Privacy Policy
This Privacy Policy explains how sideBar Labs Limited ("sideBar", "we", "us", "our") collects, uses, and shares information when you use the sideBar iOS, iPadOS, and macOS apps, the sideBar web app at trysidebar.ai, and our related services (together, the "Service").
sideBar Labs Limited is a company registered in England and Wales (company number 17137829) and acts as the data controller for personal data processed through the Service. We are registered with the UK Information Commissioner's Office (ICO) under registration number ZC116277.
By using sideBar you agree to the practices described in this policy. If you do not agree, please do not use the Service.
1. Information We Collect
Account information
- Email address and authentication identifiers
- Display name and profile preferences
- Subscription status and plan (Free, Plus, Pro, or BYOK)
Content you create or upload
- Chat prompts, conversations, and AI responses
- Notes, tasks, files, and saved website content
- Workspace metadata such as titles, tags, and folder structure
- Memories: reference documents created automatically by sideBar during conversations to improve future responses, plus any memories you add or edit manually
Payment information
- Web subscriptions are processed by Stripe. We do not receive or store full card details. We receive limited information such as your billing country, the last four digits of your card, and subscription status.
- iOS and macOS subscriptions are processed by Apple through In-App Purchase. Apple handles payment data and shares only the receipt and subscription status we need to unlock your plan.
Technical and usage data
- Device type, operating system, browser, and app version
- Operational logs, crash reports, and performance telemetry
- IP address and approximate location derived from network requests
- Precise device location, if you grant permission, used only to provide local weather and location context to the assistant
Communications
- Support emails and messages you send us
- Transactional emails we send you via Resend (for example, sign-in links and receipts)
2. How We Use Information
- Provide, maintain, and secure the Service
- Process AI features, tool calls, and skills you request
- Sync your account across your devices and clients
- Process subscriptions, receipts, and renewals
- Send transactional messages (sign-in links, receipts, important service notices)
- Respond to support requests
- Diagnose crashes and improve product reliability, safety, and performance
- Comply with legal obligations and enforce our terms
We do not use your chats, notes, tasks, files, or other content to train our own AI models, and we do not sell your personal data.
3. AI Processing
sideBar uses AI models provided by third-party vendors, currently Anthropic, OpenAI, and Google. How your content reaches those vendors depends on the plan you are on.
Bundled AI (Free, Plus, and Pro plans)
On our bundled plans, sideBar sends the prompts, conversation context, and any tool inputs needed to answer your request to the AI provider on your behalf using our own API accounts. Your content is processed under the AI provider's enterprise or API terms and is not used by them to train their foundation models.
Bring Your Own Key (BYOK)
On the BYOK plan you supply your own API key for an AI provider. Your key is encrypted before it is stored. When you use sideBar, your prompts and context are sent directly to the provider you chose using your key. That interaction is governed by your own agreement with that provider, and sideBar is not a party to it. We still handle the surrounding account, sync, and storage functions as described in this policy.
Store skills and third-party integrations
Some Store skills connect sideBar to external services (for example, Gmail, Google Calendar, or Spotify). When you install and use such a skill, relevant data is sent to that service to fulfil your request. Each skill's permissions are shown before installation, and you can disconnect it at any time in Settings.
Bug reports and feedback
When you report a bug or request a feature via sideBar's built-in feedback tool, we collect a summary of your report along with technical metadata (such as your conversation ID and device information) and file it as an issue in our development tracker. Full conversation content is not included unless you paste it in yourself.
4. Service Providers and Sub-processors
We use a small number of infrastructure and service providers to run sideBar. Each is bound by contractual and security controls appropriate to its role.
- Supabase: authentication, database, and realtime sync
- Fly.io: backend API hosting
- Cloudflare: marketing site hosting, CDN, and DDoS protection
- Cloudflare R2: file and object storage
- Stripe: web subscription billing
- Apple: iOS and macOS In-App Purchase billing
- Resend: transactional email delivery
- Sentry: crash and error reporting
- Anthropic, OpenAI, Google: AI model providers
This list may change as sideBar evolves. We will keep this page up to date when we add or change material sub-processors.
