Bavlio
Outreach simplified

Privacy Policy

Last updated: March 16, 2026

Introduction

Welcome to Bavlio ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered outreach platform, browser extension, and related services.

Information We Collect

Personal Information

We may collect the following types of personal information:

  • Account Information: Name, email address, company name, job title, and contact details
  • Profile Data: Professional background, industry information, and preferences
  • Communication Data: Messages, emails, LinkedIn messages, and other communications you send through our platform
  • Payment Information: Billing address and payment method details (processed securely through Stripe)
  • Referral Data: Referral codes you generate or apply, and associated referral activity

Usage Information

We automatically collect information about how you use our services:

  • Technical Data: IP address, browser type, device information, and operating system
  • Usage Analytics: Pages visited, features used, time spent on the platform, and interaction patterns (collected via PostHog)
  • Campaign Metrics: Email open rates, click rates, reply rates, and LinkedIn outreach engagement statistics
  • Extension Activity: Data extracted through the Bavlio browser extension, including lead information you choose to import

Third-Party Data

With your consent, we may access data from:

  • Google Sheets: Prospect lists and contact information you authorize us to access
  • LinkedIn: Publicly available professional information for outreach personalization, accessed via our LinkedIn integration (Unipile)
  • Email Platforms: Integration data for email sending and tracking via connected sending domains

How We Use Google User Data

We use Google user data only to provide and improve Bavlio's features that you request, such as importing rows from a selected Google Sheet. We do not sell Google user data. We do not use it for advertising or to build profiles unrelated to these features.

Sharing

We do not share Google user data with third parties except subprocessors that are essential to operate our service, each bound by confidentiality and data-protection terms. We never transfer Google user data for independent third-party use.

Human Access

Human access to Google user data is limited to rare cases needed for security, support, or legal compliance and only with your permission or when required by law.

Retention and Deletion

We keep Google user data only as long as needed to provide the requested features or as required by law. You can disconnect Bavlio from your Google Account at any time at myaccount.google.com/permissions. You can also request deletion of data imported into Bavlio by contacting us at [email protected].

Security

We use industry-standard security measures, including encryption in transit and at rest, to protect Google user data.

LinkedIn Data

When you connect a LinkedIn account through our platform, we access LinkedIn on your behalf to send connection requests, messages, and follow-ups as directed by you. We do not store LinkedIn credentials — authentication is handled securely by our integration partner (Unipile). We only retain the outreach activity data (messages sent, responses received) needed to operate your campaigns.

Browser Extension

The Bavlio browser extension allows you to extract publicly available lead data from websites you visit. The extension only operates when you explicitly activate it. Data extracted through the extension is sent directly to your Bavlio account and is not shared with third parties beyond what is necessary to provide the service.

How We Use Your Information

We use your information to:

  • Provide Services: Generate personalized outreach content and manage your campaigns
  • Account Management: Create and maintain your account, process payments, and provide customer support
  • Communication: Send you service updates, billing notices, and important platform announcements
  • Analytics: Analyze usage patterns to improve our platform and develop new features (via PostHog)
  • Security: Detect and prevent fraud, abuse, and unauthorized access
  • Compliance: Meet legal obligations and enforce our Terms of Service

Information Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

Service Providers

We work with trusted third-party service providers including:

  • Supabase — cloud hosting and database
  • Stripe — payment processing
  • Unipile — LinkedIn integration
  • BaviMail — email delivery
  • PostHog — product analytics, error tracking, session recordings, and heatmaps
  • AWS — cloud infrastructure

Legal Requirements

We may disclose your information if required by law or in response to court orders, government investigations, or to protect our rights and prevent fraud or illegal activities.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity.

Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: Data is encrypted in transit (TLS) and at rest
  • Access Controls: Strict access controls and authentication mechanisms
  • Monitoring: Continuous monitoring for security threats via PostHog and Uptime Kuma
  • Regular Audits: Periodic security assessments and compliance reviews

Data Retention

We retain your information for as long as necessary to:

  • Provide our services to you
  • Comply with legal obligations
  • Resolve disputes and enforce agreements

You may request deletion of your account and associated data at any time through your account settings or by contacting us.

Your Rights and Choices

Depending on your location, you may have the following rights:

Access and Portability

  • Request access to your personal information
  • Receive a copy of your data in a portable format

Correction and Updates

  • Update or correct inaccurate information
  • Modify your account preferences

Deletion

  • Request deletion of your account and data
  • Withdraw consent for data processing

Marketing Communications

  • Opt out of marketing emails via your notification preferences
  • Manage communication preferences in account settings

International Data Transfers

Our services are hosted in the United States. If you are accessing our services from outside the US, your information may be transferred to, stored, and processed in the US where our servers are located and our central database is operated.

We ensure appropriate safeguards are in place for international data transfers, including standard contractual clauses and adequate security measures.

Children's Privacy

Our services are not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by posting the updated policy on our website and sending email notifications to registered users.

Your continued use of our services after any changes indicates your acceptance of the updated Privacy Policy.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: [email protected]
Address: Bavlio Inc.
175 Bloor Street East
Toronto, ON M4W 3R8
Canada