information when you use our hosted service at chat.thebingo.ai, our marketing site, and our self-hosted open-source distribution.
Bingo is a conversational BI platform. Our guiding principle is simple: your raw data stays yours. Rows from your databases and files are not sent to third-party LLM providers, and we design the product to keep sensitive data inside your Bingo environment wherever technically possible.
1. Information we collect
Account information
When you create an account we collect your email address, a hashed password (or SSO identifier), your display name, and the organization you belong to. If you sign in through SSO, we receive only the identifiers and scopes granted by your identity provider.
Workspace and usage data
- Connection metadata — database hostnames, encrypted credentials, schema names, table names, and column types you choose to expose.
- Chat and dashboard artifacts — the messages, prompts, saved queries, dashboard layouts, and widget configurations you create.
- Product telemetry — feature usage, credit consumption, error logs, and performance metrics needed to operate the service.
Data you query
Bingo queries your databases on your behalf. Raw rows are processed inside your Bingo environment and are not persisted to long-term storage unless you explicitly pin a result. When you pin a result or save a widget, the rendered output is stored alongside your workspace for re-display.
2. What we send to LLM providers
Bingo sends the minimum context required to answer your question. That typically includes:
- Your natural-language question and chat history within the session.
- Schema descriptions (table names, column names, column types) for the sources you have connected.
- High-level aggregations or sample rows only when you explicitly authorize a preview for that source.
Raw table contents, credentials, and PII are not included in prompts. You can review the exact payload sent to the provider in the chat inspector on any message.
3. How we use information
- To provide, maintain, and secure the Bingo service.
- To operate the AI features you invoke, including chat, dashboards, and scheduled jobs.
- To meter credit consumption, enforce plan limits, and bill paid accounts.
- To improve product quality through aggregated, anonymized analytics. We do not train third-party models on your data.
- To communicate with you about product updates, security notices, and account issues.
4. Third-party processors
Bingo relies on a short list of subprocessors to operate the hosted service:
- LLM providers — OpenAI and Anthropic, configurable at the workspace level. Ollama can be used for fully local inference on self-hosted deployments.
- Infrastructure — our cloud host for compute, storage, and managed databases.
- Authentication — Supabase (default) or SSO provider of your choice (enterprise).
- Transactional email — used solely for account and security notifications.
A current list of subprocessors is available on request. Enterprise customers receive a Data Processing Addendum (DPA) on request.
5. Data location & retention
Hosted workspaces are stored in our primary region unless you contract for a dedicated environment in a specific jurisdiction. Chat history, dashboards, and connection metadata are retained for the life of your workspace. You can delete them at any time from your settings; deletion is propagated to backups within 30 days.
Self-hosted deployments store all data inside your own infrastructure. TheBingo.ai has no access to self-hosted workspaces.
6. Security
- All traffic is encrypted in transit via TLS 1.2+.
- Database credentials are encrypted at rest with Fernet keys that never leave our key-management service.
- Access to production systems is limited to a small on-call rotation and gated by SSO + hardware keys.
- We perform regular dependency scanning and ship updates through a reviewed pull-request process.
7. Your rights
Depending on your jurisdiction, you may have the right to access, correct, export, or delete personal data we hold about you. To exercise these rights, contact privacy@thebingo.ai. We respond within 30 days.
8. Children
Bingo is not directed to users under 16. We do not knowingly collect data from children.
9. Changes to this policy
We will post material changes to this policy at this URL and, for registered accounts, by email. Continued use of Bingo after the effective date constitutes acceptance of the updated policy.
10. Contact
For privacy questions, contact privacy@thebingo.ai. For general support, hello@thebingo.ai.