Skip to main content
This page summarizes how Bizzy handles your data — what’s isolated, what’s encrypted, what AI can and can’t see, and how deletion works. For legal terms, see the privacy policy and data processing addendum.

Organization-level isolation

Every record in Bizzy — contacts, messages, files, agents, automations — belongs to exactly one organization, and all access is scoped to it. Members of one organization can never see another organization’s data, and agent retrieval enforces the same boundary on every query. See Organizations.

Account security

You control how your team signs in and what programmatic access exists:

Encryption in transit

All traffic between your browser (or API and MCP clients) and Bizzy is encrypted in transit over HTTPS/TLS.

Connected email accounts

Email accounts connect through OAuth 2.0 — Bizzy never sees or stores your email password, and you can revoke access at any time from Bizzy or from your Google or Microsoft account settings. See Connect Email.

What AI agents can access

Agents operate inside your organization only, and within it you decide what they can touch:
  • Files are invisible to agents by default. A file is only retrievable after you turn on its Agent access flag; folders can be excluded wholesale. See RAG Indexing.
  • Every action is permission-gated. Each tool an agent can use is set to allow, ask, or deny — writes default to requiring your approval. See Tool Permissions.
  • Everything is auditable. Full transcripts of every agent conversation, including tool calls and approvals, are retained for review. See Transcripts.
  • No training on your data. Your data is not used to train foundation AI models. See the AI disclosure for the providers involved and the full policy.

Payments

Subscription payments are processed by Stripe. Card details are entered into Stripe’s secure payment elements and sent directly to Stripe — Bizzy never sees or stores card numbers. Stripe Connect syncs for your own customers work the same way: Bizzy reads customer and transaction records via Stripe’s API and never handles raw card data. See Stripe Connect.

Deletion and recovery

Deleting records in Bizzy removes them from your view and from agent retrieval. Deletion is soft — data is retained for a period so accidental deletions can be recovered. There is no self-serve restore today; contact support@bizzyco.ai to recover something. See File Deletion.

Reporting a vulnerability

Report suspected security vulnerabilities to support@bizzyco.ai and we’ll prioritize the investigation. Please give us a chance to fix an issue before disclosing it publicly.

Passkeys

Phishing-resistant sign-in

Two-Factor Auth

TOTP and backup codes

API Keys

Scoped programmatic access

Getting Support

Contact the team
Last modified on June 12, 2026