Privacy Notice

Last updated: June 2026

1. Who we are

Bob is operated by underdogdesign ("we", "us"). We act as the data controller for personal data processed through this service. Contact us at the support address shown in the app.

2. Personal data we collect

• Account data: email address, display name, login credentials.
• Content you submit: text, links, images, audio and files you send to Bob for analysis.
• Usage data: scans performed, timestamps, verdicts, device and browser information, IP address.
• Email forwarding data (Pro): messages you forward to your personal Bob address.
• Billing data: handled by Paddle; we receive subscription status, plan, and customer identifiers, not full card details.

3. Purposes & legal basis

• Provide the service and analyse content you submit — performance of contract.
• Account creation, authentication and customer support — performance of contract.
• Security, fraud and abuse prevention — legitimate interests.
• Product improvement and aggregated analytics — legitimate interests.
• Compliance with legal obligations — legal obligation.

4. Data sharing

We share personal data only with:

• Service providers / subprocessors: hosting, database, email delivery, AI analysis providers, analytics.
• Paddle.com Market Ltd — our Merchant of Record for all orders. Paddle handles checkout, payments, tax, invoicing, subscription management and refunds, and is an independent controller for the data it collects at checkout.
• Professional advisers (legal, accounting) where strictly necessary.
• Authorities where required by law.

5. International transfers

Some of our providers are located outside the EEA/UK. Where this is the case, transfers are protected by appropriate safeguards such as Standard Contractual Clauses or an adequacy decision.

6. Retention

We keep account data for as long as your account is active and for a reasonable period after closure to handle disputes and meet legal obligations. Submitted scan content is kept only as long as needed to provide and improve the service, and then deleted or anonymised.

7. Your rights

Subject to applicable law, you have the right to access, rectify, erase, restrict or object to processing of your personal data, to data portability, and to withdraw consent. EEA/UK users also have the right to complain to a supervisory authority. We respond within one month.

8. Security

We use appropriate technical and organisational measures, including encryption in transit, access controls and least-privilege practices, to protect your data.

9. Cookies

We use cookies and similar technologies that are strictly necessary to operate the service (e.g. authentication). Where we use optional analytics or marketing cookies, you can manage your preferences in your browser.

10. Changes

We may update this notice from time to time. Material changes will be communicated through the service.