Privacy policy

Last updated: December 2025

1. Introduction

BAAM (“BAAM,” “we,” “our,” or “us”) is operated by Achilles One LLC, a Wyoming limited liability company.

We are committed to protecting your privacy and handling personal data in a transparent and responsible manner. This Privacy Policy explains how we collect, use, store, and protect information when you use BAAM (the “Service”).

By accessing or using BAAM, you consent to the practices described in this Privacy Policy.

2. Information We Collect

2.1 Information You Provide

When you create an account or use BAAM, we may collect:

  • Name and email address

  • Account credentials

  • Billing information (processed securely by Stripe — we do not store card details)

  • Outreach preferences (industries, company size, geography, services)

  • Optional writing samples or outreach examples (“voice training samples”)

  • Gmail authorization via OAuth

2.2 Information Collected Automatically

We may automatically collect:

  • Usage data (features used, outreach sent, prospects viewed)

  • Email activity metadata related to messages sent through BAAM

  • Device and browser information

  • Log data (IP address, timestamps, access logs)

  • Cookies and similar technologies

2.3 Information from Third Parties

We may receive information from:

  • Stripe (payment confirmation and subscription status)

  • Google (Gmail API) for sending emails and detecting replies

  • Public data sources for prospect and company information

  • OpenAI for AI-assisted content generation

3. How We Use Your Information

3.1 To Provide the Service

We use your information to:

  • Deliver prospect recommendations

  • Generate AI-assisted outreach drafts

  • Send emails you explicitly approve through your connected Gmail account

  • Display sent messages and reply status

  • Process payments and manage subscriptions

  • Provide customer support

3.2 AI Processing

  • Outreach drafts may be generated using OpenAI’s API

  • Writing samples are used only to personalize output for your account

  • Data sent to OpenAI is not used to train OpenAI models

  • You remain responsible for reviewing and approving all messages

3.3 Gmail Integration (Important)

When you connect Gmail via OAuth:

  • We store encrypted OAuth tokens

  • We may send emails only when you explicitly initiate sending actions

  • We may access Gmail in read-only mode to:

    • Display conversation threads

    • Detect replies to emails sent through BAAM

    • Prevent further messages after a reply

BAAM does not:

  • Scan your inbox

  • Access unrelated emails

  • Modify inbox state (no deleting, labeling, archiving, or marking messages read/unread)

You may revoke Gmail access at any time through BAAM or your Google Account settings.

3.4 Service Improvement

We may use anonymized or aggregated data to:

  • Improve product functionality

  • Diagnose bugs and performance issues

  • Optimize AI-assisted features

3.5 Communication

We may send:

  • Service-related announcements

  • Account notifications

  • Support responses

You may opt out of non-essential communications at any time.

3.6 Legal and Security

We may process data to:

  • Comply with legal obligations

  • Enforce our Terms of Service

  • Detect fraud, abuse, or security incidents

4. How We Share Information

We do not sell personal information.

We may share information only as follows:

4.1 Service Providers

We may share data with trusted vendors, including:

  • Hosting and infrastructure providers

  • Stripe (payments)

  • OpenAI (AI processing)

  • Google (Gmail API)

  • Analytics and monitoring services

All providers are contractually required to protect data and use it only to provide services to BAAM.

4.2 Business Transfers

If BAAM is involved in a merger, acquisition, or asset sale, your data may be transferred as part of that transaction, subject to notice.

4.3 Legal Requirements

We may disclose data if required by law or to protect rights, safety, or property.

5. Data Security

We implement industry-standard safeguards, including:

  • TLS encryption in transit

  • Encryption at rest for sensitive data

  • Encrypted OAuth token storage

  • Role-based access controls

  • Secure infrastructure and credential handling

Gmail OAuth Security

  • Tokens are encrypted (AES-256)

  • Tokens are never logged in plaintext

  • Tokens are revoked immediately upon disconnection or account deletion

No system is 100% secure, but we take reasonable steps to protect your data.

6. Data Retention

We retain data only as long as necessary:

  • Account data: while account is active

  • Gmail OAuth tokens: deleted immediately upon revocation

  • Outreach messages: retained up to 90 days unless deleted

  • Prospect data: retained up to 90 days

  • Logs and analytics: up to 12 months

Upon account deletion:

  • Personal data is deleted within 30 days

  • Backup data may persist up to 90 days

  • Aggregated, anonymized data may be retained indefinitely

7. Your Rights and Choices

Depending on your location, you may have rights to:

  • Access your data

  • Correct inaccuracies

  • Request deletion

  • Export your data

  • Revoke third-party access

  • Object to or restrict processing

To exercise rights, contact privacy@baam.one.

8. Cookies and Tracking

We use cookies to:

  • Maintain sessions

  • Store preferences

  • Analyze usage

We do not use advertising cookies or sell data to advertisers.

9. Third-Party Services

9.1 OpenAI

Used for AI-assisted content generation.
Data sent is not used for model training.
Policy: https://openai.com/enterprise-privacy

9.2 Gmail API

Used for sending emails and detecting replies.
Complies with Google API Services User Data Policy (Limited Use).
Policy: https://developers.google.com/terms/api-services-user-data-policy

9.3 Stripe

Used for payment processing.
We do not store card details.
Policy: https://stripe.com/privacy

10. Children’s Privacy

BAAM is not intended for users under 18. We do not knowingly collect data from children.

11. International Users

BAAM operates from the United States. Data may be processed in the U.S. or other jurisdictions where service providers operate, subject to appropriate safeguards.

12. California Privacy Rights (CCPA)

California residents have rights to access, delete, and opt out of data sales (we do not sell data).
Contact: privacy@baam.one

13. European Privacy Rights (GDPR)

EEA residents have rights under GDPR.
Legal bases include contract performance, legitimate interests, consent, and legal obligations.

14. Changes to This Policy

We may update this Privacy Policy. Material changes will be communicated via email or in-app notice.

Continued use of BAAM constitutes acceptance.

15. Contact Information

Achilles One LLC
Email: hello@baam.one
Privacy: privacy@baam.one

Mailing Address:
333 West Brown Deer Road
Unit G-504
Milwaukee, WI 53217
United States

© 2025 Achilles One LLC. All rights reserved.