5. Legal Bases (UK and EEA Users)
Where UK or EU data protection law applies, we process personal data under these bases:
- Contract: to provide the Service you signed up for
- Legitimate interests: to secure, maintain, and improve sideBar
- Consent: where you grant optional permissions such as location access
- Legal obligation: where required by applicable law
6. Data Retention
We keep personal data only as long as needed for the purposes described in this policy or as required by law.
Account data
Account information is kept for as long as your account is active. If you close your account, we purge your account-scoped data immediately, subject to the limited exceptions below.
Content you delete
When you delete content inside sideBar we move it to a soft-deleted state for a short restore window and then remove it. We aim to apply roughly the following windows:
- Notes: restorable for around 7 days, hard-deleted within around 90 days
- Saved websites: restorable for around 7 days, hard-deleted within around 60 days
- Tasks, projects, and groups: hard-deleted within around 60 days
- Uploaded and ingested files: derivative storage is removed at delete time; the remaining metadata is hard-deleted within around 30 days
- BYOK provider API keys: hard-deleted within around 7 days of removal
Restoration is only guaranteed during the initial restore window. After that window, limited metadata may be retained briefly to keep sync working across your devices, but the full content is no longer recoverable.
Account deletion
When you delete your sideBar account we trigger an immediate purge of your account-scoped data, including your chats, notes, tasks, files, memories, provider keys, and related operational records. Ordinary retention windows no longer apply once the account is deleted.
Operational data
Operational logs, job records, crash reports, and performance telemetry are typically kept for up to 90 days.
Billing and legal records
Billing records are kept for as long as required by tax and accounting law (generally up to 7 years in the UK). We may also retain limited records where needed for legal, security, or fraud-prevention reasons.
Backups
Backup copies may persist for a limited period under standard disaster-recovery policies before being overwritten.
7. Data Sharing and International Transfers
We do not sell your personal data. We share data with the service providers listed above, and with legal authorities where we are required by law or to protect the rights, property, or safety of sideBar, our users, or others.
Some of our providers are based outside the UK and EEA, including in the United States. Where we transfer personal data outside the UK or EEA, we rely on appropriate safeguards such as the UK International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses, or an adequacy decision.
8. Security
We use industry-standard measures to protect your data, including encryption in transit (TLS), encryption at rest for sensitive data, certificate pinning on our apps, encrypted storage of BYOK API keys, and access controls on our infrastructure. No online service can be completely secure, but we work to reduce risk and respond quickly to incidents.
9. Your Rights
Depending on where you live, you may have the right to:
- Access the personal data we hold about you
- Request correction or deletion of your data
- Object to or restrict certain processing
- Request data portability
- Withdraw consent where processing is based on consent
To exercise any of these rights, email [email protected] from your account email. We may ask you to verify your identity before we act.
If you are in the UK or EEA and you are not happy with how we have handled your data, you have the right to complain to your local data protection authority. In the UK this is the Information Commissioner's Office (ico.org.uk).
10. Account and Data Deletion
You can request deletion of your account and associated content by emailing [email protected] from your account email. We may retain limited records where required for legal, security, tax, or fraud-prevention reasons.
11. Children's Privacy
sideBar is intended for users aged 18 and over. It is not designed for children or teenagers, and we do not knowingly collect personal data from anyone under 18.
If you believe someone under 18 has provided personal data to us, contact [email protected] and we will investigate and delete the data where appropriate.
12. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will post the updated policy here and revise the "Last updated" date above. For significant changes we will also give you a reasonable in-app or email notice where appropriate.
13. Contact
sideBar Labs Limited, a company registered in England and Wales under company number 17137829. ICO registration number ZC116277.
Privacy questions or requests: [email protected]
General inquiries: [email protected]
Administrative contact: [email protected]