Privacy Policy
Last Updated: November 21, 2025
Badger AI ("we," "us," or "our") is committed to protecting the privacy and security of your information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our AI-powered police report writing service.
🔒 LAW ENFORCEMENT DATA: We understand the sensitive nature of Criminal Justice Information (CJI) and maintain comprehensive security controls designed to meet CJIS compliance standards.
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Name and email address
- Phone number (for MFA)
- Agency affiliation
- Password (encrypted)
- Account preferences and settings
1.2 Report Data
When you use our service to create reports, we collect:
- Report content and narratives
- Incident information you provide
- Chat conversations with the AI
- Report metadata (timestamps, scores, versions)
- Edited and finalized reports
1.3 Usage Information
We automatically collect:
- Login timestamps and session duration
- Feature usage and report generation history
- IP addresses and device information
- Browser type and operating system
- Error logs and diagnostic data
1.4 Payment Information
For paid subscriptions:
- Payment processing is handled by Stripe (our payment processor)
- We do NOT store credit card numbers or full payment details
- We receive transaction confirmations and subscription status from Stripe
- Billing address may be collected for tax purposes
1.5 Referral Program Data
If you participate in our referral program:
- Unique referral codes assigned to your account
- Referral usage tracking (who used your code)
- Reward redemption history
2. How We Use Your Information
2.1 To Provide the Service
- Generate AI-assisted police report narratives
- Store and retrieve your reports
- Authenticate your identity and manage sessions
- Process payments and manage subscriptions
- Track usage limits for your subscription tier
- Manage referral rewards and discounts
2.2 To Improve the Service
- Analyze usage patterns to enhance features
- Debug technical issues and optimize performance
- Develop new features and capabilities
- Train AI models (only with explicit consent and anonymized data)
2.3 To Communicate With You
- Send account-related notifications
- Provide customer support
- Notify you of service updates or changes
- Send security alerts (MFA codes, suspicious activity)
- Respond to your inquiries
2.4 For Security and Compliance
- Maintain comprehensive audit logs
- Detect and prevent fraud or abuse
- Comply with legal obligations
- Enforce our Terms of Service
- Respond to law enforcement requests when legally required
3. How We Protect Your Information
3.1 Encryption
All data is protected with enterprise-grade encryption:
- In Transit: FIPS 140-3 compliant TLS 1.3 encryption for all data transmission
- At Rest: AWS KMS encryption for all stored data in DynamoDB
- In Processing: AWS Nitro System hardware-level memory encryption
3.2 Access Controls
- Multi-factor authentication (MFA) required for all accounts
- 30-minute automatic session timeouts
- Role-based access controls for agency administrators
- AWS Nitro System prevents unauthorized access by cloud provider employees
3.3 Audit Logging
- Comprehensive tamper-proof audit trails via AWS CloudTrail
- 3+ year log retention for compliance purposes
- All system access and data modifications are logged
- Regular security monitoring and alerting
3.4 Infrastructure Security
- Hosted on AWS infrastructure with CJIS-focused security controls
- FIPS-compliant endpoints for all AWS services
- Regular security assessments and updates
- Disaster recovery and backup procedures
4. Data Retention
4.1 Active Accounts
For active accounts, we retain:
- Account information: Until account closure
- Report data: Indefinitely or until you delete it
- Usage logs: 3+ years for compliance purposes
- Payment records: 7 years for tax and accounting purposes
4.2 Deleted Reports
When you delete a report:
- It is soft-deleted (hidden from your view) for 90 days
- After 90 days, it is permanently deleted from our systems
- Backup copies are removed according to our backup retention schedule
4.3 Account Closure
If you close your account:
- Your account access is immediately revoked
- Personal information is deleted within 30 days
- Report data is retained for 90 days for potential recovery
- Audit logs are retained for compliance purposes (3+ years)
- Anonymized usage data may be retained indefinitely
5. Data Sharing and Disclosure
5.1 We Do NOT Sell Your Data
We do not sell, rent, or trade your personal information or report data to third parties for marketing purposes.
