Privacy Policy

The Service is provided by the team behind the Backdoor product. For privacy questions and requests, contact us at founders@backdoorai.app.

This policy describes our practices for information we process in connection with the Service. It does not govern third-party sites, apps, or services (such as an employer’s website or a job board) that we may link to for research. Those services have their own policies.

Depending on how you use the Service, we may collect:

• Account and contact information. For example, your phone number, authentication details for the web dashboard, and similar identifiers you provide when you sign in or get started.
• Profile and job-search information. What you share over text or elsewhere in the product: your background, skills, preferences, target roles, companies, location or remote requirements, links (for example a résumé or profile URL), and other context needed to find and qualify opportunities.
• Communications with Backdoor. Messages you send in your text thread, including attachments you choose to provide, and related metadata needed to run the thread (for example timestamps).
• Email and calendar-related data (if you connect Gmail). When you connect your Google account, we access the Gmail and related permissions you authorize so we can draft, send, and track outreach and replies in your own inbox, as described when you connect. This may include message content, thread identifiers, and headers needed to monitor replies and keep an accurate pipeline in the product.
• Leads, drafts, and outreach records. Data we generate or store as part of the product: research about companies and roles, scoring or qualification notes, email drafts, approval decisions, send history, follow-up sequences, and a timeline of actions (including what you approved, edited, or skipped).
• Technical and usage data. For example, device or browser type, general log data, IP address, and diagnostic information from our hosting and background systems, used to operate and secure the Service and understand reliability issues.
• Billing data. If you subscribe, our payment provider processes card or wallet details. We receive limited subscription status and billing-related records from the provider (for example customer identifiers and payment events), not your full card number.

The use of raw or derived user data received from Workspace APIs will adhere to the Google User Data Policy, including the Limited Use requirements.

We obtain information when:

• you provide it to us over text, the dashboard, or onboarding;
• you connect integrations such as Google/Gmail with your consent;
• we create or infer it in the product (for example research summaries or draft outreach);
• our service providers and infrastructure generate logs or records as part of operating the Service.

We use personal information to:

• provide, maintain, and improve the Service (including the dashboard and messaging experience);
• research public sources and qualify roles on your behalf, and draft outreach in line with your instructions;
• send, queue, and track messages you approve, and run follow-up sequences you configure in the product;
• notify you by text message about replies, suggested next steps, or product updates you expect as part of the Service;
• authenticate users, protect security, and prevent abuse;
• process payments and fulfill refund policies we publish;
• comply with law, respond to lawful requests, and enforce our terms;
• analyze and improve our models, workflows, and reliability, including through trusted subprocessors and AI providers, as described below.

We do not sell your personal information in the conventional sense of selling data to data brokers, and we do not use it for third-party marketing unrelated to the Service.

Backdoor uses artificial intelligence and automation to scan sources, qualify opportunities, help draft or classify messages, and run internal workflows. You stay in control of what is sent: outreach to third parties is designed to go out in line with the human-in-the-loop and approval flows we describe in the product and terms.

You should expect automated outputs to be fallible. Review drafts and research before you rely on them, especially for high-stakes decisions.

If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on one or more of the following legal bases, depending on the activity:

• Contract - processing necessary to provide the Service you ask for, including account setup, messaging you by text, and operating the pipeline you configure.
• Legitimate interests - for example, securing the Service, understanding aggregate reliability, preventing fraud, and improving the product, where your interests and fundamental rights do not override those interests.
• Consent - where we ask for it (for example for certain integrations or marketing beyond core service messages), and you may withdraw it as described in those flows.
• Legal obligation - where the law requires us to process or retain data.

We share personal information with vendors that help us run the Service (“subprocessors”). Depending on your use, this may include providers for:

• cloud hosting, databases, and file storage (for example Supabase);
• text message delivery via a messaging platform (Sendblue);
• Google APIs when you connect Gmail or related Google services;
• payment processing (Dodo Payments) and, through them, card networks;
• AI and developer infrastructure, including the Vercel AI Gateway and underlying model providers (for example xAI, OpenAI, or others we configure) for language and reasoning tasks;
• web research and fetching (for example xAI and Firecrawl) where used for research and qualification;
• background jobs and queueing (for example Inngest) for durable execution;
• observability, logging, and analytics for reliability (for example Respan when enabled).

The use of raw or derived user data received from Workspace APIs will adhere to the Google User Data Policy, including the Limited Use requirements.

We may also share information if we in good faith believe it is required by law, to protect our users or the public, or in connection with a merger, acquisition, or asset sale, subject to appropriate safeguards where the law allows.

We are based in the United States. If you use the Service from elsewhere, your information will be processed in the United States and in other countries where our providers operate. Where required, we use appropriate safeguards (such as standard contractual clauses) for cross-border transfers. You may request more detail on these safeguards by contacting us.

We keep personal information only as long as needed to provide the Service, comply with law, resolve disputes, and enforce our agreements. Actual periods depend on the type of data and your use of the product; in many cases you can request deletion of your account data as described below, subject to legal and technical limits (for example limited backups or records we must retain for financial compliance).

We implement technical and organizational measures appropriate to the nature of the Service, including access controls, encryption in transit where industry-standard for our stack, and vendor diligence. No system is completely secure; we cannot guarantee absolute security.

Depending on where you live, you may have the right to access, correct, delete, or export your personal information; to object to or limit certain processing; to withdraw consent where processing was consent-based; and to lodge a complaint with a data protection authority.

California and other U.S. states.Residents may have rights under applicable state laws (for example, to know categories of personal information collected, to request deletion, and, where applicable, to opt out of “sale” or “sharing” as defined in those laws). We do not sell your personal information as those terms are commonly used for data monetization, and we describe our practices above.

To exercise a right, contact founders@backdoorai.app. We will verify and respond in line with applicable law. We will not discriminate against you for exercising these rights, where prohibited.

Our site may use essential cookies and similar technologies needed for login, security, and basic site operation. We may add analytics in the future; if we do, we will update this policy and any consent experience accordingly.

The Service is not intended for children under 16, and we do not knowingly collect personal information from them. If you believe we have, contact us and we will take appropriate steps to delete it.

We may update this policy from time to time. When we do, we will change the “last updated” date at the top of this page and, for material changes, take additional steps as appropriate (such as in-product notice). Continued use of the Service after the effective date of an update means you accept the revised policy, to the extent permitted by law.