Last updated: April 6 2026
Plain‑English promise (non‑binding summary)
• We minimize what we collect, encrypt what we keep, and never sell personal data.
• Your personal data is never sent to third‑party AI providers for their training.
• We don’t sell your data. We only share what is needed to run features you use—for example, sending prompts to AI inference providers you interact with through Ava, or data you explicitly connect via integrations—and never for unrelated marketing.
• Ava acts only when you tell it to. We don’t send surprise messages or make purchases on your behalf.
• Health and sensitive financial information are outside our scope—please don’t put medical or financial details into Ava.
• You must be at least 18 (or age of majority) to create an account. Teens 13+ may participate as supervised household members under your account.
Bean & Bug Inc. ("Ava," "we," "us," or "our") provides an AI‑powered household concierge application and related websites, mobile/OTT apps, APIs, and services (collectively, the "Services"). This Privacy Policy explains how we collect, use, disclose, and safeguard information relating to users of the Services ("you") and applies wherever it is displayed or referenced. By accessing or using the Services, you acknowledge that you have read and understood this Policy.
Account Holders. To create an Ava account you must be at least 18 years old or the age of majority in your jurisdiction, whichever is higher. By creating an account, you affirmatively represent and warrant that you meet this requirement.
Supervised Household Members. Account holders may invite household members aged 13 or older to participate in household features (e.g., shared schedules, task lists, group coordination) as supervised members under the account holder's profile. Supervised members do not have their own standalone accounts. By adding a supervised household member, the account holder represents that they are the member's parent or legal guardian (or have obtained such consent), agrees to be responsible for the supervised member's activity on the Services, and consents to our collection and use of the supervised member's information as described in this Policy.
No Children Under 13. The Services are not directed to children under 13. We do not knowingly collect personal information from anyone under 13 years of age. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly.
Verification of Age. We reserve the right to verify age at any time. If we cannot verify that an account holder or supervised member meets the applicable age requirements, we may immediately terminate access and delete any information we have collected, except where we are required to retain such information by law.
If you believe we may have collected information from anyone who does not meet the requirements in this Section, please contact us immediately at legal@hiava.xyz.
| Category | Examples | Source | Required? |
|---|---|---|---|
| Account Identifiers | Name, email address, third‑party SSO ID | You / SSO provider | Yes |
| Household Context | Family member names, routines, schedules, shopping lists, images you upload | You | Only if you supply it |
| Usage Data | Logs of tasks requested, device/browser metadata, timestamps, diagnostics | Automated | Yes (service & security) |
| Subscription & Purchase Status | Subscription tier, renewal status, and transaction or receipt identifiers provided by Apple App Store or Google Play when you subscribe in‑app (we do not receive or store your full payment card number) | Apple / Google (in‑app purchase) | Only for paid features purchased through the apps |
| Support & Feedback | Messages to support, bug reports | You | Optional |
| Location Data | Device location (with your consent) to provide context-aware assistance | iOS Location Services | Optional (enhances service quality) |
| Group/Household Coordination | Shared schedules, group preferences, coordination messages between household members | You and other household members | Only if you opt in to group features |
| Aggregated/De‑identified Data | Statistical insights, model‑training telemetry stripped of personal identifiers | Generated by Ava | Yes (non‑personal) |
We do not intentionally collect: Protected Health Information under HIPAA; sensitive financial data such as bank account numbers, Social Security Numbers, or full payment card numbers; personal information from children under 13; precise biometric identifiers.
Purpose. We may request access to your device's location through iOS Location Services to provide context-aware assistance. This helps us deliver more relevant and personalized responses to your requests.
Consent Required. Location access is always optional and requires your explicit consent. You can enable or disable location services at any time through your device settings or within the Ava app.
Data Usage. When location services are enabled, we use your location data solely to:
Data Retention. Location data is processed in real-time and is not stored permanently. We do not track your location over time or create location history profiles.
Third-Party Location Services. We rely on iOS Location Services, which are subject to Apple's privacy policies and your device's location settings.
| Purpose | Lawful Basis (GDPR) | Typical Examples |
|---|---|---|
| Provide and improve the Services | Contractual necessity | Executing a grocery order you requested; refining voice recognition |
| Personalize user experience | Consent | Remembering nicknames you explicitly save |
| Secure the platform & prevent fraud | Legitimate interests | Rate‑limiting abusive login attempts |
| Comply with law | Legal obligation | Responding to valid subpoenas |
| Research & analytics using de‑identified data | Legitimate interests | Measuring feature adoption trends |
No automated decisions with legal or similarly significant effects are made about you without your explicit opt‑in.
