Privacy Policy
Effective date: June 27, 2026
Bastion AI (“Bastion AI,” “we,” “us,” or “our”) provides an AI-driven, read-only Microsoft 365 / Entra security assessment and monitoring service. This Privacy Policy describes the information we collect, how we use and share it, and the choices you have. It applies to the Bastion AI website and services.
Information we collect
- Information you provide. Your name, work email, company, and message when you contact us or request a service, and the email address you use to sign in to your account.
- Payment information. Payments are processed by our payment provider, Stripe. We do not store full card numbers; we receive limited billing details and your subscription status.
- Service data. To deliver our security services we process technical information about the systems you authorize us to assess. Under our bring-your-own-key (BYOK) model you control your AI provider accounts and keys; we use them only as needed to perform the services you engage us for and do not retain them beyond that purpose.
- Usage and device data. Basic technical data such as IP address, browser type, and pages viewed, plus an essential authentication cookie.
How we use your information
- Provide, operate, secure, and improve our services.
- Respond to your inquiries and deliver the services you request.
- Process payments and manage subscriptions.
- Send service and account communications, such as sign-in links.
- Comply with legal obligations and enforce our terms.
Cookies
We use a single essential, first-party cookie to keep you signed in to your account. We do not use third-party advertising or cross-site tracking cookies.
How we share information
We share information with service providers who process it on our behalf: Stripe (payments), Vercel (hosting), and Resend (email delivery). Each processes data under its own terms. We may also disclose information to comply with the law or protect our rights. We do not sell your personal information.
Data retention
We keep personal information only as long as needed for the purposes described here, to provide our services, and to meet legal, accounting, or reporting requirements, after which we delete or anonymize it.
Security
We apply administrative, technical, and physical safeguards appropriate to the sensitivity of the information we handle. No method of transmission or storage is completely secure, but protecting your data is core to what we do.
Your rights and choices
Depending on where you live, including under the GDPR and CCPA/CPRA, you may have the right to access, correct, delete, or port your personal information, to opt out of certain processing, and to withdraw consent. To exercise these rights, contact us at info@bastionsecurity.dev. We will not discriminate against you for exercising them.
International transfers
We are based in the United States and may process information there. Where required, we use appropriate safeguards for cross-border transfers.
Children's privacy
Our services are intended for businesses and are not directed to children under 16, and we do not knowingly collect their information.
Changes to this policy
We may update this policy from time to time. Material changes will be reflected by updating the effective date above and, where appropriate, by additional notice.
Contact us
Bastion AI, 2150 N First St, San Jose, CA 95131. Email info@bastionsecurity.dev · (408) 785-0763.