5.2 Service Providers
We share limited data with trusted service providers who assist us:
- AWS: Cloud infrastructure and hosting (with CJIS security controls)
- Stripe: Payment processing (PCI-DSS compliant)
- Anthropic: AI model provider for Claude AI (API calls only, no data storage)
All service providers are contractually obligated to protect your information and use it only for the services they provide to us.
5.3 Legal Requirements
We may disclose information when required by law:
- In response to valid subpoenas or court orders
- To comply with legal obligations
- To protect our rights, property, or safety
- To prevent fraud or security threats
5.4 Agency Access
For agency-level accounts:
- Agency administrators may have access to user activity within their organization
- Reports created by officers may be visible to authorized agency personnel
- Agency policies govern internal data sharing
6. Your Rights and Choices
6.1 Access and Portability
You have the right to:
- Access your personal information and report data
- Export your reports in standard formats
- Request a copy of your data
6.2 Correction and Deletion
You can:
- Update your account information at any time
- Edit or delete individual reports
- Request account closure and data deletion
6.3 Consent Withdrawal
Where we process data based on consent, you may:
- Withdraw consent for using your data to improve AI models
- Opt out of non-essential communications
- Disable certain features that require additional data collection
7. Cookies and Tracking
7.1 Essential Cookies
We use cookies necessary for the service to function:
- Authentication tokens and session management
- Security features and fraud prevention
- User preferences and settings
7.2 Analytics
We may use analytics to understand usage patterns:
- Feature usage and performance metrics
- Error tracking and diagnostic information
- Aggregated, anonymized usage statistics
8. Third-Party AI Services
8.1 Anthropic Claude
We use Anthropic's Claude AI for report generation:
- Your report prompts and conversations are sent to Anthropic's API
- Anthropic processes data according to their privacy policy and terms
- We do not share your identity or agency information with Anthropic
- Anthropic does not use your data to train their models without explicit consent
9. Children's Privacy
Badger AI is not intended for use by individuals under 18 years of age. We do not knowingly collect information from minors. If we become aware that we have collected data from a minor, we will promptly delete it.
10. International Data Transfers
Your data is processed and stored in the United States on AWS infrastructure. If you access the service from outside the United States, your information will be transferred to and processed in the U.S. By using Badger AI, you consent to this transfer.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Changes will be effective:
- Upon posting the updated policy on our website
- After email notification (for material changes)
- As indicated by the "Last Updated" date at the top of this policy
Your continued use of Badger AI after changes constitutes acceptance of the updated policy.
12. CJIS Compliance
12.1 Security Controls
Badger AI implements comprehensive security controls designed to meet CJIS requirements:
- FIPS 140-3 validated cryptographic modules
- Multi-factor authentication
- Automatic session timeouts
- Comprehensive audit logging
- Personnel security measures
- Incident response procedures
12.2 Current Status
Badger AI is currently in beta testing with CJIS-focused security controls in place. We are committed to maintaining these standards as we continue to develop and improve the service.
13. Data Breach Notification
In the unlikely event of a data breach affecting your information:
- We will notify you within 72 hours of discovery
- We will notify relevant law enforcement authorities as required
- We will provide details about the breach and steps we're taking
- We will offer guidance on protective measures you can take
14. Contact Information
14.1 Privacy Questions
For questions about this Privacy Policy or our data practices:
Email: support@mybadgerai.com
Website: www.mybadgerai.com
14.2 Data Requests
To exercise your rights regarding your data (access, correction, deletion):
- Email us at support@mybadgerai.com
- Include your account email and the nature of your request
- We will respond within 30 days
15. Acknowledgment
BY USING BADGER AI, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY AND AGREE TO OUR COLLECTION, USE, AND DISCLOSURE OF YOUR INFORMATION AS DESCRIBED HEREIN.