Last updated: June 11 2025
Plain‑English promise (non‑binding summary)
• We minimize what we collect, encrypt what we keep, and never sell personal data.
• Ava acts only when you tell it to. No surprise messages, purchases, or data shares.
• Health information is outside our scope—please don’t put medical details into Ava.
Bean & Bug Inc. ("Ava," "we," "us," or "our") provides an AI‑powered household concierge application and related websites, mobile/OTT apps, APIs, and services (collectively, the "Services"). This Privacy Policy explains how we collect, use, disclose, and safeguard information relating to users of the Services ("you") and applies wherever it is displayed or referenced. By accessing or using the Services, you acknowledge that you have read and understood this Policy.
Age Requirement. By accessing, downloading, installing, or using the Services, you represent and warrant that you are at least 18 years of age or the age of majority in your jurisdiction, whichever is higher. If you are under 18 years of age, you must have the consent of your parent or legal guardian to use the Services.
Verification of Age. We reserve the right to verify your age at any time. If we cannot verify that you meet the age requirements, or if we discover that you do not meet these requirements, we may terminate your access to the Services and delete any information we have collected from you, except where we are required to retain such information by law.
Parental Consent for Minors. If you are a parent or legal guardian and you allow your child to use the Services, you agree to be bound by this Privacy Policy and our Terms of Service, and you are responsible for your child's activity on the Services. You acknowledge that you have reviewed and agree to our data collection and use practices as described in this Policy.
No Collection from Children Under 13. We do not knowingly collect personal information from children under 13 years of age. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly. If you believe we may have collected information from a child under 13, please contact us immediately at legal@hiava.xyz.
| Category | Examples | Source | Required? |
|---|---|---|---|
| Account Identifiers | Name, email address, third‑party SSO ID | You / SSO provider | Yes |
| Household Context | Family member names, routines, schedules, shopping lists, images you upload | You | Only if you supply it |
| Usage Data | Logs of tasks requested, device/browser metadata, timestamps, diagnostics | Automated | Yes (service & security) |
| Payment Data | Encrypted tokenized payment identifiers (no raw card numbers) | Payment processor | Only for paid features |
| Support & Feedback | Messages to support, bug reports | You | Optional |
| Location Data | Device location (with your consent) to provide context-aware assistance | iOS Location Services | Optional (enhances service quality) |
| Aggregated/De‑identified Data | Statistical insights, model‑training telemetry stripped of personal identifiers | Generated by Ava | Yes (non‑personal) |
We do not intentionally collect: Protected Health Information under HIPAA; information about children under 13 without verified parental consent; precise biometric identifiers.
Purpose. We may request access to your device's location through iOS Location Services to provide context-aware assistance. This helps us deliver more relevant and personalized responses to your requests.
Consent Required. Location access is always optional and requires your explicit consent. You can enable or disable location services at any time through your device settings or within the Ava app.
Data Usage. When location services are enabled, we use your location data solely to:
Data Retention. Location data is processed in real-time and is not stored permanently. We do not track your location over time or create location history profiles.
Third-Party Location Services. We rely on iOS Location Services, which are subject to Apple's privacy policies and your device's location settings.
| Purpose | Lawful Basis (GDPR) | Typical Examples |
|---|---|---|
| Provide and improve the Services | Contractual necessity | Executing a grocery order you requested; refining voice recognition |
| Personalize user experience | Consent | Remembering nicknames you explicitly save |
| Secure the platform & prevent fraud | Legitimate interests | Rate‑limiting abusive login attempts |
| Comply with law | Legal obligation | Responding to valid subpoenas |
| Research & analytics using de‑identified data | Legitimate interests | Measuring feature adoption trends |
No automated decisions with legal or similarly significant effects are made about you without your explicit opt‑in.
We never sell your personal information. We disclose it only:
We are headquartered in the United States. Information may be processed in the U.S. and other countries with differing privacy laws. Where required, we rely on adequacy decisions, Standard Contractual Clauses, or other lawful transfer mechanisms.
| Jurisdiction | Key Rights |
|---|---|
| EEA / UK (GDPR) | Access, rectification, erasure, restrict/oppose processing, data portability, lodge a complaint with a Supervisory Authority |
| California (CCPA/CPRA) | Know, delete, correct, opt‑out of “sale” or “sharing” (which we do not perform), limit use of Sensitive PI |
| CO / CT / VA / UT | Comparable access/correction/deletion and opt‑out rights |
Email legal@hiava.xyz or use in‑app controls to exercise rights.
Ava is not directed to children under 13. Parents who believe we have inadvertently collected a child’s data should contact us for deletion.
Ava is not a medical device or covered entity under HIPAA. Do not input medical diagnoses, prescriptions, or other PHI.
Ava’s AI only generates suggestions when prompted by you. We do not unilaterally take actions that create legal effects without your opt‑in.
The use of raw or derived user data received from Workspace APIs will adhere to the Google User Data Policy, including the Limited Use requirements.
We are not responsible for external platforms linked or integrated.
We will post material changes at least 15 days before they take effect.
California “Shine the Light.” We do not share personal information with third parties for their direct marketing.
Nevada SB 220. We do not sell covered information as defined by Nevada law.
Brazil LGPD. Data subjects may exercise LGPD rights via §8.
EU DPO. legal@hiava.xyz
Your home deserves an assistant that is secure, respectful, and always on your side. That’s Ava—privacy by default, trust by design.