Privacy Policy

Last updated: April 24, 2026

1. Introduction

Bagel (“we”, “us”, “our”) operates the Bagel web application at usebagel.com and the Bagel Chrome extension (collectively, the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

2.1 Account Information

When you sign up via X (Twitter) OAuth, we receive your X username, display name, profile picture URL, and email address from Clerk (our authentication provider). We do not store your X OAuth tokens directly — Clerk manages token storage, encryption, and refresh on our behalf.

2.2 Contact & Pipeline Data

You create and manage contacts, pipeline stages, tags, notes, and activity logs within the Service. This data is stored in our database and associated with your organization account. We do not sell or share your CRM data with third parties.

2.3 X API Data

With your permission (via X OAuth scopes), we access your X activity including tweets, likes, bookmarks, and direct messages to sync interactions with your contacts. This data is processed to create activity logs in your pipeline and is stored only as summaries (activity type, timestamp, entity IDs) — we do not store full tweet or DM content beyond brief descriptions.

2.4 Chrome Extension Data

The Bagel Chrome extension detects X.com profile pages you visit and intercepts X API calls (likes, replies, bookmarks) to log activities in real time. The extension only activates on x.com and twitter.com domains. It does not track your browsing on other websites. Activity data is sent to our API and stored as described above.

2.5 Analytics Data

We use PostHog for product analytics. We collect page views, feature usage events, and session recordings (with password fields masked). PostHog data is used to improve the product and is not shared with advertisers. You can opt out of analytics by using a browser ad blocker.

2.6 Payment Information

Payment processing is handled by Stripe. We do not store credit card numbers or bank account details. We store only your Stripe customer ID and subscription status. Stripe's privacy policy governs how they handle your payment data.

3. How We Use Your Information

  • To provide and maintain the Service, including pipeline management and activity syncing
  • To process your subscription and billing
  • To send transactional emails (account verification, billing receipts, service updates)
  • To analyze usage patterns and improve the product
  • To detect and prevent fraud or abuse
  • To comply with legal obligations

We do not use your data for advertising, sell your data to third parties, or train AI models on your CRM content.

4. Data Sharing

We share your data only with the following service providers who process it on our behalf:

  • Clerk — Authentication and X OAuth token management
  • Stripe — Payment processing
  • PostHog — Product analytics
  • AWS — Cloud infrastructure (database, hosting)

We do not sell, rent, or trade your personal information. We may disclose data if required by law, court order, or to protect our rights.

5. Data Security

We implement industry-standard security measures including encrypted connections (TLS), encrypted database storage, access controls, and regular security reviews. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

6. Data Retention

Your account data is retained for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or billing purposes. Aggregated, anonymized data may be retained indefinitely for analytics.

7. Your Rights

You have the right to:

  • Access and export your data
  • Correct inaccurate data
  • Request deletion of your account and data
  • Revoke X API access (via your X account settings or Clerk)
  • Opt out of analytics (via ad blocker or contacting us)

To exercise these rights, contact us at support@usebagel.com.

8. Cookies

We use essential cookies for authentication (Clerk session) and analytics cookies (PostHog). We do not use advertising or tracking cookies. Essential cookies are required for the Service to function. Analytics cookies can be blocked with a browser ad blocker without affecting core functionality.

9. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Last updated” date. Your continued use of the Service after changes constitutes acceptance.

11. Contact

For privacy-related questions or requests, contact us at support@usebagel.com.