No data shared with third‑party AI providers for training. We may use third‑party AI inference providers to process prompts and generate outputs for features you request. If we do, we share only the data needed to provide that feature, and only under contractual terms that prohibit those providers from using your data to train their own models or for any purpose beyond providing services to Ava.
Internal model improvement. We may use de‑identified, non‑personally‑identifiable conversation data to train and improve Ava's own internal personalization models. Before any such data is used for training, all personal identifiers are stripped, and the data is aggregated or anonymized so that it cannot reasonably be linked back to any individual user.
Ava may offer group coordination features that allow household members—including supervised household members aged 13 and older (see Section 2)—to share context (e.g., schedules, preferences, task assignments) with one another. Participation in group features is voluntary and requires the account holder's opt‑in. Data shared within a group is visible to all members of that group. You may leave a group or remove a supervised member at any time, which will stop future sharing of that person's context with the group, although previously shared content may remain visible where reasonably necessary to preserve group history, complete ongoing tasks, or comply with law.
We never sell your personal information. We disclose it only:
We are headquartered in the United States. Information may be processed in the U.S. and other countries with differing privacy laws. Where required, we rely on adequacy decisions, Standard Contractual Clauses, or other lawful transfer mechanisms.
| Jurisdiction | Key Rights |
|---|---|
| EEA / UK (GDPR) | Access, rectification, erasure, restrict/oppose processing, data portability, lodge a complaint with a Supervisory Authority |
| California (CCPA/CPRA) | Know, delete, correct, opt‑out of “sale” or “sharing” (which we do not perform), limit use of Sensitive PI |
| U.S. State Privacy Laws | If you are a resident of a U.S. state that grants consumer privacy rights—including but not limited to California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, and Virginia—you may exercise applicable access, correction, deletion, and opt‑out rights as provided by your state’s law. |
We aim to comply with applicable U.S. federal and state privacy and consumer protection laws to the extent they apply to our Services and processing activities. Where applicable law provides rights that exceed those described in this Policy, we will make commercially reasonable efforts to honor those rights as required by law.
Email legal@hiava.xyz or use in‑app controls to exercise rights.
To request permanent deletion of your account data, email legal@hiava.xyz with the subject line “Data Deletion Request.” We will process your request within 30 days and confirm completion by email. We will delete or de‑identify personal data from our active systems except where retention is required or permitted by law, needed for security or fraud prevention, or necessary to resolve ongoing disputes. Copies of data may remain for a limited period in backups, logs, or partner systems until overwritten or deleted in the ordinary course.
Only individuals aged 13 or older may use the Services, and users under 18 may do so only as supervised household members under an adult account holder’s profile (see Section 2). We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected data from a child under 13, please contact us at legal@hiava.xyz and we will promptly delete the information.
Ava is not a medical device or covered entity under HIPAA. Do not input medical diagnoses, prescriptions, or other Protected Health Information (PHI).
Ava is not a financial advisor, bank, or licensed financial institution. Do not input sensitive financial information such as bank account numbers, full credit or debit card numbers, Social Security Numbers, tax returns, or investment account details. Ava is not designed to store, process, or safeguard regulated financial data, and we disclaim all liability for any such data you choose to submit.
Ava’s AI only generates suggestions when prompted by you. We do not unilaterally take actions that create legal effects without your opt‑in.
The use of raw or derived user data received from Workspace APIs will adhere to the Google User Data Policy, including the Limited Use requirements.
We are not responsible for external platforms linked or integrated.
We will post material changes at least 15 days before they take effect.
California “Shine the Light.” We do not share personal information with third parties for their direct marketing.
Nevada SB 220. We do not sell covered information as defined by Nevada law.
U.S. State Privacy Laws. Certain U.S. states may grant residents privacy rights under laws such as the California Consumer Privacy Act, Colorado Privacy Act, Connecticut Data Privacy Act, Delaware Personal Data Privacy Act, Florida Digital Bill of Rights, Indiana Consumer Data Protection Act, Iowa Consumer Data Protection Act, Maryland Online Data Privacy Act, Minnesota Consumer Data Privacy Act, Montana Consumer Data Privacy Act, Nebraska Data Privacy Act, New Hampshire Privacy Act, New Jersey Data Privacy Act, Oregon Consumer Privacy Act, Tennessee Information Protection Act, Texas Data Privacy and Security Act, Utah Consumer Privacy Act, and Virginia Consumer Data Protection Act. To the extent these laws apply to Ava’s Services and processing activities, residents of those states may contact legal@hiava.xyz to exercise applicable rights.
Brazil LGPD. Data subjects may exercise LGPD rights via §9.
EU DPO. legal@hiava.xyz
Your home deserves an assistant that is secure, respectful, and always on your side. That’s Ava—privacy by default, trust by design.